View Full Version : Persistant problem :(
Hello again... its been a while, but I'm sorry to say that I got infected again :(
About a 2 weeks ago the PC did not seem well.... I did the usual "safe mode" scans (SpybotS&D and Malwarebytes) and to my horror, discovered a Trojan. At the same time as me discovering this, my Paypal account was being robbed !!!
Paypal have reversed the transactions thankfully, but im scanning the computer daily and finding over 600 temp files in the space of about 5 mins and the same 9-10 tracing cookies.
Im out of my depth and did not dare with the combofix again until someone said so.
My FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Vince and Mel (administrator) on MUP-PC on 29-11-2014 00:40:29
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware.com) Z:\Program Files\SUPERAntiSpyware\SASCore64.exe
() Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Copyright 2013 SAMSUNG) Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
(TomTom) Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Copyright 2013 SAMSUNG) Z:\Program Files\samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Logitech Inc.) Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() Z:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() Z:\xampp\xampp-control.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apache Software Foundation) Z:\xampp\apache\bin\httpd.exe
() Z:\xampp\mysql\bin\mysqld.exe
(David Harris) Z:\xampp\MercuryMail\mercury.exe
(Apache Software Foundation) Z:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Samsung Link] => Z:\Program Files\samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-11-06] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\MountPoints2: {04b2f33c-2b97-11e4-8483-94de80c6bd4b} - L:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\MountPoints2: {04b2f372-2b97-11e4-8483-94de80c6bd4b} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\MountPoints2: {28c72aaa-4f75-11e3-af1a-806e6f6e6963} - D:\Run.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2733246317-1088891699-182487046-1000] => 127.0.0.1:80
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Z:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2733246317-1088891699-182487046-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\system32\\mscoree.dll (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\SysWOW64\\mscoree.dll (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\system32\\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\SysWOW64\\mscoree.dll (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\system32\\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - c:\windows\SysWOW64\\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7796727F-F0FD-46AE-8DB4-48D883925147}: [NameServer] 10.203.128.1 10.203.128.1
FireFox:
========
FF ProfilePath: C:\Users\Vince and Mel\AppData\Roaming\Mozilla\Firefox\Profiles\6a4e2qpg.default
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> Z:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2733246317-1088891699-182487046-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Vince and Mel\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-17]
FF StartMenuInternet: FIREFOX.EXE - z:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; z:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor4.0; Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-06-01] ()
R2 Samsung Link Service; Z:\Program Files\samsung\Samsung Link\Samsung Link.exe [616288 2014-11-06] (Copyright 2013 SAMSUNG)
R2 TomTomHOMEService; Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-07-31] (Vodafone) [File not signed]
R3 WinHttpAutoProxySvc; c:\windows\system32\\winhttp.dll [444416 2010-11-21] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; c:\windows\SysWOW64\\winhttp.dll [351232 2010-11-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed]
S3 etocdrv; C:\Windows\etocdrv.sys [14928 2013-04-16] (Giga-Byte Technology CO., LTD.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R1 SASDIFSV; z:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; z:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-12-11] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.)
S3 GPU-Z; \??\C:\Users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 00:40 - 2014-11-29 00:40 - 00019859 _____ () C:\Users\Vince and Mel\Desktop\FRST.txt
2014-11-29 00:39 - 2014-11-29 00:40 - 00000000 ____D () C:\FRST
2014-11-29 00:39 - 2014-11-29 00:38 - 02117632 _____ (Farbar) C:\Users\Vince and Mel\Desktop\FRST64.exe
2014-11-29 00:38 - 2014-11-29 00:38 - 02117632 _____ (Farbar) C:\Users\Vince and Mel\Downloads\FRST64.exe
2014-11-29 00:38 - 2014-11-29 00:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MUP-PC-Microsoft-Windows-7-Professional-(64-bit).dat
2014-11-29 00:37 - 2014-11-29 00:37 - 00001092 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-29 00:37 - 2014-11-29 00:37 - 00000000 ____D () C:\RegBackup
2014-11-29 00:37 - 2014-11-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-29 00:36 - 2014-11-29 00:36 - 04215584 _____ () C:\Users\Vince and Mel\Downloads\tweaking.com_registry_backup_setup (1).exe
2014-11-29 00:36 - 2014-11-29 00:36 - 04215584 _____ () C:\Users\Vince and Mel\Desktop\tweaking.com_registry_backup_setup (1).exe
2014-11-29 00:33 - 2014-11-29 00:33 - 04215584 _____ () C:\Users\Vince and Mel\Downloads\tweaking.com_registry_backup_setup.exe.eifgbx5.partial
2014-11-29 00:29 - 2014-11-29 00:29 - 00000197 _____ () C:\Windows\system32\2014-11-29-00-29-03.013-AvastVBoxSVC.exe-4420.log
2014-11-28 23:57 - 2014-11-28 23:57 - 00000197 _____ () C:\Windows\system32\2014-11-28-23-57-16.046-AvastVBoxSVC.exe-4440.log
2014-11-28 23:57 - 2014-11-28 23:57 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\SUPERAntiSpyware.com
2014-11-28 23:56 - 2014-11-28 23:56 - 20619128 _____ (SUPERAntiSpyware) C:\Users\Vince and Mel\Downloads\SUPERAntiSpyware.exe
2014-11-28 23:56 - 2014-11-28 23:56 - 00000866 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-28 23:56 - 2014-11-28 23:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-28 23:56 - 2014-11-28 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-28 21:05 - 2014-11-28 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-28 21:04 - 2014-11-28 21:10 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\mbar
2014-11-28 21:04 - 2014-11-28 21:04 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Vince and Mel\Downloads\mbar-1.08.2.1001.exe
2014-11-27 20:14 - 2014-11-27 20:14 - 00000247 _____ () C:\Windows\system32\2014-11-27-20-14-25.007-aswFe.exe-6256.log
2014-11-27 20:12 - 2014-11-27 20:14 - 00000247 _____ () C:\Windows\system32\2014-11-27-20-12-48.097-aswFe.exe-9984.log
2014-11-27 20:12 - 2014-11-27 20:12 - 00000197 _____ () C:\Windows\system32\2014-11-27-20-12-46.081-AvastVBoxSVC.exe-9356.log
2014-11-27 20:11 - 2014-11-27 20:11 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-27 20:11 - 2014-11-27 20:11 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-27 20:07 - 2014-11-27 20:07 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\backups
2014-11-27 19:11 - 2014-11-27 19:11 - 00001340 _____ () C:\Windows\PFRO.log
2014-11-27 19:09 - 2014-11-27 19:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vince and Mel\Downloads\HijackThis.exe
2014-11-27 19:09 - 2014-11-27 19:09 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-27 19:09 - 2014-11-27 19:09 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-27 19:09 - 2014-11-27 19:09 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-26 09:26 - 2014-11-26 09:26 - 00009329 _____ () C:\Users\Vince and Mel\Downloads\crib-sheet.zip
2014-11-26 09:26 - 2014-11-26 09:26 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\crib-sheet
2014-11-25 20:54 - 2014-11-29 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 20:54 - 2014-11-25 21:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 21:59 - 2014-11-28 21:52 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\auction home
2014-11-24 21:43 - 2014-11-24 21:42 - 75815342 _____ () C:\Users\Vince and Mel\Desktop\localise Final 1.mp4
2014-11-24 21:02 - 2014-08-15 13:45 - 00000099 _____ () C:\Users\Vince and Mel\Desktop\index.php
2014-11-24 21:00 - 2014-11-24 21:00 - 34639405 _____ () C:\Users\Vince and Mel\Desktop\localise 2.zip
2014-11-24 20:56 - 2014-11-28 22:03 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Audacity
2014-11-24 20:53 - 2014-11-24 20:53 - 22892794 _____ (Audacity Team ) C:\Users\Vince and Mel\Downloads\audacity-win-2.0.6.exe
2014-11-24 20:53 - 2014-11-24 20:53 - 00000720 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-11-24 20:53 - 2014-11-24 20:53 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-11-23 15:14 - 2014-11-29 00:29 - 00163663 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 15:12 - 2014-11-29 00:26 - 00001232 _____ () C:\Windows\setupact.log
2014-11-23 15:12 - 2014-11-23 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 14:37 - 2014-11-23 14:37 - 00017009 _____ () C:\Users\Vince and Mel\AppData\Local\73586D66A5C240aaB52E6C2105E404E4.customer 62mmnew.lbx
2014-11-22 23:31 - 2014-11-22 23:31 - 04334128 _____ () C:\Users\Vince and Mel\Downloads\segoe_fonts_in_windows_8_by_yhynerson1-d4shtuj.zip
2014-11-22 23:31 - 2014-11-22 23:31 - 04334128 _____ () C:\Users\Public\Downloads\segoe_fonts_in_windows_8_by_yhynerson1-d4shtuj.zip
2014-11-22 23:31 - 2014-11-22 23:31 - 00000000 ____D () C:\Users\Public\Downloads\segoe_fonts_in_windows_8_by_yhynerson1-d4shtuj
2014-11-22 20:29 - 2014-11-22 20:28 - 04976456 _____ (Piriform Ltd) C:\Users\Public\Downloads\ccsetup419.exe
2014-11-22 20:28 - 2014-11-22 20:28 - 16409960 _____ (Safer Networking Limited ) C:\Users\Vince and Mel\Downloads\spybotsd162.exe
2014-11-22 20:28 - 2014-11-22 20:28 - 16409960 _____ (Safer Networking Limited ) C:\Users\Public\Downloads\spybotsd162.exe
2014-11-22 20:28 - 2014-11-22 20:28 - 04976456 _____ (Piriform Ltd) C:\Users\Vince and Mel\Downloads\ccsetup419.exe
2014-11-22 20:26 - 2014-11-22 20:26 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Vince and Mel\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-22 20:26 - 2014-11-22 20:26 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Vince and Mel\Downloads\mbam-setup-2.0.3.1025 - Copy.exe
2014-11-22 20:26 - 2014-11-22 20:26 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Public\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-22 00:51 - 2014-11-22 00:51 - 00003191 _____ () C:\Users\Vince and Mel\Downloads\attachment
2014-11-21 18:17 - 2014-11-21 18:17 - 03871120 _____ () C:\Users\Vince and Mel\Desktop\Final Art white Version Transparente 1.tif
2014-11-19 11:21 - 2014-11-22 09:28 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\2014_11_19
2014-11-19 11:21 - 2014-11-19 11:21 - 24928470 _____ () C:\Users\Vince and Mel\Desktop\IMG_0002.bmp
2014-11-19 01:16 - 2014-11-19 01:16 - 140049746 _____ () C:\Users\Vince and Mel\Downloads\CHILDPAD-FIRMWARE.rar
2014-11-19 01:16 - 2014-11-19 01:16 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\CHILDPAD-FIRMWARE
2014-11-18 23:35 - 2014-11-18 23:35 - 00914715 _____ () C:\Users\Vince and Mel\Downloads\Rockchip_Batch_Tool_v1.7.zip
2014-11-18 23:35 - 2014-11-18 23:35 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\Rockchip_Batch_Tool_v1.7
2014-11-18 23:32 - 2014-11-18 23:32 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\kasty-arnchilpadc-40-04 (1)
2014-11-18 23:29 - 2014-11-18 23:29 - 201380269 _____ () C:\Users\Vince and Mel\Downloads\kasty-arnchilpadc-40-04 (1).zip
2014-11-18 20:54 - 2014-11-18 20:54 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\AN7DG3-CP20121012OMA4.1
2014-11-18 20:53 - 2014-11-18 20:54 - 284408111 _____ () C:\Users\Vince and Mel\Downloads\AN7DG3-CP20121012OMA4.1.zip
2014-11-18 19:09 - 2014-11-18 19:09 - 01042302 _____ () C:\Users\Vince and Mel\Downloads\mam_1.0.0-beta+7.zip
2014-11-18 19:09 - 2014-11-18 19:09 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\mam_1.0.0-beta+7
2014-11-18 18:34 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 18:34 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 18:34 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 18:34 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 00:38 - 2014-11-18 16:33 - 00000000 ____D () C:\ProgramData\NupapUvemh
2014-11-18 00:38 - 2014-11-18 00:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-14 21:25 - 2014-11-14 21:25 - 00232512 _____ () C:\Users\Vince and Mel\Downloads\stats6.pptx
2014-11-14 21:25 - 2014-11-14 21:25 - 00209543 _____ () C:\Users\Vince and Mel\Downloads\stats4.pptx
2014-11-14 21:25 - 2014-11-14 21:25 - 00199143 _____ () C:\Users\Vince and Mel\Downloads\stats2.pptx
2014-11-14 21:25 - 2014-11-14 21:25 - 00184306 _____ () C:\Users\Vince and Mel\Downloads\stats5.pptx
2014-11-14 21:25 - 2014-11-14 21:25 - 00180890 _____ () C:\Users\Vince and Mel\Downloads\stats1.pptx
2014-11-14 21:25 - 2014-11-14 21:25 - 00136852 _____ () C:\Users\Vince and Mel\Downloads\stats3.pptx
2014-11-13 11:46 - 2014-11-13 11:46 - 00000000 __SHD () C:\Users\Vince and Mel\AppData\Local\EmieBrowserModeList
2014-11-13 03:18 - 2014-11-13 03:18 - 00017001 _____ () C:\Users\Vince and Mel\AppData\Local\82304890ABAF43e596AB7E8B74F8E572.customer 62mmnew.lbx
2014-11-12 06:00 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:00 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:00 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:00 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:00 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:00 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:00 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:00 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:00 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:00 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:00 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:00 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:00 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:00 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:00 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:00 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:00 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:00 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:00 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:00 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:00 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:00 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:00 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:00 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:00 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:00 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:00 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:00 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:00 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:00 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:00 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:00 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:00 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:00 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:00 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:00 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:00 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:00 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:00 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:00 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:00 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:00 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:00 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:00 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:00 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:00 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:00 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:00 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:00 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:00 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:00 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:00 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:00 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:00 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:00 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:00 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:00 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:00 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:00 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:00 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:00 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:00 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:00 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:00 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:00 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:00 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:00 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:00 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:00 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:00 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:00 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:00 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:00 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:00 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:00 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:00 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:00 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:00 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:00 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:00 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:00 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:00 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:00 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:00 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:00 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:00 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:00 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:00 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:00 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:00 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:00 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:00 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:00 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:00 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:00 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:00 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:00 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:00 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 15:28 - 2014-11-11 16:07 - 00000000 ____D () C:\Users\Vince and Mel\Documents\programming
2014-11-10 19:21 - 2014-11-10 19:21 - 00000000 _____ () C:\Users\Vince and Mel\Downloads\H6410620370.txt'
2014-11-10 17:54 - 2014-11-10 17:54 - 00029561 _____ () C:\Users\Vince and Mel\Downloads\assign2.zip
2014-11-07 16:42 - 2014-11-09 20:02 - 00043146 _____ () C:\Users\Vince and Mel\Desktop\SecureDownloadManager.log
2014-11-07 16:38 - 2014-11-29 00:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-07 16:38 - 2014-10-30 02:10 - 06880968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-07 16:38 - 2014-10-30 02:10 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-07 16:38 - 2014-10-30 02:10 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-07 16:38 - 2014-10-30 02:10 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-07 16:38 - 2014-10-30 02:10 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-07 16:38 - 2014-10-30 00:56 - 00614728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-07 16:38 - 2014-10-27 00:34 - 04066553 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-07 16:37 - 2014-10-30 08:56 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-07 16:37 - 2014-10-30 08:56 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-07 16:37 - 2014-10-30 08:56 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 24554824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 20966504 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 18497600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 13189832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-07 16:37 - 2014-10-30 04:53 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 04011840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00961224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00932168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00922944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00896144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00416912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-07 16:37 - 2014-10-30 04:53 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-11-07 16:35 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-07 16:35 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-07 16:35 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-07 16:35 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-07 16:35 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-07 16:35 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-06 03:17 - 2014-11-06 03:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-06 03:17 - 2014-11-06 03:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-11-05 21:54 - 2014-11-05 21:54 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-05 21:54 - 2014-11-05 21:54 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Oracle
2014-11-05 21:54 - 2014-11-05 21:53 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-05 21:54 - 2014-11-05 21:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-05 21:54 - 2014-11-05 21:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-05 21:53 - 2014-11-05 21:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-30 18:14 - 2014-10-30 18:14 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\sscrenshots
2014-10-30 18:13 - 2014-10-30 18:13 - 18042603 _____ () C:\Users\Vince and Mel\Downloads\sscrenshots.rar
2014-10-30 16:58 - 2014-09-17 06:20 - 00000744 _____ () C:\Users\Vince and Mel\Documents\ips.log
2014-10-30 16:54 - 2014-10-30 16:54 - 425064115 _____ () C:\Users\Vince and Mel\Documents\rcon.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 00:34 - 2009-07-14 05:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-29 00:34 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 00:34 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 00:27 - 2014-10-06 16:07 - 00000000 ___RD () C:\Users\Vince and Mel\Google Drive
2014-11-29 00:27 - 2014-10-06 16:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 00:26 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 00:19 - 2014-06-14 01:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 00:17 - 2013-11-25 10:35 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\internet protection
2014-11-28 23:42 - 2013-11-17 10:40 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Skype
2014-11-28 23:22 - 2014-10-06 16:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 23:06 - 2014-02-21 20:41 - 00000610 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2733246317-1088891699-182487046-1000.job
2014-11-28 21:32 - 2013-11-17 11:15 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\vlc
2014-11-28 21:05 - 2014-06-14 01:11 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-28 20:23 - 2013-11-17 10:49 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Xfire
2014-11-28 00:21 - 2014-04-29 23:11 - 00000600 _____ () C:\Users\Vince and Mel\AppData\Roaming\winscp.rnd
2014-11-27 20:09 - 2013-11-17 10:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-27 19:09 - 2014-07-09 16:14 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-27 19:09 - 2014-07-09 16:14 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-27 19:09 - 2013-11-17 10:55 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-27 19:09 - 2013-11-17 10:55 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-27 19:09 - 2013-11-17 10:55 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-27 19:09 - 2013-11-17 10:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-27 19:09 - 2013-11-17 10:55 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-27 19:09 - 2013-11-17 10:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-27 18:53 - 2014-04-20 08:09 - 01873920 ___SH () C:\Users\Vince and Mel\Desktop\Thumbs.db
2014-11-27 16:30 - 2014-06-09 15:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-26 16:30 - 2014-06-09 15:25 - 00003826 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1402327553
2014-11-26 08:36 - 2014-01-31 19:02 - 00000000 ___RD () C:\Users\Vince and Mel\Virtual Machines
2014-11-25 21:40 - 2014-03-06 17:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 21:40 - 2014-03-06 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 15:03 - 2013-11-25 10:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-23 14:40 - 2009-07-14 04:45 - 00590592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 03:21 - 2013-11-17 03:12 - 00126976 _____ () C:\Users\Vince and Mel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-21 17:35 - 2014-04-28 12:41 - 00000472 _____ () C:\Users\Vince and Mel\Desktop\remote server.txt
2014-11-20 00:56 - 2014-10-05 12:02 - 00000000 ____D () C:\Users\Vince and Mel\Documents\katie
2014-11-17 15:31 - 2014-02-21 20:41 - 00003648 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2733246317-1088891699-182487046-1000
2014-11-15 22:44 - 2014-06-11 21:59 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\temp
2014-11-15 17:17 - 2014-10-06 16:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 17:17 - 2014-10-06 16:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 03:00 - 2014-02-09 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-15 03:00 - 2013-11-18 16:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:02 - 2013-12-17 00:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:00 - 2013-12-17 00:06 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 16:38 - 2014-04-02 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-07 16:38 - 2014-04-02 21:13 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-07 16:38 - 2014-04-02 21:13 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-07 16:38 - 2014-04-02 21:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-07 16:37 - 2014-04-02 21:46 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\NVIDIA
2014-11-07 11:00 - 2013-12-27 12:08 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Local\Eclipse
2014-11-07 08:12 - 2014-07-11 21:11 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-07 08:12 - 2014-07-11 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-06 19:40 - 2014-04-27 18:42 - 00000600 _____ () C:\Users\Vince and Mel\AppData\Local\PUTTY.RND
2014-11-06 03:17 - 2014-10-06 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-05 21:55 - 2013-11-17 11:27 - 00000000 ____D () C:\Program Files\Java
2014-11-05 21:54 - 2013-12-21 16:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-05 21:26 - 2013-11-19 00:05 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\uTorrent
2014-11-05 21:07 - 2014-06-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 14:30 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 12:00 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 02:10 - 2014-04-02 21:13 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 01:38
==================== End Of Log ============================
My Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Vince and Mel at 2014-11-29 00:40:47
Running from C:\Users\Vince and Mel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS B13.0910.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B13.0910.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.0110 - Gigabyte)
APP Center (x32 Version: 1.14.0110 - Gigabyte) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
Brother P-touch Address Book 1.1 (HKLM-x32\...\{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2201 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{34A9C5A8-9BB6-4C57-A0D9-1DAAE175009E}) (Version: 1.0.0070 - Brother Industries, Ltd.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
ConvertXtoDVD 3.1.0.18 (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.1.0.18 - )
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Dropbox (HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 9.1.1.5 (07/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
EZSetupN B13.0628.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetupN B13.0628.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.0.3.1963 (HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline)
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.3.0 - Greenfoot Team)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version: - )
K-Lite Codec Pack 10.6.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MakeMKV v1.8.8 (HKLM-x32\...\MakeMKV) (Version: v1.8.8 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{5677B005-B609-4B5B-9F3C-132BB085D3CF}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Opera Stable 26.0.1656.24 (HKLM-x32\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Power CD+G Burner (HKLM-x32\...\{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1) (Version: - Doblon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RivaTuner Statistics Server 5.1.1 (HKLM-x32\...\RTSS) (Version: 5.1.1 - Unwinder)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Link 2.0.0.1411061504 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1411061504 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games)
Sid Meier's Railroads! (x32 Version: 1.00 - Firaxis Games) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.209.40724 - Vodafone)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xfire (HKLM-x32\...\Xfire) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-11-2014 18:34:31 Windows Update
19-11-2014 03:00:10 Windows Update
25-11-2014 08:57:16 Windows Update
27-11-2014 19:08:46 avast! antivirus system restore point
28-11-2014 16:55:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2014-07-07 23:37 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1B779F12-6659-4B90-A15E-21439DDC5D3F} - System32\Tasks\G2MUpdateTask-S-1-5-21-2733246317-1088891699-182487046-1000 => C:\Users\Vince and Mel\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-17] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {45192D5B-903B-416F-A0B0-6B8CDDF1CD2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5FBD3219-801B-4573-A748-B42F46F74190} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {61CD3F6F-83DD-4CDC-89EF-A9261EC74E44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {6BD3B797-EE60-4632-BD9A-B053B040D2B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {974CCBDD-8A98-48CF-B708-A59F29A0A1F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {9A7DCD71-8D63-494D-B2D2-3F6FB7173077} - System32\Tasks\{D33C49EA-3BFE-4E3E-844C-93C784E4F383} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
Task: {9ED45585-4891-4C62-9AC9-8F74A5A6141C} - System32\Tasks\{3E8FC120-1833-4FE9-A8BA-E86A1492C626} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
Task: {A174124A-7711-4BD8-9992-942C11FA5ABB} - System32\Tasks\Opera scheduled Autoupdate 1402327553 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-20] (Opera Software)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => c:\windows\system32\\aitagent.exe [2010-11-21] (Microsoft Corporation)
Task: {B4F44501-AF88-49BF-AFE3-681962AC2FD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {B7C3B0AF-15AC-43CB-A381-2F95846B74D1} - System32\Tasks\{1F3DDEC8-FCB5-4CFF-8EF7-1E3908F6EBFA} => Z:\Program Files (x86)\odbg110\OLLYDBG.EXE [2004-05-23] ()
Task: {C0E97ABA-2FE6-407E-89B2-8A7D4BDCAEA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {C6F25EBD-F2C6-4B21-8A28-43A9927BBFE5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-27] (AVAST Software)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => c:\windows\system32\\BthUdTask.exe [2009-07-14] (Microsoft Corporation)
Task: {F77B9417-F56D-42B7-BD90-7397A3069391} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2733246317-1088891699-182487046-1000.job => C:\Users\Vince and Mel\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-07 16:38 - 2014-10-30 02:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-17 11:22 - 2005-06-07 11:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-18 15:24 - 2012-06-18 15:24 - 00222720 _____ () z:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-17 03:04 - 2013-04-11 22:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2005-09-09 03:24 - 2005-09-09 03:24 - 00102400 _____ () Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2013-11-17 14:31 - 2014-06-01 18:55 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-17 14:31 - 2014-06-01 18:55 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-11 21:10 - 2014-11-06 15:04 - 00025088 _____ () Z:\Program Files\samsung\Samsung Link\JniSys.dll
2014-07-11 21:10 - 2014-11-06 15:04 - 02633728 _____ () Z:\Program Files\samsung\Samsung Link\scone_proxy.dll
2014-07-11 21:10 - 2014-11-06 15:04 - 02540544 _____ () Z:\Program Files\samsung\Samsung Link\scone_stub.dll
2013-12-21 10:25 - 2013-12-21 10:25 - 00036864 _____ () C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 10:26 - 2013-12-21 10:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2014-11-29 00:15 - 2014-11-29 00:15 - 00669696 _____ () C:\Windows\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll
2014-07-11 21:10 - 2014-11-06 15:04 - 00049664 _____ () Z:\Program Files\samsung\Samsung Link\JniIO.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-06-13 21:02 - 2013-06-17 09:42 - 02569216 _____ () Z:\xampp\xampp-control.exe
2014-06-13 21:02 - 2014-01-14 15:54 - 10966528 _____ () z:\xampp\mysql\bin\mysqld.exe
2014-11-28 20:10 - 2014-11-28 20:10 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14112801\algo.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-11-29 00:27 - 2014-11-29 00:27 - 00098816 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32api.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00110080 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\pywintypes27.dll
2014-11-29 00:27 - 2014-11-29 00:27 - 00364544 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\pythoncom27.dll
2014-11-29 00:27 - 2014-11-29 00:27 - 00045568 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\_socket.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 01160704 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\_ssl.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00320512 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32com.shell.shell.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00713216 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\_hashlib.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 01175040 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._core_.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00805888 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._gdi_.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00811008 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._windows_.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 01062400 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._controls_.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00735232 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._misc_.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00128512 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\_elementtree.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00127488 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\pyexpat.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00557056 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\pysqlite2._sqlite.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00087552 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\_ctypes.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00119808 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32file.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00108544 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32security.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00007168 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\hashobjs_ext.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00167936 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32gui.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00018432 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32event.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00038912 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32inet.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00011264 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32crypt.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00070656 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._html2.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00027136 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\_multiprocessing.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00035840 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32process.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00686080 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\unicodedata.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00122368 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._wizard.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00024064 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32pipe.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00025600 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32pdh.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00525640 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\windows._lib_cacheinvalidation.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00010240 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\select.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00017408 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32profile.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00022528 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\win32ts.pyd
2014-11-29 00:27 - 2014-11-29 00:27 - 00078336 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI58842\wx._animate.pyd
2014-06-13 21:02 - 2014-03-11 20:01 - 00217600 _____ () z:\xampp\apache\bin\pcre.dll
2014-06-13 21:02 - 2014-04-08 23:21 - 00128512 _____ () Z:\xampp\php\libpq.dll
2014-06-13 21:02 - 2014-03-11 20:01 - 00217600 _____ () Z:\xampp\apache\bin\pcre.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-11-17 03:01 - 2013-04-11 15:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2733246317-1088891699-182487046-500 - Administrator - Disabled)
Guest (S-1-5-21-2733246317-1088891699-182487046-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2733246317-1088891699-182487046-1006 - Limited - Enabled)
Vince and Mel (S-1-5-21-2733246317-1088891699-182487046-1000 - Administrator - Enabled) => C:\Users\Vince and Mel
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2014 00:27:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x960
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Error: (11/23/2014 03:17:08 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 8932. Message ID: [0x2509].
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
Context: Windows Application, SystemIndex Catalog
Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)
Error: (11/23/2014 03:12:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (11/29/2014 00:27:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
Error: (11/29/2014 00:26:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (11/29/2014 00:19:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/29/2014 00:17:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 16269.48 MB
Available physical RAM: 12727.96 MB
Total Pagefile: 32537.15 MB
Available Pagefile: 28246.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:21.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Pictures and Films) (Fixed) (Total:292.97 GB) (Free:39.13 GB) NTFS
Drive g: (Software) (Fixed) (Total:390.62 GB) (Free:203.77 GB) NTFS
Drive z: (Installs) (Fixed) (Total:488.28 GB) (Free:284.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 336F127B)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3D937C41)
Partition: GPT Partition Type.
==================== End Of Log ============================
My aswMBR.txt
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-29 00:45:26
-----------------------------
00:45:26.443 OS Version: Windows x64 6.1.7601 Service Pack 1
00:45:26.443 Number of processors: 8 586 0x3C03
00:45:26.443 ComputerName: MUP-PC UserName:
00:45:26.633 Initialize success
00:45:26.643 VM: initialized successfully
00:45:26.643 VM: Intel CPU supported
00:45:34.643 VM: disk I/O iaStorA.sys
00:45:37.483 AVAST engine defs: 14112801
00:45:44.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000082
00:45:44.463 Disk 0 Vendor: OCZ_____ 3.55 Size: 114473MB BusType: 11
00:45:44.463 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000083
00:45:44.473 Disk 1 Vendor: ST320006 CC14 Size: 1907729MB BusType: 11
00:45:44.483 Disk 0 MBR read successfully
00:45:44.483 Disk 0 MBR scan
00:45:44.493 Disk 0 Windows 7 default MBR code
00:45:44.503 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048
00:45:44.503 Disk 0 default boot code
00:45:44.513 Disk 0 scanning C:\Windows\system32\drivers
00:45:46.693 Service scanning
00:45:51.663 Modules scanning
00:45:51.673 Disk 0 trace - called modules:
00:45:51.683 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
00:45:51.693 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d463790]
00:45:51.703 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800d21fc50]
00:45:51.703 5 iaStorF.sys[fffff88001813aa4] -> nt!IofCallDriver -> \Device\00000082[0xfffffa800d0cf800]
00:45:51.893 AVAST engine scan C:\Windows
00:45:52.293 AVAST engine scan C:\Windows\system32
00:46:37.953 AVAST engine scan C:\Windows\system32\drivers
00:46:41.233 AVAST engine scan C:\Users\Vince and Mel
00:47:26.723 AVAST engine scan C:\ProgramData
00:47:36.784 Disk 0 statistics 4840005/0/0 @ 50.68 MB/s
00:47:36.784 Scan finished successfully
00:48:04.854 Disk 0 MBR has been saved successfully to "C:\Users\Vince and Mel\Desktop\MBR.dat"
00:48:04.854 The log file has been saved successfully to "C:\Users\Vince and Mel\Desktop\aswMBR.txt"
I hope you can see a problem to fix.
Thanks in advance for any help you can give.
Vince
I did the usual "safe mode" scans (SpybotS&D and Malwarebytes) and to my horror, discovered a Trojan.
Can you give the name of the file and location?
I found traces of evilhookv1.exe on your computer, you know anything about this?
VirusTotal (https://www.virustotal.com/en/file/de5532ee858303fa92190a80f7cc7fc18bcc7547e0bfa259ff0feefe7c63cbd1/analysis/1265124766/)
evilhookv1.exe has been detected as malware by 33 anti-virus scanners (http://www.herdprotect.com/evilhookv1.exe-c133ea61e133be32054a0dbd497eb89fa8470687.aspx)
~~~~~~~~~~~~~~~
http://i.imgur.com/goGMWSt.gifBACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10063)
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.
When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063)
Help: I Got Hacked. Now What Do I Do? (http://technet.microsoft.com/library/cc512587.aspx)
Where to draw the line? When to recommend a format and reinstall? (http://miekiemoes.blogspot.co.uk/2008/06/malware-removal-where-to-draw-line.html)
~~~~~~~~~~~~
Let's remove the task associated with this.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
Task: {9A7DCD71-8D63-494D-B2D2-3F6FB7173077} - System32\Tasks\{D33C49EA-3BFE-4E3E-844C-93C784E4F383} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
Task: {9ED45585-4891-4C62-9AC9-8F74A5A6141C} - System32\Tasks\{3E8FC120-1833-4FE9-A8BA-E86A1492C626} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
http://thespykiller.co.uk/files/adwcleaner_download.png
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~`
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Thanks for the support its really appreciated
I have been an administrator for one of the call of duty 4 (COD4) servers for a number of years... one tactic used to identify cheats was to use evilhook (it has a inbuilt cheat detector).
I think I tried to use it when I installed W7, but it did not launch correctly when COD4 started.... that was a very long time ago now...
Regarding the Trojan.... I was in safe mode... spybot had found lots of problems.... nothing really standing out... tracing cookies.... After the scan using spybot I did a scan with malwarebytes. Malware bytes found the Trojan and I have attached the log that it produced at the time.
Malwarebytes log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18/11/2014
Scan Time: 16:40:25
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.18.05
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Vince and Mel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323077
Time Elapsed: 3 min, 49 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Trojan.Agent, C:\ProgramData\Windows Genuine Advantage\{6E07C491-2E0A-4F91-825D-7042A9CC2B2E}\api-ms-win-system-qwave-l1-1-0.dll, , [ac91083590ecce6868efd70f09f8f709],
Physical Sectors: 0
(No malicious items detected)
(end)
My fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2014
Ran by Vince and Mel at 2014-11-30 16:29:43 Run:1
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
Task: {9A7DCD71-8D63-494D-B2D2-3F6FB7173077} - System32\Tasks\{D33C49EA-3BFE-4E3E-844C-93C784E4F383} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
Task: {9ED45585-4891-4C62-9AC9-8F74A5A6141C} - System32\Tasks\{3E8FC120-1833-4FE9-A8BA-E86A1492C626} => Z:\Program Files (x86)\Release - EvilHook V1\EvilHookv1.exe [2009-11-23] ()
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A7DCD71-8D63-494D-B2D2-3F6FB7173077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A7DCD71-8D63-494D-B2D2-3F6FB7173077}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D33C49EA-3BFE-4E3E-844C-93C784E4F383} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D33C49EA-3BFE-4E3E-844C-93C784E4F383}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ED45585-4891-4C62-9AC9-8F74A5A6141C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ED45585-4891-4C62-9AC9-8F74A5A6141C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3E8FC120-1833-4FE9-A8BA-E86A1492C626} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E8FC120-1833-4FE9-A8BA-E86A1492C626}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
EmptyTemp: => Removed 460.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
My adwcleaner
# AdwCleaner v4.102 - Report created 30/11/2014 at 16:38:21
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Vince and Mel - MUP-PC
# Running from : C:\Users\Vince and Mel\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v29.0.1 (en-GB)
-\\ Opera v26.0.1656.24
*************************
AdwCleaner[R0].txt - [791 octets] - [30/11/2014 16:36:42]
AdwCleaner[S0].txt - [713 octets] - [30/11/2014 16:38:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [772 octets] ##########
My JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Vince and Mel on 30/11/2014 at 16:42:45.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/11/2014 at 16:45:24.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I have been an administrator for one of the call of duty 4 (COD4) servers for a number of years... one tactic used to identify cheats was to use evilhook (it has a inbuilt cheat detector).
I think I tried to use it when I installed W7, but it did not launch correctly when COD4 started.... that was a very long time ago now...
Since it's out of the ordinary to find this I felt it necessary to alert you, thanks for the info.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================
Thanks again, but I get the message
Congratulations, no cleanup is required!
Scan Finished: No malware found!
Should I have given elevated rights?
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17420
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 17059790848, free: 11932798976
Downloaded database version: v2014.11.30.07
Downloaded database version: v2014.11.30.01
=======================================
Initializing...
------------ Kernel report ------------
11/30/2014 20:00:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\z:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\z:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\xhcdrv.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\ViaHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\ssudbus.sys
\SystemRoot\system32\DRIVERS\ssudmdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8010106210
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000d8\
Lower Device Object: 0xfffffa801ac5f8c0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8010262060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a7\
Lower Device Object: 0xfffffa80101d6b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8010263060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a6\
Lower Device Object: 0xfffffa8010250a00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8010265790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a5\
Lower Device Object: 0xfffffa80101e4b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8010254060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a4\
Lower Device Object: 0xfffffa8010221b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800d463060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa800cd7c9c0
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800d3c9790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xfffffa800cd829c0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d3c9790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d3c92c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d3c9790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d206bf0, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800cd829c0, DeviceName: \Device\00000082\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 336F127B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 234436608
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800d463060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d463b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d463060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d207c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800cd7c9c0, DeviceName: \Device\00000083\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 3D937C41
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 72564139
GPT Header CurrentLba = 1 BackupLba 3907029167
GPT Header FirstUsableLba 34 LastUsableLba 3907029134
GPT Header Guid b791ed43-e577-4784-ad9f-528e38ea5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 0
Backup GPT header CurrentLba = 3907029167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
Backup GPT header Guid b791ed43-e577-4784-ad9f-528e38ea5
Backup GPT header Contains 128 partition entries starting at LBA 3907029135
Backup GPT header Partition entry size = 128
Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID e443b39d-fbc9-4a20-b5f3-1d5e1cc0a178
FirstLBA 264192 Last LBA 1024264191
Attributes 0
Partition Name Basic data partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 92d7dabd-62cd-46cc-8af7-d74d41735027
FirstLBA 1024264192 Last LBA 1638664191
Attributes 0
Partition Name Basic data partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 130041f4-4015-476c-b5f6-b47062559d84
FirstLBA 1638664192 Last LBA 2457864191
Attributes 0
Partition Name Basic data partition
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8010254060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801025a700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010254060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa801025a040, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8010221b60, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8010265790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010264040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010265790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010265040, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80101e4b60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8010263060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010263b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010263060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010264c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8010250a00, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8010262060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010262b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010262060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010264860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80101d6b60, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8010106210, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8015d25970, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010106210, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8014741c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa801ac5f8c0, DeviceName: \Device\000000d8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
and the mbam log
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2014.11.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Vince and Mel :: MUP-PC [administrator]
30/11/2014 20:00:51
mbar-log-2014-11-30 (20-00-51).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328958
Time elapsed: 4 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
This looks good on my end, no alerts and nothing suspicious.
What concerns do you have?
Ill do the safe mode scans again and let you know what I find.
Ill post back in half an hour or so.
Not sure yet :(
Spybot identified There were a 700+ temp files of which 1 could not be deleted and after, Malwarebytes found nothing.
1189011891
Now that I have cleared the system and been back online, im going to go do the safe mode scan again and see if anything has come back.
Still not sure :(
Spybot comes back clean :) but there are 300+ temp files of which 1 could not be deleted
118941189311895
The temp file was in use so thats not an issue.
These screen shots are for temp files and cookies.....These are collected daily and follow your web browsing.
Fix It For Me (http://support.microsoft.com/kb/260897)
Thanks for the reassurance Juliet :)
I think I was a little concerned by the amount of temp files that are created after I have deleted them all.
333 in about 5 mins now.
Previously 700+
I ran the fix it and will scan again when I return later this afternoon. I will post back any findings.
Thanks again
Vince
Please Run TFC by OldTimer to clear temporary files:
TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe ) and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Thanks again Juliet
I used TFC and then went to safe mode and scanned with Spybot. It found 9 tracking cookies.
TFC log
Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Vince and Mel
->Temp folder emptied: 46857397 bytes
->Temporary Internet Files folder emptied: 134624565 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 14571520 bytes
->Flash cache emptied: 1434 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1014002 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 99 bytes
Process complete!
Total Files Cleaned = 188.00 mb
Once Spybot had finished I reloaded windows and sat at the desktop for 5 mins.
I then exited back to safe mode and scanned again.
11899 11898
Maybe I'm being over paranoid.... but 300+ temp files for going to my desktop... just seems excessive?
Are you experiencing anything abnormal or malware related?
I've asked one of the administrators to look in and give me an opinion.
Honestly no....
Once you removed evilhook from the system, the tell that something was wrong had gone... thanks
I probably am paranoid (being robbed does not help)... the only "odd" behaviour that I have noticed has been my tabs in IE11. I cannot pull a tab out anymore (in a window of its own).
That and the large amount of temp files.
The IE settings
Change or reset Internet Explorer settings (http://windows.microsoft.com/en-us/internet-explorer/reset-ie-settings#ie=ie-11)
Let me know if this helps :)
Which version of Spybot do you have?
http://www.safer-networking.org/shop/
Post #5
"Should I have given elevated rights?"
How can I get administrator rights under Windows Vista / Windows 7 / Windows 8? (http://forums.spybot.info/showthread.php?t=55946)
If you run it again with elevated permissions and that doesn't resolve the issue please post in the Spybot forum providing a link to his malware topic.
http://forums.spybot.info/forumdisplay.php?4-Spybot
I tried the reset IE but still have the same problem with not being able to drag out tabs to a new window... they move from side to side, but will not leave the box :sad:
I tried running mbam again with elevated rights, it gave the same result.
I forgot to say last time that it said about appInit.dll's and to hit no if not sure... that's what I did... and again this time.
I'm using Spybot 1.6.2.46
Did you want me to post in the spybot forum?
I thought you had asked about running SpyBot and elevated rights?
I don't know whats happened to IE. The below link is a good read, look it over and see if this will help.
http://www.sevenforums.com/tutorials/119348-internet-explorer-tabs-drag-drop.html
~~~~~~~~~~~~~
Open Internet Explorer, click on the “gear icon” in the upper right part of your browser, then click again on Internet Options.
In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now need to close your browser,
http://i.imgur.com/b8zkrsY.pngBrowser Reset
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpgFirefox: Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Chrome: Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
Proceed with the reset once done.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
All my scans with Spybot were from safe mode.
Since it's Spybot running from safe mode, and keeps finding these temp files, for right now post in the http://forums.spybot.info/forumdisplay.php?4-Spybot
Let's see if they can answer why these temp files keep spawning.
As for malware related, I don't think so.
Let me know if your ready to remove disinfect tools and quarantine folders., then I can share preventive tips.
I have posted in the spybot forum
http://forums.spybot.info/showthread.php?71618-Persistent-problem-continued-(
I will give you a shout when they let me go :)
Thanks again for your help.
Vince
Hello again
The cause of the lag I was feeling I suspect was due (rather embarrassingly) to me and how I had set up my email server (mercury/32)
My server was setup as a relay... I had over 280,000 jobs to complete, outstanding... then later... I had issues with my recycle bin.... without thinking that the files would take a while to delete. (doh)
Seems to be ok now... there was an issue with some flash applications.... causing a error box to come and report an error on line... I have disabled active x filtering and that seems to have sorted it. Sorry I cannot tell you more... there was one of these tic boxes there to stop it coming up again and I used it :(
Vince
Oh and the unremovable files are ok :)
Mainly relating to googledrive
I don't think theres anyone out there who knows absolutely everything. When it comes to computers there is something in the 'always need to know' category.
Let's remove tools and quarantine folders.
http://i.imgur.com/AFZxnZc.jpg DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~
Your good to go!
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Thanks again
I really have been a fool over this whole thing... :(
In the middle of all this I noticed that my PC was almost out of space.... My PF was auto managed and was up at 64GB... some resetting later and is back at a more acceptable 6GB and yes I have some space again.
I then noticed that my iexplorer.exe 32 in the task manager was always increasing... and when it got to 600,000k + I was getting the flash errors.
When I noticed the issue of files not being deleted I tried a number of applications to find any problems. Super Anti Spyware was one. During some clean boot testing I noticed the SAS core was responsible :sad: Uninstalled SAS and seem to be a getting constant memory size.
I sincerely thank you for all your efforts and tolerance.
Vince
Today... I think I was a bit hasty in blaming SAS core as im up at 600,000+k again :(
I had this tab and 2 other open
When I close the other 2 tabs that I had open this page apparently takes up 200,000+k
Agghhhhhhhhh..... maybe im one of those people that should not be allowed near a computer :headshot:
Don't know whats going on.
Do you have the latest updates for IE?
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
Thanks Juliet
I have automatic updates on.. does that cover IE also?
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17/12/2014
Scan Time: 17:35:32
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.17.03
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Vince and Mel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341336
Time Elapsed: 4 min, 52 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
I have automatic updates on.. does that cover IE also?
If windows is updating it will cover or alert for updates for Internet Explorer
How old is this computer?
not very... it is a machine I put together back in April, it had a clean install of W7 then.
i7 4770... 16GB RAM... SSD + traditional.
I just noticed in the update centre, there is an update for IE11
11936
Ill give it a go and let you know if there is any improvement.
:(
Don't know what to do (apart from reinstall)... after doing the update I still have an increasing iexplorer.exe *32.
I had 5 tabs open and was up at 900,000+k. I reduced down to 1 tab and it was 500,000+k on its own.
Let's try a couple of things
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download MiniToolBox http://www.bleepingcomputer.com/download/minitoolbox/
save it to your desktop and run it.
Checkmark the following check-boxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using Reset FF Proxy Settings option Firefox should be closed.
~~~~~~~~~~~~~~~~~~
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
MiniToolBox by Farbar Version: 30-11-2014
Ran by Vince and Mel (administrator) on 18-12-2014 at 21:56:59
Running from "C:\Users\Vince and Mel\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
ProxyServer: 127.0.0.1:80
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Mup-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 94-DE-80-C6-BD-4B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.146(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 17 December 2014 19:40:27
Lease Expires . . . . . . . . . . : 19 December 2014 19:40:28
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:9:30f:3f57:fe6d(Preferred)
Link-local IPv6 Address . . . . . : fe80::9:30f:3f57:fe6d%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: BTBusinessHub.home
Address: 192.168.1.254
Name: google.com
Addresses: 2a00:1450:4009:80d::2000
216.58.208.32
Pinging google.com [216.58.208.32] with 32 bytes of data:
Reply from 216.58.208.32: bytes=32 time=18ms TTL=52
Reply from 216.58.208.32: bytes=32 time=19ms TTL=52
Ping statistics for 216.58.208.32:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 19ms, Average = 18ms
Server: BTBusinessHub.home
Address: 192.168.1.254
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=107ms TTL=45
Reply from 98.139.183.24: bytes=32 time=106ms TTL=45
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 106ms, Maximum = 107ms, Average = 106ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...94 de 80 c6 bd 4b ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.146 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.146 266
192.168.1.146 255.255.255.255 On-link 192.168.1.146 266
192.168.1.255 255.255.255.255 On-link 192.168.1.146 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.146 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.146 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:6ab8:9:30f:3f57:fe6d/128
On-link
12 306 fe80::/64 On-link
12 306 fe80::9:30f:3f57:fe6d/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/11/2014 03:24:45 AM) (Source: MsiInstaller) (User: Mup-PC)
Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/07/2014 00:37:36 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 4524
Start Time: 01d011b1a5c7bb3b
Termination Time: 230
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (12/04/2014 04:15:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x545ad2f4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000007793000a
Faulting process id: 0x37cc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/03/2014 10:51:18 PM) (Source: Application Hang) (User: )
Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 34e4
Start Time: 01d00f4b86541798
Termination Time: 8
Application Path: Z:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Report Id: e24f9f9f-7b3e-11e4-9a97-94de80c6bd4b
Error: (12/03/2014 11:45:07 AM) (Source: Application Hang) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1ed0
Start Time: 01d00eede9d4c045
Termination Time: 7987
Application Path: C:\Windows\system32\mmc.exe
Report Id: cd5fb5a9-7ae1-11e4-9a97-94de80c6bd4b
Error: (12/01/2014 05:50:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xaf0
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
System errors:
=============
Error: (12/18/2014 09:42:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (12/18/2014 09:42:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (12/18/2014 09:42:14 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (12/18/2014 03:37:04 PM) (Source: DCOM) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (12/18/2014 03:35:26 PM) (Source: DCOM) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (12/18/2014 03:31:20 PM) (Source: DCOM) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (12/18/2014 03:28:39 PM) (Source: DCOM) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (12/18/2014 02:06:43 PM) (Source: Service Control Manager) (User: )
Description: The Samsung Link Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/18/2014 00:13:33 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (12/18/2014 00:13:33 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Microsoft Office Sessions:
=========================
@BIOS B13.0910.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B13.0910.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 4.0 (x32 Version: 4.0 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte)
APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Address Book 1.1 (HKLM-x32\...\{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2201 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{34A9C5A8-9BB6-4C57-A0D9-1DAAE175009E}) (Version: 1.0.0070 - Brother Industries, Ltd.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
ConvertXtoDVD 3.1.0.18 (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.1.0.18 - )
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Definition Update for Microsoft Office 2013 (KB2910926) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{47538089-58B5-4734-9F82-E5F942AD20CB}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 9.1.1.5 (07/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
EZSetupN B13.0628.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetupN B13.0628.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.3.0 - Greenfoot Team)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version: - )
K-Lite Codec Pack 10.6.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
MakeMKV v1.8.8 (HKLM-x32\...\MakeMKV) (Version: v1.8.8 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.3205.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{5677B005-B609-4B5B-9F3C-132BB085D3CF}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visio MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Control Panel 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.69 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1284 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.69 (Version: 16.13.69 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.69 (Version: 16.13.69 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.69 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.26 (Version: 1.2.26 - NVIDIA Corporation) Hidden
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Power CD+G Burner (HKLM-x32\...\{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1) (Version: - Doblon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RivaTuner Statistics Server 5.1.1 (HKLM-x32\...\RTSS) (Version: 5.1.1 - Unwinder)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Link 2.0.0.1412161531 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1412161531 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games)
Sid Meier's Railroads! (x32 Version: 1.00 - Firaxis Games) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2910927) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{A10D670F-5DD5-414E-8BAE-002D82F5E554}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{6D771289-E5A7-442F-82B5-5EC4217AEF03}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881008) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.VISPROR_{F5947EDE-072C-4150-9EE3-3AFDD8618458}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881008) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{F5947EDE-072C-4150-9EE3-3AFDD8618458}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889858) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{202F6657-15AD-4EAC-B922-24A46D6D7DA3}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889938) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{6A5A7699-2234-4983-B8C9-643EF9F1CD95}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2899501) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{7CA9C76C-0CC2-4800-A1E1-1CA9F3FD8595}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{87F6726E-6F99-42F0-8E11-55D798E57DD5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.VISPROR_{042AAB16-8C59-4F9A-9462-F084C27F2AFC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.VISPROR_{9563A879-05D5-4B0C-9E1E-B04A215AB1EB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910922) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.VISPROR_{8DF0B383-831E-4268-A1A7-BC81B8E12C09}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910931) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{6C9BAEFB-B117-4BE3-BC1F-50089183F6BB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910931) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{6C9BAEFB-B117-4BE3-BC1F-50089183F6BB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920734) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.VISPROR_{35E324C9-A8DE-481E-BAE0-6CA6718A0430}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920734) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{35E324C9-A8DE-481E-BAE0-6CA6718A0430}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9913305E-D4AC-4D26-B30F-799D529FB282}) (Version: - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2910935) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{6D39C662-E6C2-4AC4-B7D8-24C628A1630F}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2910935) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.VISPROR_{6D39C662-E6C2-4AC4-B7D8-24C628A1630F}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2899502) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{ED32A190-6300-4146-9548-4B005A31B5DD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2899504) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{CEE35FF1-A822-452F-97F1-B43BD380A83C}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2910913) 32-Bit Edition (HKLM-x32\...\{90150000-0054-0409-0000-0000000FF1CE}_Office15.VISPROR_{C8DC55C7-59CC-4EDC-9AB2-925C9AF27664}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2910913) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{C8DC55C7-59CC-4EDC-9AB2-925C9AF27664}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.VISPROR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.209.40724 - Vodafone)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xfire (HKLM-x32\...\Xfire) (Version: - )
========================= Devices: ================================
========================= Memory info: ===================================
Percentage of memory in use: 27%
Total physical RAM: 16269.49 MB
Available physical RAM: 11751.15 MB
Total Pagefile: 20363.67 MB
Available Pagefile: 15032.49 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.39 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:111.79 GB) (Free:29.89 GB) NTFS
4 Drive f: (Pictures and Films) (Fixed) (Total:292.97 GB) (Free:38.9 GB) NTFS
5 Drive g: (Software) (Fixed) (Total:390.62 GB) (Free:203.77 GB) NTFS
7 Drive j: () (Removable) (Total:0.95 GB) (Free:0.09 GB) FAT
9 Drive z: (Installs) (Fixed) (Total:488.28 GB) (Free:282.78 GB) NTFS
========================= Users: ========================================
User accounts for \\MUP-PC
Administrator Guest Vince and Mel
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
and the tdss killer
22:00:52.0498 0x32d8 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
22:00:58.0448 0x32d8 ============================================================
22:00:58.0448 0x32d8 Current date / time: 2014/12/18 22:00:58.0448
22:00:58.0448 0x32d8 SystemInfo:
22:00:58.0448 0x32d8
22:00:58.0448 0x32d8 OS Version: 6.1.7601 ServicePack: 1.0
22:00:58.0448 0x32d8 Product type: Workstation
22:00:58.0448 0x32d8 ComputerName: MUP-PC
22:00:58.0448 0x32d8 UserName: Vince and Mel
22:00:58.0448 0x32d8 Windows directory: C:\Windows
22:00:58.0448 0x32d8 System windows directory: C:\Windows
22:00:58.0448 0x32d8 Running under WOW64
22:00:58.0448 0x32d8 Processor architecture: Intel x64
22:00:58.0448 0x32d8 Number of processors: 8
22:00:58.0448 0x32d8 Page size: 0x1000
22:00:58.0448 0x32d8 Boot type: Normal boot
22:00:58.0448 0x32d8 ============================================================
22:00:59.0038 0x32d8 KLMD registered as C:\Windows\system32\drivers\41326984.sys
22:00:59.0128 0x32d8 System UUID: {3724E686-B4EC-344F-79EA-D6EB53E02935}
22:00:59.0408 0x32d8 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:59.0428 0x32d8 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:59.0468 0x32d8 Drive \Device\Harddisk4\DR4 - Size: 0x3CA80000 ( 0.95 Gb ), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:00:59.0488 0x32d8 ============================================================
22:00:59.0488 0x32d8 \Device\Harddisk0\DR0:
22:00:59.0488 0x32d8 MBR partitions:
22:00:59.0488 0x32d8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
22:00:59.0488 0x32d8 \Device\Harddisk1\DR1:
22:00:59.0488 0x32d8 GPT partitions:
22:00:59.0488 0x32d8 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E443B39D-FBC9-4A20-B5F3-1D5E1CC0A178}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3D090000
22:00:59.0488 0x32d8 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {92D7DABD-62CD-46CC-8AF7-D74D41735027}, Name: Basic data partition, StartLBA 0x3D0D0800, BlocksNum 0x249F0000
22:00:59.0488 0x32d8 \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {130041F4-4015-476C-B5F6-B47062559D84}, Name: Basic data partition, StartLBA 0x61AC0800, BlocksNum 0x30D40000
22:00:59.0488 0x32d8 MBR partitions:
22:00:59.0488 0x32d8 \Device\Harddisk4\DR4:
22:00:59.0488 0x32d8 MBR partitions:
22:00:59.0488 0x32d8 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E5307
22:00:59.0488 0x32d8 ============================================================
22:00:59.0498 0x32d8 C: <-> \Device\Harddisk0\DR0\Partition1
22:00:59.0528 0x32d8 F: <-> \Device\Harddisk1\DR1\Partition2
22:00:59.0548 0x32d8 G: <-> \Device\Harddisk1\DR1\Partition3
22:00:59.0578 0x32d8 Z: <-> \Device\Harddisk1\DR1\Partition1
22:00:59.0588 0x32d8 ============================================================
22:00:59.0588 0x32d8 Initialize success
22:00:59.0588 0x32d8 ============================================================
22:01:44.0572 0x68e8 ============================================================
22:01:44.0572 0x68e8 Scan started
22:01:44.0572 0x68e8 Mode: Manual; SigCheck; TDLFS;
22:01:44.0572 0x68e8 ============================================================
22:01:44.0572 0x68e8 KSN ping started
22:01:58.0214 0x68e8 KSN ping finished: true
22:01:58.0744 0x68e8 ================ Scan system memory ========================
22:01:58.0744 0x68e8 System memory - ok
22:01:58.0744 0x68e8 ================ Scan services =============================
22:01:58.0784 0x68e8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:01:58.0854 0x68e8 1394ohci - ok
22:01:58.0864 0x68e8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:01:58.0884 0x68e8 ACPI - ok
22:01:58.0884 0x68e8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:01:58.0894 0x68e8 AcpiPmi - ok
22:01:58.0944 0x68e8 [ 2486C8E3F14496341E90CF2AB8BC82ED, F07D6004A182380C89C872A1CB55EA9FE33FF2FA828042A1B312865A658F05DA ] AdobeActiveFileMonitor4.0 Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
22:01:58.0964 0x68e8 AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic ( 1 )
22:02:01.0444 0x68e8 Detect skipped due to KSN trusted
22:02:01.0444 0x68e8 AdobeActiveFileMonitor4.0 - ok
22:02:01.0454 0x68e8 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:02:01.0484 0x68e8 AdobeARMservice - ok
22:02:01.0524 0x68e8 [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:02:01.0544 0x68e8 AdobeFlashPlayerUpdateSvc - ok
22:02:01.0554 0x68e8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:02:01.0584 0x68e8 adp94xx - ok
22:02:01.0594 0x68e8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:02:01.0614 0x68e8 adpahci - ok
22:02:01.0624 0x68e8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:02:01.0644 0x68e8 adpu320 - ok
22:02:01.0654 0x68e8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:02:01.0674 0x68e8 AeLookupSvc - ok
22:02:01.0684 0x68e8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
22:02:01.0704 0x68e8 AFD - ok
22:02:01.0714 0x68e8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
22:02:01.0724 0x68e8 agp440 - ok
22:02:01.0724 0x68e8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
22:02:01.0734 0x68e8 ALG - ok
22:02:01.0744 0x68e8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
22:02:01.0744 0x68e8 aliide - ok
22:02:01.0764 0x68e8 [ 5EE5E5DF9E92B3A5581B9DE7DCC05972, 6AD4D98F00C2B454807450EDB9ED3545BA91B608A853A59BDE7282808CBFF6B0 ] AllShare Framework DMS C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
22:02:01.0774 0x68e8 AllShare Framework DMS - detected UnsignedFile.Multi.Generic ( 1 )
22:02:04.0334 0x68e8 Detect skipped due to KSN trusted
22:02:04.0334 0x68e8 AllShare Framework DMS - ok
22:02:04.0354 0x68e8 [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:02:04.0404 0x68e8 AMD External Events Utility - ok
22:02:04.0414 0x68e8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
22:02:04.0434 0x68e8 amdide - ok
22:02:04.0444 0x68e8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:02:04.0464 0x68e8 AmdK8 - ok
22:02:04.0704 0x68e8 [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:02:05.0024 0x68e8 amdkmdag - ok
22:02:05.0054 0x68e8 [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:02:05.0084 0x68e8 amdkmdap - ok
22:02:05.0084 0x68e8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:02:05.0094 0x68e8 AmdPPM - ok
22:02:05.0104 0x68e8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:02:05.0114 0x68e8 amdsata - ok
22:02:05.0114 0x68e8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:02:05.0134 0x68e8 amdsbs - ok
22:02:05.0134 0x68e8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:02:05.0144 0x68e8 amdxata - ok
22:02:05.0144 0x68e8 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys
22:02:05.0164 0x68e8 AppID - ok
22:02:05.0164 0x68e8 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:02:05.0174 0x68e8 AppIDSvc - ok
22:02:05.0174 0x68e8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
22:02:05.0194 0x68e8 Appinfo - ok
22:02:05.0194 0x68e8 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:02:05.0204 0x68e8 Apple Mobile Device - ok
22:02:05.0204 0x68e8 [ 1C726705935E89FD59E652E4F09148D0, 5D72DB5C493ED48ACBD1A520283C7B16E656FB1E8B00885696C79A09FC37487D ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
22:02:05.0224 0x68e8 AppleCharger - ok
22:02:05.0224 0x68e8 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
22:02:05.0234 0x68e8 AppleChargerSrv - ok
22:02:05.0244 0x68e8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
22:02:05.0254 0x68e8 AppMgmt - ok
22:02:05.0254 0x68e8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
22:02:05.0264 0x68e8 arc - ok
22:02:05.0274 0x68e8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:02:05.0284 0x68e8 arcsas - ok
22:02:05.0294 0x68e8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:02:05.0304 0x68e8 aspnet_state - ok
22:02:05.0304 0x68e8 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
22:02:05.0324 0x68e8 aswHwid - ok
22:02:05.0324 0x68e8 [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:02:05.0334 0x68e8 aswMonFlt - ok
22:02:05.0344 0x68e8 [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
22:02:05.0354 0x68e8 aswRdr - ok
22:02:05.0354 0x68e8 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
22:02:05.0364 0x68e8 aswRvrt - ok
22:02:05.0384 0x68e8 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:02:05.0414 0x68e8 aswSnx - ok
22:02:05.0434 0x68e8 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:02:05.0444 0x68e8 aswSP - ok
22:02:05.0454 0x68e8 [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm C:\Windows\system32\drivers\aswStm.sys
22:02:05.0464 0x68e8 aswStm - ok
22:02:05.0474 0x68e8 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
22:02:05.0494 0x68e8 aswVmm - ok
22:02:05.0494 0x68e8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:02:05.0514 0x68e8 AsyncMac - ok
22:02:05.0514 0x68e8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
22:02:05.0524 0x68e8 atapi - ok
22:02:05.0534 0x68e8 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:02:05.0544 0x68e8 AtiHDAudioService - detected UnsignedFile.Multi.Generic ( 1 )
22:02:08.0084 0x68e8 Detect skipped due to KSN trusted
22:02:08.0084 0x68e8 AtiHDAudioService - ok
22:02:08.0134 0x68e8 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:02:08.0184 0x68e8 AudioEndpointBuilder - ok
22:02:08.0194 0x68e8 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:02:08.0224 0x68e8 AudioSrv - ok
22:02:08.0224 0x68e8 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:02:08.0234 0x68e8 avast! Antivirus - ok
22:02:08.0304 0x68e8 [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
22:02:08.0404 0x68e8 AvastVBoxSvc - ok
22:02:08.0414 0x68e8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:02:08.0424 0x68e8 AxInstSV - ok
22:02:08.0434 0x68e8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:02:08.0464 0x68e8 b06bdrv - ok
22:02:08.0464 0x68e8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:02:08.0484 0x68e8 b57nd60a - ok
22:02:08.0494 0x68e8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
22:02:08.0504 0x68e8 BDESVC - ok
22:02:08.0504 0x68e8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
22:02:08.0524 0x68e8 Beep - ok
22:02:08.0544 0x68e8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
22:02:08.0564 0x68e8 BFE - ok
22:02:08.0584 0x68e8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
22:02:08.0624 0x68e8 BITS - ok
22:02:08.0624 0x68e8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:02:08.0644 0x68e8 blbdrive - ok
22:02:08.0774 0x68e8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:02:08.0824 0x68e8 Bonjour Service - ok
22:02:08.0824 0x68e8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:02:08.0854 0x68e8 bowser - ok
22:02:08.0854 0x68e8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:02:08.0874 0x68e8 BrFiltLo - ok
22:02:08.0874 0x68e8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:02:08.0904 0x68e8 BrFiltUp - ok
22:02:08.0904 0x68e8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
22:02:08.0924 0x68e8 Browser - ok
22:02:08.0934 0x68e8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:02:08.0964 0x68e8 Brserid - ok
22:02:08.0964 0x68e8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:02:08.0984 0x68e8 BrSerWdm - ok
22:02:08.0984 0x68e8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:02:08.0994 0x68e8 BrUsbMdm - ok
22:02:09.0004 0x68e8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:02:09.0014 0x68e8 BrUsbSer - ok
22:02:09.0014 0x68e8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:02:09.0034 0x68e8 BTHMODEM - ok
22:02:09.0034 0x68e8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
22:02:09.0064 0x68e8 bthserv - ok
22:02:09.0074 0x68e8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:02:09.0094 0x68e8 cdfs - ok
22:02:09.0094 0x68e8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:02:09.0114 0x68e8 cdrom - ok
22:02:09.0114 0x68e8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
22:02:09.0134 0x68e8 CertPropSvc - ok
22:02:09.0144 0x68e8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
22:02:09.0154 0x68e8 circlass - ok
22:02:09.0164 0x68e8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
22:02:09.0184 0x68e8 CLFS - ok
22:02:09.0184 0x68e8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:02:09.0194 0x68e8 clr_optimization_v2.0.50727_32 - ok
22:02:09.0204 0x68e8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:02:09.0214 0x68e8 clr_optimization_v2.0.50727_64 - ok
22:02:09.0224 0x68e8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:02:09.0234 0x68e8 clr_optimization_v4.0.30319_32 - ok
22:02:09.0244 0x68e8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:02:09.0254 0x68e8 clr_optimization_v4.0.30319_64 - ok
22:02:09.0254 0x68e8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:02:09.0264 0x68e8 CmBatt - ok
22:02:09.0264 0x68e8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:02:09.0274 0x68e8 cmdide - ok
22:02:09.0284 0x68e8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
22:02:09.0314 0x68e8 CNG - ok
22:02:09.0314 0x68e8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:02:09.0324 0x68e8 Compbatt - ok
22:02:09.0324 0x68e8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:02:09.0344 0x68e8 CompositeBus - ok
22:02:09.0344 0x68e8 COMSysApp - ok
22:02:09.0364 0x68e8 [ 3A92DDB2F7B7FE2E71AA1418804EBC3C, 1B84033A6DDB9D371AC34F8D65AB0F729E8A77B0D26C8DCA0965CE265474BD64 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:02:09.0384 0x68e8 cphs - ok
22:02:09.0384 0x68e8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:02:09.0394 0x68e8 crcdisk - ok
22:02:09.0404 0x68e8 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:02:09.0414 0x68e8 CryptSvc - ok
22:02:09.0424 0x68e8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
22:02:09.0444 0x68e8 CSC - ok
22:02:09.0464 0x68e8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
22:02:09.0494 0x68e8 CscService - ok
22:02:09.0504 0x68e8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:02:09.0534 0x68e8 DcomLaunch - ok
22:02:09.0544 0x68e8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
22:02:09.0574 0x68e8 defragsvc - ok
22:02:09.0574 0x68e8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:02:09.0604 0x68e8 DfsC - ok
22:02:09.0604 0x68e8 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
22:02:09.0614 0x68e8 dg_ssudbus - ok
22:02:09.0624 0x68e8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:02:09.0644 0x68e8 Dhcp - ok
22:02:09.0644 0x68e8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
22:02:09.0664 0x68e8 discache - ok
22:02:09.0674 0x68e8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
22:02:09.0684 0x68e8 Disk - ok
22:02:09.0684 0x68e8 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:02:09.0694 0x68e8 dmvsc - ok
22:02:09.0704 0x68e8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:02:09.0714 0x68e8 Dnscache - ok
22:02:09.0724 0x68e8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
22:02:09.0744 0x68e8 dot3svc - ok
22:02:09.0754 0x68e8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
22:02:09.0774 0x68e8 DPS - ok
22:02:09.0784 0x68e8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:02:09.0794 0x68e8 drmkaud - ok
22:02:09.0814 0x68e8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:02:09.0834 0x68e8 DXGKrnl - ok
22:02:09.0844 0x68e8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
22:02:09.0864 0x68e8 EapHost - ok
22:02:09.0924 0x68e8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:02:09.0995 0x68e8 ebdrv - ok
22:02:10.0005 0x68e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
22:02:10.0015 0x68e8 EFS - ok
22:02:10.0025 0x68e8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:02:10.0065 0x68e8 ehRecvr - ok
22:02:10.0065 0x68e8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
22:02:10.0075 0x68e8 ehSched - ok
22:02:10.0095 0x68e8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:02:10.0115 0x68e8 elxstor - ok
22:02:10.0115 0x68e8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:02:10.0125 0x68e8 ErrDev - ok
22:02:10.0125 0x68e8 [ 84486624268E078255BC7AA47F0960BC, EC2540698B974572F0AC4A93D57C63295BAF66BF50F7416B9DFF5DE790EBDBE7 ] etdrv C:\Windows\etdrv.sys
22:02:10.0135 0x68e8 etdrv - ok
22:02:10.0135 0x68e8 [ EF2AF8BD9E97B190E0D0638E6B5AD753, 4B78FA6DE7730D6DCFB06C4B10F6F9A542DD7C105E589A9C5A69081B14412E39 ] etocdrv C:\Windows\etocdrv.sys
22:02:10.0145 0x68e8 etocdrv - ok
22:02:10.0155 0x68e8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
22:02:10.0185 0x68e8 EventSystem - ok
22:02:10.0195 0x68e8 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
22:02:10.0205 0x68e8 ew_hwusbdev - ok
22:02:10.0205 0x68e8 [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
22:02:10.0215 0x68e8 ew_usbenumfilter - ok
22:02:10.0225 0x68e8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
22:02:10.0255 0x68e8 exfat - ok
22:02:10.0255 0x68e8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:02:10.0285 0x68e8 fastfat - ok
22:02:10.0295 0x68e8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
22:02:10.0325 0x68e8 Fax - ok
22:02:10.0325 0x68e8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
22:02:10.0345 0x68e8 fdc - ok
22:02:10.0345 0x68e8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
22:02:10.0365 0x68e8 fdPHost - ok
22:02:10.0365 0x68e8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
22:02:10.0395 0x68e8 FDResPub - ok
22:02:10.0395 0x68e8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:02:10.0405 0x68e8 FileInfo - ok
22:02:10.0405 0x68e8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:02:10.0425 0x68e8 Filetrace - ok
22:02:10.0435 0x68e8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:02:10.0445 0x68e8 flpydisk - ok
22:02:10.0455 0x68e8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:02:10.0465 0x68e8 FltMgr - ok
22:02:10.0485 0x68e8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
22:02:10.0525 0x68e8 FontCache - ok
22:02:10.0525 0x68e8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:02:10.0535 0x68e8 FontCache3.0.0.0 - ok
22:02:10.0545 0x68e8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:02:10.0555 0x68e8 FsDepends - ok
22:02:10.0555 0x68e8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:02:10.0565 0x68e8 Fs_Rec - ok
22:02:10.0575 0x68e8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:02:10.0585 0x68e8 fvevol - ok
22:02:10.0595 0x68e8 [ 93B4985C920AFF429715CA7512DD8F16, 0E84F73B3802C7F791BCA57295A883983323116FA5A52FA561ED65E78B6F437C ] gadjservice C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
22:02:10.0595 0x68e8 gadjservice - detected UnsignedFile.Multi.Generic ( 1 )
22:02:13.0115 0x68e8 Detect skipped due to KSN trusted
22:02:13.0115 0x68e8 gadjservice - ok
22:02:13.0115 0x68e8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:02:13.0125 0x68e8 gagp30kx - ok
22:02:13.0135 0x68e8 [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv C:\Windows\gdrv.sys
22:02:13.0145 0x68e8 gdrv - ok
22:02:13.0145 0x68e8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:02:13.0155 0x68e8 GEARAspiWDM - ok
22:02:13.0175 0x68e8 [ 024299B2B0E1C11320A4592570D8DE20, 16FB3982E718F2834D1272D400F92AD6319A0C197227C5D61AF87B3C8D2D4759 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
22:02:13.0215 0x68e8 GfExperienceService - ok
22:02:13.0235 0x68e8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
22:02:13.0275 0x68e8 gpsvc - ok
22:02:13.0285 0x68e8 GPU-Z - ok
22:02:13.0295 0x68e8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:02:13.0305 0x68e8 gupdate - ok
22:02:13.0305 0x68e8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:02:13.0315 0x68e8 gupdatem - ok
22:02:13.0325 0x68e8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:02:13.0335 0x68e8 hcw85cir - ok
22:02:13.0345 0x68e8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:02:13.0365 0x68e8 HdAudAddService - ok
22:02:13.0365 0x68e8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:02:13.0385 0x68e8 HDAudBus - ok
22:02:13.0385 0x68e8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:02:13.0395 0x68e8 HidBatt - ok
22:02:13.0405 0x68e8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:02:13.0415 0x68e8 HidBth - ok
22:02:13.0415 0x68e8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
22:02:13.0435 0x68e8 HidIr - ok
22:02:13.0435 0x68e8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
22:02:13.0455 0x68e8 hidserv - ok
22:02:13.0465 0x68e8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:02:13.0475 0x68e8 HidUsb - ok
22:02:13.0475 0x68e8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:02:13.0505 0x68e8 hkmsvc - ok
22:02:13.0505 0x68e8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:02:13.0525 0x68e8 HomeGroupListener - ok
22:02:13.0525 0x68e8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:02:13.0545 0x68e8 HomeGroupProvider - ok
22:02:13.0545 0x68e8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:02:13.0555 0x68e8 HpSAMD - ok
22:02:13.0575 0x68e8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:02:13.0605 0x68e8 HTTP - ok
22:02:13.0615 0x68e8 [ 8F3C72B2B005BB9AF90D645EDDF818B8, 37D861D8848CA75B14F647A3FFF80E132E0DCD4709FE3A6E16EB99A5DCDBF5B4 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
22:02:13.0625 0x68e8 huawei_cdcacm - ok
22:02:13.0625 0x68e8 [ DDBB283835010E52E88AAC6995B617D7, 00BDD20B4C8DAEB1FCF545E453A09B473F19A99D1368DF8F63F0FA549766E466 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
22:02:13.0645 0x68e8 huawei_enumerator - ok
22:02:13.0645 0x68e8 [ 83D6CD158B6D543BD6C61D5FA6063E93, 01C3402A96EF9EBDE81A26CB2DA4268E594693426A894A4D53F6284220B2C7F5 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
22:02:13.0655 0x68e8 huawei_ext_ctrl - ok
22:02:13.0665 0x68e8 [ A2129F87FF7959A3B9850CA0F98F0AB0, D562153EC6CAC518B5A33252469B61FEC8A845EC4BD9452CFEEBDBD8C1C3103B ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
22:02:13.0675 0x68e8 huawei_wwanecm - ok
22:02:13.0675 0x68e8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:02:13.0685 0x68e8 hwpolicy - ok
22:02:13.0695 0x68e8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:02:13.0705 0x68e8 i8042prt - ok
22:02:13.0835 0x68e8 [ 0A34D806EF2767E62CAFEA1A150A8830, 2C5C9C0924C6AE379E3CD071E6687885006843A17742B083CE14719F666F7FE6 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
22:02:13.0875 0x68e8 iaStorA - ok
22:02:13.0875 0x68e8 [ 7281AED93FB30FDD1CBAF07591FA453A, BD912798D8E28AF27C5FE01455D97224013D30066E35230888E64D0AC346893F ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:02:13.0885 0x68e8 IAStorDataMgrSvc - ok
22:02:13.0885 0x68e8 [ 6EE3E8FB6C5B1DCC42464BF95F32AC7A, 1D2C3F474B200946F190C2ACD6BF2B2ABDBA16374675920E78280131EDB4ED8C ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
22:02:13.0895 0x68e8 iaStorF - ok
22:02:13.0905 0x68e8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:02:13.0925 0x68e8 iaStorV - ok
22:02:13.0935 0x68e8 [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
22:02:13.0955 0x68e8 ICCS - ok
22:02:13.0965 0x68e8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:02:13.0995 0x68e8 idsvc - ok
22:02:13.0995 0x68e8 IEEtwCollectorService - ok
22:02:14.0075 0x68e8 [ 5268F385C889BB942E0F9596DE83373F, 011280191EEF8053CD413734A0B08F5DF88CD8408CD8354AABF2216F4C59F921 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:02:14.0185 0x68e8 igfx - ok
22:02:14.0195 0x68e8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:02:14.0195 0x68e8 iirsp - ok
22:02:14.0215 0x68e8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
22:02:14.0245 0x68e8 IKEEXT - ok
22:02:14.0305 0x68e8 [ 6CB00AE4D2CEF52995D420656E02C30A, EDE13D7A650022CB75318159C57161F5FF9A128DB80D055555E6CB4F5F469EA4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:02:14.0375 0x68e8 IntcAzAudAddService - ok
22:02:14.0395 0x68e8 [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:02:14.0415 0x68e8 IntcDAud - ok
22:02:14.0425 0x68e8 [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:02:14.0455 0x68e8 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
22:02:16.0945 0x68e8 Detect skipped due to KSN trusted
22:02:16.0945 0x68e8 Intel(R) Capability Licensing Service Interface - ok
22:02:16.0995 0x68e8 [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
22:02:17.0025 0x68e8 Intel(R) Capability Licensing Service TCP IP Interface - ok
22:02:17.0035 0x68e8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
22:02:17.0045 0x68e8 intelide - ok
22:02:17.0045 0x68e8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:02:17.0055 0x68e8 intelppm - ok
22:02:17.0065 0x68e8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:02:17.0085 0x68e8 IPBusEnum - ok
22:02:17.0085 0x68e8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:02:17.0115 0x68e8 IpFilterDriver - ok
22:02:17.0125 0x68e8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:02:17.0155 0x68e8 iphlpsvc - ok
22:02:17.0155 0x68e8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:02:17.0165 0x68e8 IPMIDRV - ok
22:02:17.0175 0x68e8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:02:17.0195 0x68e8 IPNAT - ok
22:02:17.0205 0x68e8 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:02:17.0235 0x68e8 iPod Service - ok
22:02:17.0235 0x68e8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:02:17.0245 0x68e8 IRENUM - ok
22:02:17.0245 0x68e8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:02:17.0255 0x68e8 isapnp - ok
22:02:17.0265 0x68e8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:02:17.0285 0x68e8 iScsiPrt - ok
22:02:17.0285 0x68e8 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:02:17.0295 0x68e8 iusb3hcs - ok
22:02:17.0305 0x68e8 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
22:02:17.0315 0x68e8 iusb3hub - ok
22:02:17.0335 0x68e8 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:02:17.0365 0x68e8 iusb3xhc - ok
22:02:17.0365 0x68e8 [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:02:17.0385 0x68e8 jhi_service - ok
22:02:17.0385 0x68e8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:02:17.0395 0x68e8 kbdclass - ok
22:02:17.0395 0x68e8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:02:17.0415 0x68e8 kbdhid - ok
22:02:17.0415 0x68e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
22:02:17.0425 0x68e8 KeyIso - ok
22:02:17.0435 0x68e8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:02:17.0445 0x68e8 KSecDD - ok
22:02:17.0445 0x68e8 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:02:17.0465 0x68e8 KSecPkg - ok
22:02:17.0465 0x68e8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:02:17.0485 0x68e8 ksthunk - ok
22:02:17.0495 0x68e8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
22:02:17.0525 0x68e8 KtmRm - ok
22:02:17.0535 0x68e8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:02:17.0565 0x68e8 LanmanServer - ok
22:02:17.0565 0x68e8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:02:17.0595 0x68e8 LanmanWorkstation - ok
22:02:17.0595 0x68e8 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
22:02:17.0605 0x68e8 LGBusEnum - ok
22:02:17.0615 0x68e8 [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
22:02:17.0625 0x68e8 LGSHidFilt - ok
22:02:17.0625 0x68e8 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
22:02:17.0635 0x68e8 LGVirHid - ok
22:02:17.0635 0x68e8 [ FAAB52B7766409D702B99FE5553DC34F, 6856F3ACAD0A232C66DFB56237E05D7B8D51BE8B62C083C99607B33179BE5F8B ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:02:17.0645 0x68e8 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
22:02:20.0495 0x68e8 Detect skipped due to KSN trusted
22:02:20.0495 0x68e8 LightScribeService - ok
22:02:20.0505 0x68e8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:02:20.0555 0x68e8 lltdio - ok
22:02:20.0565 0x68e8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:02:20.0595 0x68e8 lltdsvc - ok
22:02:20.0605 0x68e8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:02:20.0625 0x68e8 lmhosts - ok
22:02:20.0635 0x68e8 [ 733736AF4929D0DFF65652B218C53888, 92CA45E11D829E8B52AB5D399D9B56D03B25C424F696C23F2B37E17D22E99E1E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:02:20.0645 0x68e8 LMS - ok
22:02:20.0655 0x68e8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:02:20.0665 0x68e8 LSI_FC - ok
22:02:20.0675 0x68e8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:02:20.0685 0x68e8 LSI_SAS - ok
22:02:20.0685 0x68e8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:02:20.0695 0x68e8 LSI_SAS2 - ok
22:02:20.0695 0x68e8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:02:20.0715 0x68e8 LSI_SCSI - ok
22:02:20.0715 0x68e8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
22:02:20.0735 0x68e8 luafv - ok
22:02:20.0745 0x68e8 [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
22:02:20.0765 0x68e8 LVRS64 - ok
22:02:20.0845 0x68e8 [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
22:02:20.0945 0x68e8 LVUVC64 - ok
22:02:20.0946 0x68e8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:02:20.0966 0x68e8 Mcx2Svc - ok
22:02:20.0966 0x68e8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
22:02:20.0976 0x68e8 megasas - ok
22:02:20.0986 0x68e8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:02:20.0996 0x68e8 MegaSR - ok
22:02:21.0006 0x68e8 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:02:21.0016 0x68e8 MEIx64 - ok
22:02:21.0016 0x68e8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
22:02:21.0046 0x68e8 MMCSS - ok
22:02:21.0046 0x68e8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
22:02:21.0066 0x68e8 Modem - ok
22:02:21.0076 0x68e8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:02:21.0086 0x68e8 monitor - ok
22:02:21.0086 0x68e8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:02:21.0096 0x68e8 mouclass - ok
22:02:21.0096 0x68e8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:02:21.0106 0x68e8 mouhid - ok
22:02:21.0116 0x68e8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:02:21.0126 0x68e8 mountmgr - ok
22:02:21.0126 0x68e8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
22:02:21.0146 0x68e8 mpio - ok
22:02:21.0146 0x68e8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:02:21.0166 0x68e8 mpsdrv - ok
22:02:21.0186 0x68e8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:02:21.0226 0x68e8 MpsSvc - ok
22:02:21.0236 0x68e8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:02:21.0246 0x68e8 MRxDAV - ok
22:02:21.0246 0x68e8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:02:21.0266 0x68e8 mrxsmb - ok
22:02:21.0266 0x68e8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:02:21.0286 0x68e8 mrxsmb10 - ok
22:02:21.0296 0x68e8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:02:21.0306 0x68e8 mrxsmb20 - ok
22:02:21.0306 0x68e8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
22:02:21.0316 0x68e8 msahci - ok
22:02:21.0326 0x68e8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:02:21.0336 0x68e8 msdsm - ok
22:02:21.0336 0x68e8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
22:02:21.0356 0x68e8 MSDTC - ok
22:02:21.0356 0x68e8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:02:21.0376 0x68e8 Msfs - ok
22:02:21.0386 0x68e8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:02:21.0406 0x68e8 mshidkmdf - ok
22:02:21.0406 0x68e8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:02:21.0416 0x68e8 msisadrv - ok
22:02:21.0416 0x68e8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:02:21.0446 0x68e8 MSiSCSI - ok
22:02:21.0446 0x68e8 msiserver - ok
22:02:21.0446 0x68e8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:02:21.0476 0x68e8 MSKSSRV - ok
22:02:21.0476 0x68e8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:02:21.0496 0x68e8 MSPCLOCK - ok
22:02:21.0496 0x68e8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:02:21.0516 0x68e8 MSPQM - ok
22:02:21.0526 0x68e8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:02:21.0546 0x68e8 MsRPC - ok
22:02:21.0546 0x68e8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:02:21.0556 0x68e8 mssmbios - ok
22:02:21.0556 0x68e8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:02:21.0586 0x68e8 MSTEE - ok
22:02:21.0586 0x68e8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:02:21.0596 0x68e8 MTConfig - ok
22:02:21.0596 0x68e8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
22:02:21.0606 0x68e8 Mup - ok
22:02:21.0616 0x68e8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
22:02:21.0656 0x68e8 napagent - ok
22:02:21.0656 0x68e8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:02:21.0686 0x68e8 NativeWifiP - ok
22:02:21.0706 0x68e8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
22:02:21.0726 0x68e8 NDIS - ok
22:02:21.0736 0x68e8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:02:21.0756 0x68e8 NdisCap - ok
22:02:21.0756 0x68e8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:02:21.0786 0x68e8 NdisTapi - ok
22:02:21.0786 0x68e8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:02:21.0806 0x68e8 Ndisuio - ok
22:02:21.0816 0x68e8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:02:21.0836 0x68e8 NdisWan - ok
22:02:21.0836 0x68e8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:02:21.0866 0x68e8 NDProxy - ok
22:02:21.0866 0x68e8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:02:21.0886 0x68e8 NetBIOS - ok
22:02:21.0896 0x68e8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:02:21.0916 0x68e8 NetBT - ok
22:02:21.0926 0x68e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
22:02:21.0936 0x68e8 Netlogon - ok
22:02:21.0936 0x68e8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
22:02:21.0966 0x68e8 Netman - ok
22:02:21.0976 0x68e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:02:21.0996 0x68e8 NetMsmqActivator - ok
22:02:21.0996 0x68e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:02:22.0006 0x68e8 NetPipeActivator - ok
22:02:22.0016 0x68e8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
22:02:22.0056 0x68e8 netprofm - ok
22:02:22.0056 0x68e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:02:22.0076 0x68e8 NetTcpActivator - ok
22:02:22.0076 0x68e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:02:22.0086 0x68e8 NetTcpPortSharing - ok
22:02:22.0096 0x68e8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:02:22.0106 0x68e8 nfrd960 - ok
22:02:22.0106 0x68e8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:02:22.0126 0x68e8 NlaSvc - ok
22:02:22.0126 0x68e8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:02:22.0156 0x68e8 Npfs - ok
22:02:22.0156 0x68e8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
22:02:22.0176 0x68e8 nsi - ok
22:02:22.0176 0x68e8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:02:22.0206 0x68e8 nsiproxy - ok
22:02:22.0236 0x68e8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:02:22.0286 0x68e8 Ntfs - ok
22:02:22.0286 0x68e8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
22:02:22.0306 0x68e8 Null - ok
22:02:22.0316 0x68e8 [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:02:22.0326 0x68e8 NVHDA - ok
22:02:22.0606 0x68e8 [ 185B4FFECD886A424B57B58AE173FBBE, 7CFD51694091035639B900EC64FAD62CC1E5F3DC520F59CC27540B170A957C60 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:02:22.0886 0x68e8 nvlddmkm - ok
22:02:22.0946 0x68e8 [ D6A687B5E24257B5D3991C0D9BC45BBC, EFF23FD2C074A579CAF13C4846D1F0906D014F92517A4C6A359547F560CD296C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
22:02:22.0996 0x68e8 NvNetworkService - ok
22:02:23.0006 0x68e8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:02:23.0016 0x68e8 nvraid - ok
22:02:23.0016 0x68e8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:02:23.0036 0x68e8 nvstor - ok
22:02:23.0036 0x68e8 [ D6E22C63F1F2B2B5B5E95F70BEBDB2BC, 5BE351CB15218EBC7F0C9B5919A8949BD61FEC6182123B589DF50B44C8A3CA9E ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
22:02:23.0046 0x68e8 NvStreamKms - ok
22:02:23.0426 0x68e8 [ C982FE172EA1C7B840C4243C5AB3F8BE, 7CC5BC1F9817E8E0910775FB1EC943345900829D4702538CA7A6138FDF0FAA7F ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
22:02:23.0816 0x68e8 NvStreamSvc - ok
22:02:23.0876 0x68e8 [ E1CE82592245B9E9621F17FBF457DB4E, 98B021623B10EBF7ED370BC2516D8377C09E9E2BB49BD96F492F55006B1B8CC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:02:23.0906 0x68e8 nvsvc - ok
22:02:23.0916 0x68e8 [ 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3, 4C3C36ADC9EC0FDED3E3FFC7918680B643652AD39458FAA8525392DAD0ABD845 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
22:02:23.0926 0x68e8 nvvad_WaveExtensible - ok
22:02:23.0926 0x68e8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:02:23.0936 0x68e8 nv_agp - ok
22:02:23.0946 0x68e8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:02:23.0976 0x68e8 odserv - ok
22:02:23.0976 0x68e8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:02:23.0986 0x68e8 ohci1394 - ok
22:02:23.0996 0x68e8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:02:24.0006 0x68e8 ose - ok
22:02:24.0246 0x68e8 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:02:24.0366 0x68e8 osppsvc - ok
22:02:24.0386 0x68e8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:02:24.0406 0x68e8 p2pimsvc - ok
22:02:24.0416 0x68e8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
22:02:24.0436 0x68e8 p2psvc - ok
22:02:24.0436 0x68e8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:02:24.0446 0x68e8 Parport - ok
22:02:24.0456 0x68e8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:02:24.0466 0x68e8 partmgr - ok
22:02:24.0466 0x68e8 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:02:24.0486 0x68e8 PcaSvc - ok
22:02:24.0496 0x68e8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
22:02:24.0506 0x68e8 pci - ok
22:02:24.0506 0x68e8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
22:02:24.0516 0x68e8 pciide - ok
22:02:24.0526 0x68e8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:02:24.0536 0x68e8 pcmcia - ok
22:02:24.0536 0x68e8 [ AF7CE12C4F3DC8CB2B07685C916BBCFE, 1AF47113778D411BF3CF82ACF428676908121B1F3252133A5F98E188ED1E9C6C ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
22:02:24.0556 0x68e8 pcouffin - ok
22:02:24.0556 0x68e8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
22:02:24.0566 0x68e8 pcw - ok
22:02:24.0576 0x68e8 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:02:24.0606 0x68e8 PEAUTH - ok
22:02:24.0636 0x68e8 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:02:24.0676 0x68e8 PeerDistSvc - ok
22:02:24.0696 0x68e8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:02:24.0716 0x68e8 PerfHost - ok
22:02:24.0746 0x68e8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
22:02:24.0806 0x68e8 pla - ok
22:02:24.0816 0x68e8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:02:24.0836 0x68e8 PlugPlay - ok
22:02:24.0836 0x68e8 PnkBstrA - ok
22:02:24.0836 0x68e8 PnkBstrB - ok
22:02:24.0846 0x68e8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:02:24.0856 0x68e8 PNRPAutoReg - ok
22:02:24.0866 0x68e8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:02:24.0886 0x68e8 PNRPsvc - ok
22:02:24.0896 0x68e8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:02:24.0926 0x68e8 PolicyAgent - ok
22:02:24.0936 0x68e8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
22:02:24.0956 0x68e8 Power - ok
22:02:24.0966 0x68e8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:02:24.0986 0x68e8 PptpMiniport - ok
22:02:24.0986 0x68e8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
22:02:24.0996 0x68e8 Processor - ok
22:02:25.0006 0x68e8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
22:02:25.0026 0x68e8 ProfSvc - ok
22:02:25.0026 0x68e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:02:25.0036 0x68e8 ProtectedStorage - ok
22:02:25.0046 0x68e8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:02:25.0066 0x68e8 Psched - ok
22:02:25.0076 0x68e8 [ D8EB393983B644879DE0546122CC16DF, 4A11DDFB016B560E770660183AF1ADA4831D97DAEAF560E60259F81F2727CBFC ] ptun0901 C:\Windows\system32\DRIVERS\ptun0901.sys
22:02:25.0086 0x68e8 ptun0901 - ok
22:02:25.0116 0x68e8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:02:25.0156 0x68e8 ql2300 - ok
22:02:25.0166 0x68e8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:02:25.0176 0x68e8 ql40xx - ok
22:02:25.0186 0x68e8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
22:02:25.0206 0x68e8 QWAVE - ok
22:02:25.0206 0x68e8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:02:25.0216 0x68e8 QWAVEdrv - ok
22:02:25.0226 0x68e8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:02:25.0246 0x68e8 RasAcd - ok
22:02:25.0246 0x68e8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:02:25.0266 0x68e8 RasAgileVpn - ok
22:02:25.0276 0x68e8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
22:02:25.0296 0x68e8 RasAuto - ok
22:02:25.0306 0x68e8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:02:25.0326 0x68e8 Rasl2tp - ok
22:02:25.0336 0x68e8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
22:02:25.0366 0x68e8 RasMan - ok
22:02:25.0366 0x68e8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:02:25.0396 0x68e8 RasPppoe - ok
22:02:25.0396 0x68e8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:02:25.0416 0x68e8 RasSstp - ok
22:02:25.0426 0x68e8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:02:25.0456 0x68e8 rdbss - ok
22:02:25.0456 0x68e8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:02:25.0466 0x68e8 rdpbus - ok
22:02:25.0476 0x68e8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:02:25.0496 0x68e8 RDPCDD - ok
22:02:25.0506 0x68e8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:02:25.0516 0x68e8 RDPDR - ok
22:02:25.0516 0x68e8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:02:25.0536 0x68e8 RDPENCDD - ok
22:02:25.0546 0x68e8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:02:25.0566 0x68e8 RDPREFMP - ok
22:02:25.0566 0x68e8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:02:25.0576 0x68e8 RdpVideoMiniport - ok
22:02:25.0586 0x68e8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:02:25.0596 0x68e8 RDPWD - ok
22:02:25.0606 0x68e8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:02:25.0616 0x68e8 rdyboost - ok
22:02:25.0626 0x68e8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:02:25.0646 0x68e8 RemoteAccess - ok
22:02:25.0656 0x68e8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:02:25.0676 0x68e8 RemoteRegistry - ok
22:02:25.0686 0x68e8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:02:25.0706 0x68e8 RpcEptMapper - ok
22:02:25.0706 0x68e8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
22:02:25.0716 0x68e8 RpcLocator - ok
22:02:25.0736 0x68e8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
22:02:25.0766 0x68e8 RpcSs - ok
22:02:25.0766 0x68e8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:02:25.0786 0x68e8 rspndr - ok
22:02:25.0796 0x68e8 [ C20F64FCD5E2B40310A1774495877ACD, 459E337266EE510E67C5065D2CFDA6804BA5BAF82A4B6E43E80238C86269770D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:02:25.0816 0x68e8 RTHDMIAzAudService - ok
22:02:25.0826 0x68e8 [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:02:25.0856 0x68e8 RTL8167 - ok
22:02:25.0856 0x68e8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:02:25.0866 0x68e8 s3cap - ok
22:02:25.0866 0x68e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
22:02:25.0876 0x68e8 SamSs - ok
22:02:26.0046 0x68e8 [ 73031850BC68F3379096C032006A416B, 78657D0B476C817DE829CB3FC89BC1B1F5645532A2082546B594E380AB7F6983 ] Samsung Link Service Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
22:02:26.0076 0x68e8 Samsung Link Service - ok
22:02:26.0086 0x68e8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:02:26.0096 0x68e8 sbp2port - ok
22:02:26.0106 0x68e8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:02:26.0136 0x68e8 SCardSvr - ok
22:02:26.0136 0x68e8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:02:26.0156 0x68e8 scfilter - ok
22:02:26.0176 0x68e8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
22:02:26.0226 0x68e8 Schedule - ok
22:02:26.0226 0x68e8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:02:26.0246 0x68e8 SCPolicySvc - ok
22:02:26.0256 0x68e8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:02:26.0276 0x68e8 SDRSVC - ok
22:02:26.0276 0x68e8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:02:26.0296 0x68e8 secdrv - ok
22:02:26.0296 0x68e8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
22:02:26.0316 0x68e8 seclogon - ok
22:02:26.0326 0x68e8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
22:02:26.0346 0x68e8 SENS - ok
22:02:26.0346 0x68e8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:02:26.0366 0x68e8 SensrSvc - ok
22:02:26.0366 0x68e8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:02:26.0376 0x68e8 Serenum - ok
22:02:26.0376 0x68e8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:02:26.0386 0x68e8 Serial - ok
22:02:26.0396 0x68e8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:02:26.0406 0x68e8 sermouse - ok
22:02:26.0416 0x68e8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
22:02:26.0436 0x68e8 SessionEnv - ok
22:02:26.0436 0x68e8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:02:26.0446 0x68e8 sffdisk - ok
22:02:26.0456 0x68e8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:02:26.0466 0x68e8 sffp_mmc - ok
22:02:26.0466 0x68e8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:02:26.0476 0x68e8 sffp_sd - ok
22:02:26.0476 0x68e8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:02:26.0486 0x68e8 sfloppy - ok
22:02:26.0496 0x68e8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:02:26.0526 0x68e8 SharedAccess - ok
22:02:26.0536 0x68e8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:02:26.0566 0x68e8 ShellHWDetection - ok
22:02:26.0576 0x68e8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:02:26.0586 0x68e8 SiSRaid2 - ok
22:02:26.0586 0x68e8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:02:26.0596 0x68e8 SiSRaid4 - ok
22:02:26.0606 0x68e8 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:02:26.0626 0x68e8 SkypeUpdate - ok
22:02:26.0626 0x68e8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:02:26.0646 0x68e8 Smb - ok
22:02:26.0656 0x68e8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:02:26.0666 0x68e8 SNMPTRAP - ok
22:02:26.0666 0x68e8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
22:02:26.0676 0x68e8 spldr - ok
22:02:26.0686 0x68e8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
22:02:26.0716 0x68e8 Spooler - ok
22:02:26.0766 0x68e8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
22:02:26.0846 0x68e8 sppsvc - ok
22:02:26.0856 0x68e8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:02:26.0886 0x68e8 sppuinotify - ok
22:02:26.0896 0x68e8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:02:26.0916 0x68e8 srv - ok
22:02:26.0986 0x68e8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:02:27.0026 0x68e8 srv2 - ok
22:02:27.0036 0x68e8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:02:27.0056 0x68e8 srvnet - ok
22:02:27.0066 0x68e8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:02:27.0116 0x68e8 SSDPSRV - ok
22:02:27.0116 0x68e8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:02:27.0136 0x68e8 SstpSvc - ok
22:02:27.0146 0x68e8 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
22:02:27.0156 0x68e8 ssudmdm - ok
22:02:27.0166 0x68e8 [ 117DF2CC1758A097CC30305C4B8908C6, C750E0115FC749F3D42589868F1DE5E421B18D9588A5191B7D1D6AC41DB8EC3C ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
22:02:27.0176 0x68e8 ssudobex - ok
22:02:27.0196 0x68e8 [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:02:27.0226 0x68e8 Steam Client Service - ok
22:02:27.0236 0x68e8 [ A9425CB7D5A698EA49BE0DF55A448E68, 2DB5B00D6AAB6D0D60EFE5FE26C50FD1AB3D4F9E2BA2EAD8A0BE1F1AF9082C12 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:02:27.0256 0x68e8 Stereo Service - ok
22:02:27.0256 0x68e8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:02:27.0266 0x68e8 stexstor - ok
22:02:27.0286 0x68e8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
22:02:27.0306 0x68e8 stisvc - ok
22:02:27.0306 0x68e8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:02:27.0316 0x68e8 storflt - ok
22:02:27.0326 0x68e8 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
22:02:27.0336 0x68e8 StorSvc - ok
22:02:27.0336 0x68e8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:02:27.0346 0x68e8 storvsc - ok
22:02:27.0346 0x68e8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:02:27.0356 0x68e8 swenum - ok
22:02:27.0366 0x68e8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
22:02:27.0406 0x68e8 swprv - ok
22:02:27.0436 0x68e8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
22:02:27.0486 0x68e8 SysMain - ok
22:02:27.0496 0x68e8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:02:27.0506 0x68e8 TabletInputService - ok
22:02:27.0516 0x68e8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:02:27.0546 0x68e8 TapiSrv - ok
22:02:27.0556 0x68e8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
22:02:27.0576 0x68e8 TBS - ok
22:02:27.0616 0x68e8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:02:27.0656 0x68e8 Tcpip - ok
22:02:27.0686 0x68e8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:02:27.0736 0x68e8 TCPIP6 - ok
22:02:27.0736 0x68e8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:02:27.0756 0x68e8 tcpipreg - ok
22:02:27.0756 0x68e8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:02:27.0766 0x68e8 TDPIPE - ok
22:02:27.0766 0x68e8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:02:27.0776 0x68e8 TDTCP - ok
22:02:27.0786 0x68e8 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:02:27.0796 0x68e8 tdx - ok
22:02:27.0796 0x68e8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:02:27.0806 0x68e8 TermDD - ok
22:02:27.0826 0x68e8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
22:02:27.0846 0x68e8 TermService - ok
22:02:27.0856 0x68e8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
22:02:27.0866 0x68e8 Themes - ok
22:02:27.0876 0x68e8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
22:02:27.0896 0x68e8 THREADORDER - ok
22:02:27.0946 0x68e8 [ 0A03E85A641F2672796D34F506066594, B2AA139CC53F25DB1709844483D404A8FA1D010167BCF164B4A31A029C606F7D ] TomTomHOMEService Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
22:02:27.0976 0x68e8 TomTomHOMEService - ok
22:02:27.0986 0x68e8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
22:02:28.0036 0x68e8 TrkWks - ok
22:02:28.0046 0x68e8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:02:28.0076 0x68e8 TrustedInstaller - ok
22:02:28.0076 0x68e8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:02:28.0086 0x68e8 tssecsrv - ok
22:02:28.0096 0x68e8 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:02:28.0106 0x68e8 TsUsbFlt - ok
22:02:28.0106 0x68e8 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:02:28.0116 0x68e8 TsUsbGD - ok
22:02:28.0126 0x68e8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:02:28.0146 0x68e8 tunnel - ok
22:02:28.0156 0x68e8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:02:28.0166 0x68e8 uagp35 - ok
22:02:28.0176 0x68e8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:02:28.0196 0x68e8 udfs - ok
22:02:28.0206 0x68e8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:02:28.0216 0x68e8 UI0Detect - ok
22:02:28.0216 0x68e8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:02:28.0226 0x68e8 uliagpkx - ok
22:02:28.0236 0x68e8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:02:28.0246 0x68e8 umbus - ok
22:02:28.0246 0x68e8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:02:28.0256 0x68e8 UmPass - ok
22:02:28.0266 0x68e8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:02:28.0276 0x68e8 UmRdpService - ok
22:02:28.0286 0x68e8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
22:02:28.0316 0x68e8 upnphost - ok
22:02:28.0326 0x68e8 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:02:28.0336 0x68e8 USBAAPL64 - ok
22:02:28.0336 0x68e8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:02:28.0356 0x68e8 usbaudio - ok
22:02:28.0356 0x68e8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:02:28.0366 0x68e8 usbccgp - ok
22:02:28.0366 0x68e8 [ C02500A0EE2A47804077060DEEA26F92, 516187FE7060E8DA4DE4EB031649FAF47B155F6A00AB424DA663B4F0FEC266F3 ] UsbCharger C:\Windows\system32\DRIVERS\UsbCharger.sys
22:02:28.0376 0x68e8 UsbCharger - ok
22:02:28.0386 0x68e8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:02:28.0396 0x68e8 usbcir - ok
22:02:28.0396 0x68e8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:02:28.0406 0x68e8 usbehci - ok
22:02:28.0416 0x68e8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:02:28.0436 0x68e8 usbhub - ok
22:02:28.0436 0x68e8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:02:28.0446 0x68e8 usbohci - ok
22:02:28.0456 0x68e8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:02:28.0466 0x68e8 usbprint - ok
22:02:28.0466 0x68e8 [ 2C42E595E7E381596B9A14F88F5AE027, 948C2AD7FA0B01184312D1ABE43F2F3D85A934CF0658A8B2BDF9F0919568377B ] usbrndis6 C:\Windows\system32\DRIVERS\usb80236.sys
22:02:28.0476 0x68e8 usbrndis6 - ok
22:02:28.0486 0x68e8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
22:02:28.0496 0x68e8 usbscan - ok
22:02:28.0496 0x68e8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:02:28.0506 0x68e8 USBSTOR - ok
22:02:28.0506 0x68e8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:02:28.0526 0x68e8 usbuhci - ok
22:02:28.0526 0x68e8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:02:28.0546 0x68e8 usbvideo - ok
22:02:28.0546 0x68e8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
22:02:28.0566 0x68e8 UxSms - ok
22:02:28.0576 0x68e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
22:02:28.0586 0x68e8 VaultSvc - ok
22:02:28.0596 0x68e8 [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
22:02:28.0606 0x68e8 VBoxAswDrv - ok
22:02:28.0616 0x68e8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:02:28.0626 0x68e8 vdrvroot - ok
22:02:28.0636 0x68e8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
22:02:28.0666 0x68e8 vds - ok
22:02:28.0676 0x68e8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:02:28.0686 0x68e8 vga - ok
22:02:28.0686 0x68e8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:02:28.0706 0x68e8 VgaSave - ok
22:02:28.0716 0x68e8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:02:28.0726 0x68e8 vhdmp - ok
22:02:28.0736 0x68e8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
22:02:28.0746 0x68e8 viaide - ok
22:02:28.0746 0x68e8 [ 12E57AE59C1A9AEFB77D76EC784FD912, AC65295EEBCE1A1D99EC9A5D47921DCFE2E344434D2EB0D290942148A8DAF0DB ] VmbService C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
22:02:28.0756 0x68e8 VmbService - detected UnsignedFile.Multi.Generic ( 1 )
22:02:31.0366 0x68e8 Detect skipped due to KSN trusted
22:02:31.0366 0x68e8 VmbService - ok
22:02:31.0386 0x68e8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:02:31.0416 0x68e8 vmbus - ok
22:02:31.0426 0x68e8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:02:31.0446 0x68e8 VMBusHID - ok
22:02:31.0456 0x68e8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:02:31.0476 0x68e8 volmgr - ok
22:02:31.0496 0x68e8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:02:31.0516 0x68e8 volmgrx - ok
22:02:31.0526 0x68e8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:02:31.0536 0x68e8 volsnap - ok
22:02:31.0546 0x68e8 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61, 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
22:02:31.0556 0x68e8 vpcbus - ok
22:02:31.0566 0x68e8 [ 8ACDA395841538CE9713A67FE8B2A3EB, D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
22:02:31.0576 0x68e8 vpcnfltr - ok
22:02:31.0576 0x68e8 [ 31924E31BC315773E6D149B157DB46D5, 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
22:02:31.0596 0x68e8 vpcusb - ok
22:02:31.0606 0x68e8 [ C5B651E52540E6F46DA66574C74B4898, 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
22:02:31.0616 0x68e8 vpcvmm - ok
22:02:31.0626 0x68e8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:02:31.0636 0x68e8 vsmraid - ok
22:02:31.0666 0x68e8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
22:02:31.0716 0x68e8 VSS - ok
22:02:31.0726 0x68e8 [ 8476AF62BD1FA4E3730236B7F693DE13, B8F1789324655E0B22CB34C5EC36EAE7CB24F91A2EC330964BA4AF80096B5700 ] VUSB3HUB C:\Windows\system32\DRIVERS\ViaHub3.sys
22:02:31.0746 0x68e8 VUSB3HUB - ok
22:02:31.0746 0x68e8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:02:31.0756 0x68e8 vwifibus - ok
22:02:31.0766 0x68e8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
22:02:31.0796 0x68e8 W32Time - ok
22:02:31.0796 0x68e8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:02:31.0806 0x68e8 WacomPen - ok
22:02:31.0816 0x68e8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:02:31.0836 0x68e8 WANARP - ok
22:02:31.0836 0x68e8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:02:31.0856 0x68e8 Wanarpv6 - ok
22:02:31.0886 0x68e8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:02:31.0916 0x68e8 WatAdminSvc - ok
22:02:31.0946 0x68e8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
22:02:31.0996 0x68e8 wbengine - ok
22:02:31.0996 0x68e8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:02:32.0016 0x68e8 WbioSrvc - ok
22:02:32.0026 0x68e8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:02:32.0046 0x68e8 wcncsvc - ok
22:02:32.0056 0x68e8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:02:32.0066 0x68e8 WcsPlugInService - ok
22:02:32.0066 0x68e8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
22:02:32.0076 0x68e8 Wd - ok
22:02:32.0076 0x68e8 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:02:32.0086 0x68e8 WDC_SAM - ok
22:02:32.0106 0x68e8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:02:32.0136 0x68e8 Wdf01000 - ok
22:02:32.0146 0x68e8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:02:32.0156 0x68e8 WdiServiceHost - ok
22:02:32.0166 0x68e8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:02:32.0176 0x68e8 WdiSystemHost - ok
22:02:32.0186 0x68e8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
22:02:32.0206 0x68e8 WebClient - ok
22:02:32.0216 0x68e8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:02:32.0246 0x68e8 Wecsvc - ok
22:02:32.0246 0x68e8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:02:32.0266 0x68e8 wercplsupport - ok
22:02:32.0276 0x68e8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
22:02:32.0296 0x68e8 WerSvc - ok
22:02:32.0306 0x68e8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:02:32.0326 0x68e8 WfpLwf - ok
22:02:32.0326 0x68e8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:02:32.0336 0x68e8 WIMMount - ok
22:02:32.0336 0x68e8 WinDefend - ok
22:02:32.0336 0x68e8 WinHttpAutoProxySvc - ok
22:02:32.0346 0x68e8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:02:32.0376 0x68e8 Winmgmt - ok
22:02:32.0416 0x68e8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
22:02:32.0466 0x68e8 WinRM - ok
22:02:32.0476 0x68e8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:02:32.0486 0x68e8 WinUsb - ok
22:02:32.0506 0x68e8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:02:32.0536 0x68e8 Wlansvc - ok
22:02:32.0546 0x68e8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:02:32.0556 0x68e8 WmiAcpi - ok
22:02:32.0556 0x68e8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:02:32.0576 0x68e8 wmiApSrv - ok
22:02:32.0576 0x68e8 WMPNetworkSvc - ok
22:02:32.0576 0x68e8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:02:32.0596 0x68e8 WPCSvc - ok
22:02:32.0596 0x68e8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:02:32.0616 0x68e8 WPDBusEnum - ok
22:02:32.0616 0x68e8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:02:32.0636 0x68e8 ws2ifsl - ok
22:02:32.0646 0x68e8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
22:02:32.0666 0x68e8 wscsvc - ok
22:02:32.0666 0x68e8 WSearch - ok
22:02:32.0706 0x68e8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
22:02:32.0776 0x68e8 wuauserv - ok
22:02:32.0786 0x68e8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:02:32.0796 0x68e8 WudfPf - ok
22:02:32.0806 0x68e8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:02:32.0816 0x68e8 WUDFRd - ok
22:02:32.0826 0x68e8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:02:32.0836 0x68e8 wudfsvc - ok
22:02:32.0846 0x68e8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:02:32.0856 0x68e8 WwanSvc - ok
22:02:32.0866 0x68e8 [ 5CA030F4F59A067082D3DEBC7080DD73, 7063AC638939994CC0E2EBFBA30DF3680DADAD389D3625D58FC18FB18C564CD4 ] xhcdrv C:\Windows\system32\DRIVERS\xhcdrv.sys
22:02:32.0886 0x68e8 xhcdrv - ok
22:02:32.0886 0x68e8 ================ Scan global ===============================
22:02:32.0886 0x68e8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:02:32.0896 0x68e8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:02:32.0906 0x68e8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:02:32.0916 0x68e8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:02:32.0926 0x68e8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:02:32.0926 0x68e8 [ Global ] - ok
22:02:32.0926 0x68e8 ================ Scan MBR ==================================
22:02:32.0926 0x68e8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:02:33.0007 0x68e8 \Device\Harddisk0\DR0 - ok
22:02:33.0007 0x68e8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:02:33.0087 0x68e8 \Device\Harddisk1\DR1 - ok
22:02:33.0127 0x68e8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
22:02:33.0707 0x68e8 \Device\Harddisk4\DR4 - ok
22:02:33.0707 0x68e8 ================ Scan VBR ==================================
22:02:33.0707 0x68e8 [ 6C8E7C949BD3382D5E392BA42F56B6B0 ] \Device\Harddisk0\DR0\Partition1
22:02:33.0707 0x68e8 \Device\Harddisk0\DR0\Partition1 - ok
22:02:33.0707 0x68e8 [ 0679BFE2C9DEC773F5615A3FC000E9E6 ] \Device\Harddisk1\DR1\Partition1
22:02:33.0757 0x68e8 \Device\Harddisk1\DR1\Partition1 - ok
22:02:33.0767 0x68e8 [ 13374FE6A748A7BCF4448BFA4671642B ] \Device\Harddisk1\DR1\Partition2
22:02:33.0807 0x68e8 \Device\Harddisk1\DR1\Partition2 - ok
22:02:33.0817 0x68e8 [ B6689383B37F37FC864DC27171125485 ] \Device\Harddisk1\DR1\Partition3
22:02:33.0847 0x68e8 \Device\Harddisk1\DR1\Partition3 - ok
22:02:33.0857 0x68e8 [ AB302374BB08760351B3444D48A940FC ] \Device\Harddisk4\DR4\Partition1
22:02:33.0867 0x68e8 \Device\Harddisk4\DR4\Partition1 - ok
22:02:33.0867 0x68e8 ================ Scan generic autorun ======================
22:02:33.0867 0x68e8 VIAxHCUtl - ok
22:02:33.0867 0x68e8 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
22:02:33.0897 0x68e8 ShadowPlay - ok
22:02:33.0997 0x68e8 [ 37CDB51861F8939FE743CE7ACEC91158, C032F2567AC2F05D7520C22EFCD04D2B6C4D5968126347CD8BCE876CBDA1A1A4 ] Z:\Program Files\samsung\Samsung Link\Samsung Link Tray Agent.exe
22:02:34.0037 0x68e8 Samsung Link - ok
22:02:34.0267 0x68e8 [ 635BFF7C55A68CFEEFFB155979E68EE0, 018AAC3F2F8B31078DCD35E4C543172737213DE63F0EC0A9B2A7F45E44B6842F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:02:34.0487 0x68e8 RtHDVCpl - ok
22:02:34.0497 0x68e8 [ FF6659185BD54E9E5DE619CA1C2CD5B2, 0573634F7F69A41E0CAFCEDA8203DA26726BF77CBD6FD9FB9258D78691629E30 ] C:\Windows\system32\igfxpers.exe
22:02:34.0517 0x68e8 Persistence - ok
22:02:34.0557 0x68e8 [ 381474F8A4477CF4951553EF530B0ED5, 6C2CB69E072EC2BF8C4EBB93DB400CF9358CC7C4FDA24E3B9B422FFAD089462F ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
22:02:34.0617 0x68e8 NvBackend - ok
22:02:34.0817 0x68e8 [ 1539331FFDB2D977BFF14F5737F5063E, 29C6CDEDA01D406BEE2B6E06CC42491A9EA89E45751D92DB4A2E9C017527B44A ] C:\Program Files\Logitech Gaming Software\LCore.exe
22:02:34.0947 0x68e8 Launch LCore - ok
22:02:34.0957 0x68e8 [ 2E48CB664239B71FA40D9583FCB39860, EAFF430D91AD30AEF9D9FA6E7F3CB6217C6ACD519F1EE31351506445EED15D9C ] C:\Windows\system32\igfxtray.exe
22:02:34.0967 0x68e8 IgfxTray - ok
22:02:34.0967 0x68e8 [ 353C3D309B32642C329518FB2A3CC317, 9F1EDA8398203D65C2B05874052F5544DB1F662C24ECEEC9C95D5C397ABDAF76 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
22:02:34.0977 0x68e8 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
22:02:37.0487 0x68e8 Detect skipped due to KSN trusted
22:02:37.0487 0x68e8 IAStorIcon - ok
22:02:37.0517 0x68e8 [ A491FFC9A3E69336AA5D4A065B42C8F8, 7DE6E7FD751C40B6CD1D059CC086307E0D11620642A36805C56C0F451E4412CD ] C:\Windows\system32\hkcmd.exe
22:02:37.0557 0x68e8 HotKeysCmds - ok
22:02:37.0667 0x68e8 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
22:02:37.0797 0x68e8 AvastUI.exe - ok
22:02:37.0807 0x68e8 [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
22:02:37.0827 0x68e8 USB3MON - ok
22:02:37.0837 0x68e8 [ 6D313E4121365B2ABEED5A93F9B197E5, 94CDAD27F1A362A23F6CE0D65881EB8753B7A3744DE127022DB77B4459EE1FD6 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:02:37.0857 0x68e8 SunJavaUpdateSched - ok
22:02:37.0857 0x68e8 [ FDF5312C36072ECC0BF60BDC3F92963A, 591E7701960E0E757735B962EABF1A18769D8756129C2ED614E327BCBA1ADC20 ] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
22:02:37.0867 0x68e8 MobileBroadband - detected UnsignedFile.Multi.Generic ( 1 )
22:02:40.0327 0x68e8 Detect skipped due to KSN trusted
22:02:40.0327 0x68e8 MobileBroadband - ok
22:02:40.0387 0x68e8 [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
22:02:40.0427 0x68e8 LWS - ok
22:02:40.0467 0x68e8 [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] Z:\Program Files (x86)\iTunes\iTunesHelper.exe
22:02:40.0487 0x68e8 iTunesHelper - ok
22:02:40.0517 0x68e8 [ FD5F202B1FC7801735C9743B6A38E515, 671B82057C9C4E20DCD6319BF7830E7C32B81F86353726A12BACE03E400FD443 ] Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
22:02:40.0527 0x68e8 Adobe Photo Downloader - detected UnsignedFile.Multi.Generic ( 1 )
22:02:43.0077 0x68e8 Detect skipped due to KSN trusted
22:02:43.0077 0x68e8 Adobe Photo Downloader - ok
22:02:43.0127 0x68e8 [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:02:43.0177 0x68e8 Adobe ARM - ok
22:02:43.0177 0x68e8 [ 31427E1F610AED666C29046A17264C23, E8848F8D32379486DFA5A42B020F2A2FB1D2DD450FBD5EAF16142743A008F480 ] C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
22:02:43.0187 0x68e8 PreRun - detected UnsignedFile.Multi.Generic ( 1 )
22:02:45.0818 0x68e8 Detect skipped due to KSN trusted
22:02:45.0818 0x68e8 PreRun - ok
22:02:45.0858 0x68e8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:02:45.0928 0x68e8 Sidebar - ok
22:02:45.0938 0x68e8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:02:45.0948 0x68e8 mctadmin - ok
22:02:45.0968 0x68e8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:02:46.0008 0x68e8 Sidebar - ok
22:02:46.0008 0x68e8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:02:46.0018 0x68e8 mctadmin - ok
22:02:46.0028 0x68e8 [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
22:02:46.0048 0x68e8 RESTART_STICKY_NOTES - ok
22:02:46.0048 0x68e8 Adobe Speed Launcher - ok
22:02:46.0048 0x68e8 Waiting for KSN requests completion. In queue: 6
22:02:47.0048 0x68e8 Waiting for KSN requests completion. In queue: 6
22:02:48.0048 0x68e8 Waiting for KSN requests completion. In queue: 6
22:02:49.0048 0x68e8 Waiting for KSN requests completion. In queue: 6
22:02:50.0068 0x68e8 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
22:02:50.0078 0x68e8 Win FW state via NFP2: enabled
22:02:52.0579 0x68e8 ============================================================
22:02:52.0579 0x68e8 Scan finished
22:02:52.0579 0x68e8 ============================================================
22:02:52.0589 0x4d00 Detected object count: 0
22:02:52.0589 0x4d00 Actual detected object count: 0
Sorry, no infections are showing.
Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif
NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif
Click on box next to the Restart System when Finished. Then click on Start.
I had high hopes, but alas... no
My iexplorer.exe *32 is just bigger and bigger :(
Clear Internet Explorer Cache and Cookies
Open Internet Explorer. Click the Settings gear icon in the top right corner.
Click Safety, followed by Delete Browsing History.
Check the following boxes:
Temporary Internet Files
Cookies
History
Download History
Form Data
Uncheck Preserve Favorites.
Click Delete, and wait until complete.
Close Internet Explorer.
~~~~~~~~~~~~~~
Try to reset IE settings to default => http://support.microsoft.com/kb/923737
Also does this problem still occur if you run IE without add-ons? In the Start menu search box, type in the following command iexplore.exe -extoff and hit Enter. This should run IE without add-ons.
~~~~~~~~~~~~~~~~~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.
*************************************
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip a variant of Generik.FBXZBPI potentially unwanted application
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
F:\old desktop files\film\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
F:\old desktop files\film\mCheat.rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip a variant of Generik.FBXZBPI potentially unwanted application
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK potentially unsafe application
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application
Z:\Program Files (x86)\miniAdmin3\keyhook.dll a variant of Win32/Turkojan Trojan
Now I feel I should explain some of these.... The folder called hack folder contains a number of applications that could be used to reflash an Xbox 360, and the old desktop files folder is a back up of that.
Yes I do use miniadmin... I think not in the future.
what you downloaded came in with bundled little goodies.
What surprises me is that none of this had been flagged in the past?
Ones labeled "Potentially unwanted application" I most often suggest people uninstall or delete
Ones labeled "a variant of" show infections, you can't leave this on your computer.
I know you know I'm going to ask this be deleted.
I can't leave a computer I'm trying to clean and fix errors knowing this on the computer in question.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\miniAdmin3\miniAdmin3\keyhook.dll
F:\old desktop files\film\KeyFinderInstaller.exe
F:\old desktop files\film\mCheat.rar
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy
Z:\Program Files (x86)\miniAdmin3\keyhook.dll
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
I totally understand an have run as requested.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Vince and Mel at 2014-12-20 19:06:13 Run:1
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\miniAdmin3\miniAdmin3\keyhook.dll
F:\old desktop files\film\KeyFinderInstaller.exe
F:\old desktop files\film\mCheat.rar
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy
Z:\Program Files (x86)\miniAdmin3\keyhook.dll
EmptyTemp:
End
*****************
Processes closed successfully.
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe => Moved successfully.
F:\miniAdmin3\miniAdmin3\keyhook.dll => Moved successfully.
F:\old desktop files\film\KeyFinderInstaller.exe => Moved successfully.
F:\old desktop files\film\mCheat.rar => Moved successfully.
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe => Moved successfully.
"F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan" => File/Directory not found.
"G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK" => File/Directory not found.
"G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy" => File/Directory not found.
Z:\Program Files (x86)\miniAdmin3\keyhook.dll => Moved successfully.
EmptyTemp: => Removed 756.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Now, since a reboot, whats the computer doing now?
Hmm... I wish I could be more positive, but im not sure exactly how the iexplorer.exe *32 should behave...
I think the size has stopped increasing.... but takes up a large amount of space.
With 3 tabs open im up at 403,000k - 404,000k
Reduced back to 1 tab its 308,000k
11939
If I close all tabs an reopen its 50,000k
11940
but after opening a few tabs and closing them im back at 169,000k
11941
Read over the below and let's see if it can help.
Troubleshooting and Internet Explorer’s (No Add-ons) Mode
http://blogs.msdn.com/b/ie/archive/2006/07/25/678113.aspx
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
ComboFix 14-12-14.01 - Vince and Mel 21/12/2014 19:35:57.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16269.12143 [GMT 0:00]
Running from: c:\users\Vince and Mel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vince and Mel\AppData\Roaming\inst.exe
c:\users\Vince and Mel\AppData\Roaming\vso_ts_preview.xml
Z:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
.
.
2014-12-21 20:02 . 2014-12-21 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-21 05:53 . 2014-12-21 05:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D2E7239-938B-41D9-A274-565372408774}\offreg.dll
2014-12-20 19:16 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D2E7239-938B-41D9-A274-565372408774}\mpengine.dll
2014-12-20 19:06 . 2014-12-20 19:06 -------- d-----w- C:\FRST
2014-12-20 13:16 . 2014-12-20 13:16 -------- d-----w- c:\program files (x86)\ESET
2014-12-18 23:56 . 2014-12-18 23:57 -------- d-----w- c:\windows\system32\catroot2
2014-12-18 23:49 . 2014-12-18 23:49 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-12-18 22:52 . 2014-12-18 22:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-12-18 18:27 . 2014-12-18 18:27 -------- d-----w- c:\users\Vince and Mel\AppData\Local\pangu
2014-12-17 18:08 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-17 18:08 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-15 18:16 . 2014-12-15 18:16 -------- dc----w- c:\windows\system32\DRVSTORE
2014-12-15 18:16 . 2012-10-03 16:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-15 18:15 . 2014-12-15 18:15 -------- d-----w- c:\program files\iPod
2014-12-15 18:15 . 2014-12-15 18:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 18:15 . 2014-12-15 18:16 -------- d-----w- c:\program files\iTunes
2014-12-15 18:15 . 2014-12-15 18:15 -------- d-----w- c:\program files\Common Files\Apple
2014-12-15 18:14 . 2014-12-15 18:14 -------- d-----w- c:\program files\Bonjour
2014-12-15 18:14 . 2014-12-15 18:14 -------- d-----w- c:\program files (x86)\Bonjour
2014-12-15 18:14 . 2014-12-15 18:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-12-14 10:39 . 2014-12-14 10:39 -------- d-----w- c:\program files\Microsoft Silverlight
2014-12-14 10:39 . 2014-12-14 10:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-12-11 03:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 03:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 07:55 . 2014-11-22 03:13 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-12-02 17:15 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-02 17:13 . 2014-12-02 17:13 -------- d-----w- C:\NVIDIA
2014-12-02 17:10 . 2014-12-02 17:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-02 17:09 . 2014-12-02 17:09 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-30 16:42 . 2014-12-16 16:05 -------- d-----w- c:\windows\ERUNT
2014-11-29 00:37 . 2014-11-29 00:37 -------- d-----w- C:\RegBackup
2014-11-28 21:05 . 2014-12-02 00:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-27 20:11 . 2014-11-27 20:11 -------- d-----w- c:\windows\SysWow64\vbox
2014-11-27 20:11 . 2014-11-27 20:11 -------- d-----w- c:\windows\system32\vbox
2014-11-27 19:09 . 2014-11-27 19:09 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-27 19:09 . 2014-11-27 19:09 43152 ----a-w- c:\windows\avastSS.scr
2014-11-25 15:21 . 2014-11-25 15:21 3618488 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-11-25 15:20 . 2014-11-25 15:20 81234104 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 15:20 . 2014-11-25 15:20 550072 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-11-25 15:20 . 2014-11-25 15:20 26373816 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-25 13:59 . 2014-11-25 13:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 20:56 . 2014-11-28 22:03 -------- d-----w- c:\users\Vince and Mel\AppData\Roaming\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 19:08 . 2013-11-17 03:55 25640 ----a-w- c:\windows\gdrv.sys
2014-12-18 18:11 . 2014-06-14 01:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 03:02 . 2013-12-17 00:06 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-10 12:40 . 2014-03-06 17:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 12:40 . 2014-03-06 17:48 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-27 19:09 . 2013-11-17 10:55 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-27 19:09 . 2014-07-09 16:14 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-27 19:09 . 2014-07-09 16:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-27 19:09 . 2013-11-17 10:55 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-27 19:09 . 2013-11-17 10:55 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-27 19:09 . 2013-11-17 10:55 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-27 19:09 . 2013-11-17 10:55 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-27 19:09 . 2013-11-17 10:55 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-24 14:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 06:14 . 2014-06-14 01:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:14 . 2014-06-14 01:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 06:14 . 2013-11-25 10:39 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 20:47 . 2014-11-18 20:47 1247904 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-17 20:02 . 2014-09-19 11:19 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-17 20:02 . 2014-04-21 15:58 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-17 20:02 . 2014-09-19 11:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-17 20:02 . 2014-04-21 15:58 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-13 00:20 . 2014-11-07 16:37 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-13 00:20 . 2014-11-07 16:37 3262784 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-13 00:20 . 2014-11-07 16:37 31893136 ----a-w- c:\windows\system32\nvoglv64.dll
2014-11-13 00:20 . 2014-11-07 16:37 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-11-13 00:20 . 2014-11-07 16:37 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-13 00:20 . 2014-11-07 16:37 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-11-13 00:20 . 2014-11-07 16:37 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-11-13 00:20 . 2014-11-07 16:37 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-11-12 21:56 . 2014-11-07 16:38 6897352 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2014-11-07 16:38 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2014-11-07 16:38 934032 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-12 21:56 . 2014-11-07 16:38 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-11-12 21:56 . 2014-11-07 16:38 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-12 21:56 . 2014-04-02 21:13 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-11 10:29 . 2014-11-07 16:38 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
2014-11-11 03:08 . 2014-11-18 18:34 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:34 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 18:34 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:34 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-05 21:54 . 2014-11-05 21:54 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 08:56 . 2014-11-07 16:37 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-10-30 08:56 . 2014-11-07 16:37 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-10-30 08:56 . 2014-11-07 16:37 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-10-30 04:53 . 2014-11-07 16:37 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-07 16:37 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-25 01:57 . 2014-11-12 06:00 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 06:00 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 06:00 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 06:00 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 06:00 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 06:00 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 06:00 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 06:00 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 06:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 06:00 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 06:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 06:00 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 06:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 06:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 06:00 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 06:00 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 19:23 . 2014-04-21 15:58 35144 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-10-03 02:12 . 2014-11-12 06:00 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 06:00 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 06:00 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 06:00 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 06:00 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 06:00 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 06:00 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 06:00 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 00:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 00:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-07-31 69632]
"LWS"="z:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"iTunesHelper"="z:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Adobe Photo Downloader"="z:\program files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"PreRun"="c:\program files (x86)\GIGABYTE\AppCenter\PreRun.exe" [2013-04-29 8192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 etocdrv;etocdrv;c:\windows\etocdrv.sys;c:\windows\etocdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 GPU-Z;GPU-Z;c:\users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys;c:\users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 gadjservice;GIGABYTE Adjust;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Samsung Link Service;Samsung Link Service;z:\program files\samsung\Samsung Link\Samsung Link.exe;z:\program files\samsung\Samsung Link\Samsung Link.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 23:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 12:40]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 16:05]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 16:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-27 19:09 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\program files\VIA XHCI UASP Utility\usb3Monitor" [X]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-17 2800296]
"Samsung Link"="z:\program files\samsung\Samsung Link\Samsung Link Tray Agent.exe" [2014-12-16 607584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-17 2465088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: sharepoint.com\studentthanetac
Trusted Zone: sharepoint.com\studentthanetac-my
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7796727F-F0FD-46AE-8DB4-48D883925147}: NameServer = 10.203.128.1 10.203.128.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vince and Mel\AppData\Roaming\Mozilla\Firefox\Profiles\6a4e2qpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
Completion time: 2014-12-21 20:16:54
ComboFix-quarantined-files.txt 2014-12-21 20:16
.
Pre-Run: 24,900,399,104 bytes free
Post-Run: 24,701,034,496 bytes free
.
- - End Of File - - F1EB9730DEDD1026A9BD89B4C2FD6238
A36C5E4F47E84449FF07ED3517B43A31
This one tab is 136,000 after opening a few tabs, and closing them.
Is there anything left to throw at my pc?
Is there anything left to throw at my pc?
Not really.
Theres really no malware showing now and hasn't for a while.
The only thing I can think of at this point is to do a system restore back before this started happening.
We've been working on this for a week, you stated it had been going on for 2 weeks, we're looking at, at least a month ago.
:(
I think my restore points were purged
yikes!
Let's try a clean boot.
http://i.imgur.com/F0hoanr.png Clean Boot
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
In the General tab, click Selective Startup.
Remove the checkmark next to Load startup items.
Click the Services tab.
Place a checkmark next to Hide all Microsoft services.
Click Disable all, followed by OK.
When prompted, click Restart and boot normally into Windows.
Check your computer startup performance.
~~~~~~~~~~~~~~~~
Test the machine for a bit then try the next
http://i.imgur.com/F0hoanr.png Troubleshooting in Clean Boot Environment
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type msconfig and click OK.
Click the Services tab.
Ensure there is a checkmark next to Hide all Microsoft services.
Place a checkmark in half of the unchecked items and reboot your computer.
If your symptoms reappear, uncheck an item, reboot your computer and see if your symptoms disappear. Repeat the process as necessary.
If your symptoms do not reappear, check an additional item, reboot your computer and see if your symptoms reappear. Repeat the process as necessary.
List the programm(es) causing issues in your next reply.
~~~~~~~~~~~~~
The above may or may not have any effect, we can also try Creating New User Profile to see if the issues are still there.
How to create a new user account in Windows 7 (http://www.bleepingcomputer.com/tutorials/create-new-user-account-in-windows-vista-7/)
http://i.imgur.com/bSAX0Re.png Testing New User Profile
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type cmd and click OK.
Type the following at the command prompt, pressing the Enter key after each line.
net user temp /add
net localgroup administrators temp /add
~~~~Reboot~~~~ your computer, and log into the temp user account.
Thanks again for your patience, tolerance and for giving me a logical approach :)
Maybe my PC just needed restarting again? I went through the process of selecting services to start on boot, and was surprised when I had all the services selected and a reasonable iexplorer.exe *32 size.
I can open 5 tabs at different locations and then reduce back to this one and the size is 70,000k - 85,000k (higher for this reply page).
11942
Is that a normal size?
NB with no services at all (other than MS ones) the same test was giving me a size of 60,000k - 61,000k
Myself, I don't use IE so I can't tell or say what is and what isn't but, what I did see on the image was
100 processes and CPU was at 3%
One thing to note was seeing items loaded that are not needed. I am curious tho, seeing some that might could pull on IE if needed?
If you don't know some programs listed there or unsure if they are needed or not, leave them enabled, or use RubberDucky's StartUpLite (http://www.malwarebytes.org/startuplite.php)
This will display all unnecessary startup entries - so actually, everything it displays there is not necessary to start up with Windows.
The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs.
(Do not choose the "Remove" checkboxes, because this will delete it from the Registry - only select the "Remove" checkboxes if you are sure you don't want to enable them again in the future)
Or we can run HJT
Download HijackThis (http://forums.whatthetech.com/index.php?app=downloads&showfile=36).
Save HijackThis.exe to your desktop.
Doubleclick on the HijackThis.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Thanks :)
I ran RubberDucky's start up lite. It only identified the java updater. I have disabled that.
My HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:44:11, on 23/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
FIREFOX: 29.0.1 (en-GB)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
Z:\Program Files (x86)\iTunes\iTunesHelper.exe
Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
Z:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~2\Brother\Ptedit51\Ptedit51.exe
C:\Users\Vince and Mel\Desktop\internet protection\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [LWS] Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "Z:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [PreRun] C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419286514
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7796727F-F0FD-46AE-8DB4-48D883925147}: NameServer = 10.203.128.1 10.203.128.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - Z:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GIGABYTE Adjust (gadjservice) - Unknown owner - C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10810 bytes
These are valid programs but are not required to run on startup.
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [LWS] Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "Z:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419286514
Now reboot the computer to set the registry.
If needed later every entry can be reset by using MSCONFIG and placing a check by the service,
Thanks again for the support... I will do this as soon as I return from the festivities in a few days.
I hope you all have a great Christmas.
Vince
ahh Vince thank you.
Happy Holidays to you too!
Something is not right... :(
I am running without the mentioned applications at start up. The process are still very high. 100+ when I have xammp running.
I also noticed that over a prolonged period my iexplorer*32 is still abnormally large.
I link my paranoia got the better of me and I have started to prepared myself for a reinstall. Its just such a pain as the servers are on this machine... trying to migrate to another PC beforehand is taking a while.
I did not try creating a new account. Ill give that a try before I put the windows disc in.
Thanks again
Vince
Once more, let's try
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select [img=http://i.imgur.com/AVOiBNU.jpg] Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
Thanks Juliet for looking again, and Happy new year to you :)
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Vince and Mel (administrator) on MUP-PC on 03-01-2015 23:15:25
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Copyright 2013 SAMSUNG) Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
(TomTom) Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Copyright 2013 SAMSUNG) Z:\Program Files\samsung\Samsung Link\Samsung Link Tray Agent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) Z:\Program Files (x86)\iTunes\iTunesHelper.exe
() Z:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Adobe Systems Incorporated) Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() Z:\xampp\xampp-control.exe
(Apache Software Foundation) Z:\xampp\apache\bin\httpd.exe
() Z:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) Z:\xampp\apache\bin\httpd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Xfire Inc.) C:\Program Files (x86)\Xfire\Xfire.exe
(Xfire Inc.) C:\Program Files (x86)\Xfire\Xfire.exe
() C:\Program Files (x86)\Xfire\xfire64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Samsung Link] => Z:\Program Files\samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-12-16] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [69632 2012-07-31] (Vodafone)
HKLM-x32\...\Run: [LWS] => Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] => Z:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] => Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-2733246317-1088891699-182487046-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7796727F-F0FD-46AE-8DB4-48D883925147}: [NameServer] 10.203.128.1 10.203.128.1
FireFox:
========
FF ProfilePath: C:\Users\Vince and Mel\AppData\Roaming\Mozilla\Firefox\Profiles\6a4e2qpg.default
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> Z:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> Z:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2733246317-1088891699-182487046-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Vince and Mel\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-17]
FF StartMenuInternet: FIREFOX.EXE - z:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor4.0; Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-06-01] ()
R2 Samsung Link Service; Z:\Program Files\samsung\Samsung Link\Samsung Link.exe [616288 2014-12-16] (Copyright 2013 SAMSUNG)
R2 TomTomHOMEService; Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2012-07-31] (Vodafone) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2013-07-05] (Advanced Micro Devices) [File not signed]
S3 etocdrv; C:\Windows\etocdrv.sys [14928 2013-04-16] (Giga-Byte Technology CO., LTD.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-07-27] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-12-11] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [297984 2013-12-11] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-03 23:15 - 2015-01-03 23:15 - 00018731 _____ () C:\Users\Vince and Mel\Desktop\FRST.txt
2015-01-03 23:11 - 2015-01-03 23:11 - 02123776 _____ (Farbar) C:\Users\Vince and Mel\Downloads\FRST64 (1).exe
2015-01-03 15:55 - 2015-01-03 15:55 - 67172832 _____ () C:\Users\Vince and Mel\Downloads\Ralink_PCIPCIe_RTxxxx.zip
2015-01-02 19:21 - 2015-01-02 19:22 - 00015872 ___SH () C:\Users\Public\Downloads\Thumbs.db
2015-01-01 13:34 - 2015-01-01 13:34 - 00000000 ____D () C:\Users\Vince and Mel\Documents\Updater
2014-12-28 22:33 - 2014-12-28 22:33 - 03053438 _____ () C:\Users\Vince and Mel\Downloads\firmware_update_vertex_plus_v3.55.zip
2014-12-28 22:33 - 2014-12-28 22:33 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\firmware_update_vertex_plus_v3.55
2014-12-28 20:45 - 2014-12-28 20:45 - 05517627 _____ () C:\Users\Vince and Mel\Downloads\OCZToolbox_v4.9.0.634_win32.zip
2014-12-28 20:45 - 2014-12-28 20:45 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\OCZToolbox_v4.9.0.634_win32
2014-12-28 20:43 - 2014-12-28 20:43 - 00000197 _____ () C:\Windows\system32\2014-12-28-20-43-25.003-AvastVBoxSVC.exe-4924.log
2014-12-26 23:46 - 2014-12-26 23:46 - 00000197 _____ () C:\Windows\system32\2014-12-26-23-46-01.000-AvastVBoxSVC.exe-5068.log
2014-12-26 23:44 - 2014-12-26 23:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 12:59 - 2014-12-23 12:59 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\upto 19-12-14
2014-12-22 22:17 - 2014-12-22 22:17 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-17-02.075-AvastVBoxSVC.exe-4544.log
2014-12-22 22:13 - 2014-12-22 22:13 - 00003204 _____ () C:\Windows\System32\Tasks\{9A59EF06-A305-4FD8-82F1-319A42A262F4}
2014-12-22 22:12 - 2014-12-22 22:12 - 00204496 _____ (Malwarebytes) C:\Users\Vince and Mel\Downloads\startuplite-setup-1.07.exe
2014-12-22 13:24 - 2014-12-22 13:24 - 00000197 _____ () C:\Windows\system32\2014-12-22-13-24-48.079-AvastVBoxSVC.exe-4516.log
2014-12-22 13:19 - 2014-12-22 13:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-13-19-59.015-AvastVBoxSVC.exe-4524.log
2014-12-22 13:13 - 2014-12-22 13:13 - 00000197 _____ () C:\Windows\system32\2014-12-22-13-13-41.013-AvastVBoxSVC.exe-4132.log
2014-12-22 12:58 - 2014-12-22 12:58 - 00000197 _____ () C:\Windows\system32\2014-12-22-12-58-12.035-AvastVBoxSVC.exe-3740.log
2014-12-22 12:53 - 2014-12-22 12:53 - 00000197 _____ () C:\Windows\system32\2014-12-22-12-53-24.022-AvastVBoxSVC.exe-3240.log
2014-12-21 20:26 - 2014-12-21 20:26 - 00000197 _____ () C:\Windows\system32\2014-12-21-20-26-11.011-AvastVBoxSVC.exe-5116.log
2014-12-21 20:17 - 2014-12-21 20:17 - 00031200 _____ () C:\ComboFix.txt
2014-12-21 19:35 - 2014-12-21 20:17 - 00000000 ____D () C:\Qoobox
2014-12-21 19:35 - 2014-12-21 20:12 - 00000000 ____D () C:\Windows\erdnt
2014-12-21 19:35 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-21 19:35 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-21 19:35 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-21 19:35 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-21 19:35 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-21 19:35 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-21 19:35 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-21 19:35 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-21 19:33 - 2014-12-21 19:33 - 05601641 ____R (Swearware) C:\Users\Vince and Mel\Desktop\ComboFix.exe
2014-12-21 19:33 - 2014-12-21 19:33 - 05601641 _____ (Swearware) C:\Users\Vince and Mel\Downloads\ComboFix.exe
2014-12-20 19:07 - 2014-12-20 19:08 - 00000197 _____ () C:\Windows\system32\2014-12-20-19-07-58.061-AvastVBoxSVC.exe-4308.log
2014-12-20 19:06 - 2015-01-03 23:15 - 00000000 ____D () C:\FRST
2014-12-20 19:05 - 2015-01-03 23:11 - 02123776 _____ (Farbar) C:\Users\Vince and Mel\Desktop\FRST64.exe
2014-12-20 19:05 - 2014-12-20 19:05 - 02122240 _____ (Farbar) C:\Users\Vince and Mel\Downloads\FRST64.exe
2014-12-20 18:05 - 2014-12-20 18:05 - 00002733 _____ () C:\Users\Vince and Mel\Desktop\eset.txt
2014-12-20 14:03 - 2014-12-20 14:02 - 844474569 _____ () C:\Users\Public\Downloads\Frozen.mp4
2014-12-20 13:34 - 2014-12-20 13:09 - 1462391641 _____ () C:\Users\Public\Downloads\Disneys Frozen Sing Along Edition.mp4
2014-12-20 13:16 - 2014-12-20 13:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-19 21:48 - 2014-12-19 21:48 - 00000337 _____ () C:\Users\Vince and Mel\Desktop\office crack instructions.txt
2014-12-19 21:48 - 2014-12-19 21:47 - 37493716 _____ () C:\Users\Vince and Mel\Desktop\office Crack.zip
2014-12-19 21:47 - 2014-12-19 21:47 - 37493716 _____ () C:\Users\Vince and Mel\Downloads\office Crack.zip
2014-12-19 01:51 - 2014-12-19 01:51 - 00002713 _____ () C:\Users\Vince and Mel\Downloads\vincesvapes.sql
2014-12-18 23:58 - 2014-12-18 23:58 - 00000197 _____ () C:\Windows\system32\2014-12-18-23-58-25.091-AvastVBoxSVC.exe-4820.log
2014-12-18 23:02 - 2014-12-18 23:02 - 00000197 _____ () C:\Windows\system32\2014-12-18-23-02-19.010-AvastVBoxSVC.exe-4100.log
2014-12-18 22:56 - 2014-12-18 22:56 - 00017013 _____ () C:\Users\Vince and Mel\AppData\Local\09CDBAC5E16344d49C9B4E37DD5AF0D4.customer 62mmnew.lbx
2014-12-18 22:52 - 2014-12-18 22:52 - 00002159 _____ () C:\Users\Vince and Mel\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-12-18 22:52 - 2014-12-18 22:52 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-18 22:51 - 2014-12-18 22:51 - 09817304 _____ () C:\Users\Vince and Mel\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-12-18 22:51 - 2014-12-18 22:51 - 09817304 _____ () C:\Users\Vince and Mel\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-12-18 22:00 - 2014-12-18 22:00 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Vince and Mel\Downloads\tdsskiller.exe
2014-12-18 22:00 - 2014-12-18 22:00 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Vince and Mel\Desktop\tdsskiller.exe
2014-12-18 21:56 - 2014-12-18 21:57 - 00048335 _____ () C:\Users\Vince and Mel\Desktop\Result.txt
2014-12-18 21:56 - 2014-12-18 21:55 - 00401920 _____ (Farbar) C:\Users\Vince and Mel\Desktop\MiniToolBox.exe
2014-12-18 21:55 - 2014-12-18 21:55 - 00401920 _____ (Farbar) C:\Users\Vince and Mel\Downloads\MiniToolBox.exe
2014-12-18 21:54 - 2014-12-18 21:54 - 00002040 _____ () C:\Users\Vince and Mel\Desktop\Rkill.txt
2014-12-18 21:53 - 2014-12-18 21:52 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Vince and Mel\Desktop\rkill.exe
2014-12-18 21:52 - 2014-12-18 21:52 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Vince and Mel\Downloads\rkill.exe
2014-12-18 18:27 - 2014-12-18 18:27 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Local\pangu
2014-12-18 18:11 - 2014-12-18 18:11 - 44435904 _____ () C:\Users\Vince and Mel\Downloads\Pangu8_v1.2.1.exe
2014-12-17 19:41 - 2014-12-17 19:41 - 00000197 _____ () C:\Windows\system32\2014-12-17-19-41-14.097-AvastVBoxSVC.exe-4828.log
2014-12-17 18:08 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 18:08 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 00:03 - 2014-12-17 00:03 - 00000197 _____ () C:\Windows\system32\2014-12-17-00-03-43.015-AvastVBoxSVC.exe-3716.log
2014-12-16 23:59 - 2014-12-16 23:59 - 00000197 _____ () C:\Windows\system32\2014-12-16-23-59-31.014-AvastVBoxSVC.exe-3360.log
2014-12-16 23:47 - 2014-12-16 23:47 - 00000197 _____ () C:\Windows\system32\2014-12-16-23-47-13.010-AvastVBoxSVC.exe-2900.log
2014-12-16 18:28 - 2014-12-16 18:28 - 25690992 _____ (Microsoft Corporation) C:\Users\Vince and Mel\Downloads\Encoder_en.exe
2014-12-16 16:05 - 2014-12-16 16:05 - 00001319 _____ () C:\DelFix.txt
2014-12-16 16:04 - 2014-12-16 16:04 - 00709564 _____ () C:\Users\Vince and Mel\Downloads\delfix_10.8.exe
2014-12-15 22:57 - 2014-12-15 22:57 - 22428317 _____ () C:\Users\Vince and Mel\Downloads\EditedComputerArithmetic1.wma
2014-12-15 18:16 - 2014-12-15 18:16 - 00001576 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-15 18:16 - 2014-12-15 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-15 18:16 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-15 18:15 - 2014-12-15 18:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 18:15 - 2014-12-15 18:16 - 00000000 ____D () C:\Program Files\iTunes
2014-12-15 18:15 - 2014-12-15 18:15 - 00000000 ____D () C:\Program Files\iPod
2014-12-15 18:15 - 2014-12-15 18:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-15 18:14 - 2014-12-15 18:14 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-15 18:14 - 2014-12-15 18:14 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-15 18:13 - 2014-12-15 18:14 - 122418480 _____ (Apple Inc.) C:\Users\Vince and Mel\Downloads\iTunes64Setup.exe
2014-12-14 10:41 - 2014-12-14 10:41 - 00256512 _____ () C:\Users\Vince and Mel\Downloads\co322-18.ppt
2014-12-14 10:41 - 2014-12-14 10:41 - 00199680 _____ () C:\Users\Vince and Mel\Downloads\co322-16.ppt
2014-12-14 10:41 - 2014-12-14 10:41 - 00159232 _____ () C:\Users\Vince and Mel\Downloads\co322-17.ppt
2014-12-14 10:40 - 2014-12-14 10:40 - 10994052 _____ () C:\Users\Vince and Mel\Downloads\set-theory-2.wma
2014-12-14 10:40 - 2014-12-14 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 10:39 - 2014-12-14 10:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 10:39 - 2014-12-14 10:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 16:26 - 2014-12-13 16:26 - 25870493 _____ () C:\Users\Vince and Mel\Downloads\Computer Arithmetic 2.wma
2014-12-13 15:32 - 2014-12-13 15:32 - 01761792 _____ () C:\Users\Vince and Mel\Downloads\co322-05.ppt
2014-12-13 15:32 - 2014-12-13 15:32 - 00736256 _____ () C:\Users\Vince and Mel\Downloads\co322-06.ppt
2014-12-11 16:50 - 2014-12-11 16:50 - 00000197 _____ () C:\Windows\system32\2014-12-11-16-50-50.099-AvastVBoxSVC.exe-4788.log
2014-12-11 03:24 - 2014-12-11 03:24 - 00000197 _____ () C:\Windows\system32\2014-12-11-03-24-18.068-AvastVBoxSVC.exe-4068.log
2014-12-11 03:15 - 2014-12-11 03:15 - 00017020 _____ () C:\Users\Vince and Mel\AppData\Local\DF1698E91ECF4238960C82433993773A.customer 62mmnew.lbx
2014-12-11 03:01 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:01 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 12:23 - 2014-12-10 12:23 - 00000000 ____D () C:\Users\Vince and Mel\Downloads\crib-sheet
2014-12-10 07:56 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:56 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:56 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:56 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:56 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:56 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:56 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:56 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:56 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:56 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:56 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:56 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:56 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:56 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:56 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:56 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:56 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:56 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:56 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:56 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:56 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:56 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:56 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:56 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:56 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:56 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:56 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:56 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:56 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:56 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:56 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:56 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:56 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:56 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:56 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:56 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:56 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:56 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:56 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:56 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:56 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:56 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:56 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:56 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:56 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:56 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:56 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:56 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:55 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:55 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:55 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:55 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:55 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:55 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:55 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:55 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:55 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:55 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:55 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:55 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:55 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:55 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:55 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:55 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:55 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:55 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:55 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:55 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:55 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:55 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:55 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 07:55 - 2013-04-09 23:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-12-10 07:55 - 2013-04-02 22:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-12-10 01:10 - 2014-12-10 01:10 - 00000247 _____ () C:\Windows\system32\2014-12-10-01-10-21.031-aswFe.exe-10676.log
2014-12-10 01:08 - 2014-12-10 01:10 - 00000247 _____ () C:\Windows\system32\2014-12-10-01-08-26.087-aswFe.exe-19124.log
2014-12-10 01:08 - 2014-12-10 01:08 - 00000197 _____ () C:\Windows\system32\2014-12-10-01-08-24.051-AvastVBoxSVC.exe-18256.log
2014-12-10 00:25 - 2014-12-10 00:26 - 00000897 _____ () C:\Users\Vince and Mel\Desktop\[000608].jpg - Shortcut.lnk
2014-12-10 00:09 - 2014-12-10 00:09 - 00000197 _____ () C:\Windows\system32\2014-12-10-00-09-07.013-AvastVBoxSVC.exe-5112.log
2014-12-09 23:43 - 2014-12-09 23:43 - 01718947 _____ () C:\Users\Vince and Mel\Downloads\emailed Final Presentation.zip
2014-12-09 16:35 - 2014-07-29 10:31 - 00017014 _____ () C:\Users\Public\Downloads\customer 62mmnew.lbx
2014-12-09 16:19 - 2014-12-09 16:19 - 00000197 _____ () C:\Windows\system32\2014-12-09-16-19-15.045-AvastVBoxSVC.exe-4836.log
2014-12-09 16:01 - 2014-12-09 16:01 - 00017028 _____ () C:\Users\Vince and Mel\AppData\Local\8746ADC3ACC2441cA14472B19534556B.customer 62mmnew.lbx
2014-12-07 23:37 - 2014-12-07 23:37 - 00000197 _____ () C:\Windows\system32\2014-12-07-23-37-53.073-AvastVBoxSVC.exe-3000.log
2014-12-07 23:28 - 2014-12-07 23:28 - 00000197 _____ () C:\Windows\system32\2014-12-07-23-28-57.028-AvastVBoxSVC.exe-4744.log
2014-12-06 17:19 - 2014-12-06 17:19 - 00000197 _____ () C:\Windows\system32\2014-12-06-17-19-34.021-AvastVBoxSVC.exe-4568.log
2014-12-05 22:10 - 2014-12-05 22:10 - 00000197 _____ () C:\Windows\system32\2014-12-05-22-10-21.069-AvastVBoxSVC.exe-4276.log
2014-12-05 22:02 - 2014-12-05 22:03 - 00000197 _____ () C:\Windows\system32\2014-12-05-22-02-56.063-AvastVBoxSVC.exe-4496.log
2014-12-04 18:13 - 2014-12-04 18:13 - 00000197 _____ () C:\Windows\system32\2014-12-04-18-13-08.056-AvastVBoxSVC.exe-5100.log
2014-12-04 17:39 - 2014-12-04 17:40 - 00000197 _____ () C:\Windows\system32\2014-12-04-17-39-39.039-AvastVBoxSVC.exe-5124.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-03 22:48 - 2013-11-17 10:40 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Skype
2015-01-03 22:40 - 2014-11-25 20:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-03 22:22 - 2014-10-06 16:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 22:19 - 2014-11-23 15:14 - 02082536 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 19:17 - 2014-06-11 21:59 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\temp
2015-01-03 18:54 - 2013-11-17 10:49 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Xfire
2015-01-03 17:35 - 2014-10-06 16:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 16:19 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 16:19 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 12:54 - 2014-04-29 23:11 - 00000600 _____ () C:\Users\Vince and Mel\AppData\Roaming\winscp.rnd
2015-01-03 11:34 - 2014-04-20 08:09 - 02238464 ___SH () C:\Users\Vince and Mel\Desktop\Thumbs.db
2015-01-02 21:55 - 2014-10-06 16:07 - 00000000 ___RD () C:\Users\Vince and Mel\Google Drive
2015-01-01 20:14 - 2009-07-14 05:13 - 00787758 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 20:13 - 2014-11-23 15:12 - 00010386 _____ () C:\Windows\setupact.log
2015-01-01 13:54 - 2013-11-17 11:15 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\vlc
2014-12-28 20:41 - 2014-11-07 16:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-28 20:41 - 2013-11-17 03:55 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-12-28 20:41 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 23:48 - 2013-11-25 10:35 - 00000000 ____D () C:\Users\Vince and Mel\Desktop\internet protection
2014-12-22 22:13 - 2013-11-19 00:05 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\uTorrent
2014-12-22 18:37 - 2014-04-27 18:42 - 00000600 _____ () C:\Users\Vince and Mel\AppData\Local\PUTTY.RND
2014-12-22 13:22 - 2013-11-17 10:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-21 20:29 - 2014-06-09 15:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-21 20:23 - 2014-11-27 19:11 - 00011080 _____ () C:\Windows\PFRO.log
2014-12-21 20:02 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-20 13:49 - 2014-01-31 19:02 - 00000000 ___RD () C:\Users\Vince and Mel\Virtual Machines
2014-12-18 23:56 - 2013-11-17 03:12 - 00126976 _____ () C:\Users\Vince and Mel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 23:56 - 2011-04-12 08:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-18 23:56 - 2009-07-14 04:45 - 00590592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-18 23:55 - 2011-04-12 08:28 - 00000000 ____D () C:\Windows\CSC
2014-12-18 23:51 - 2009-07-14 02:34 - 00000514 _____ () C:\Windows\win.ini
2014-12-18 22:52 - 2014-11-29 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-18 18:11 - 2014-06-14 01:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 16:30 - 2014-06-09 15:50 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Apple Computer
2014-12-18 14:07 - 2014-07-11 21:11 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-18 14:07 - 2014-07-11 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-17 19:45 - 2014-06-09 15:25 - 00003826 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1402327553
2014-12-16 23:50 - 2013-11-17 03:55 - 00167077 _____ () C:\Windows\SysWOW64\bios.ini
2014-12-16 23:50 - 2013-11-17 03:55 - 00000000 ____D () C:\Windows\SysWOW64\GBT_DL_OBJ
2014-12-16 18:25 - 2014-01-13 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2014-12-16 18:25 - 2013-11-17 03:19 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-12-16 16:05 - 2014-11-30 16:42 - 00000000 ____D () C:\Windows\ERUNT
2014-12-15 21:46 - 2014-10-10 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-15 21:46 - 2013-11-17 10:40 - 00000000 ____D () C:\ProgramData\Skype
2014-12-15 18:16 - 2014-06-09 15:50 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Local\Apple Computer
2014-12-15 18:15 - 2014-06-09 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-15 18:15 - 2014-06-09 15:27 - 00000000 ____D () C:\ProgramData\Apple
2014-12-13 19:44 - 2013-11-17 22:50 - 00001334 _____ () C:\Users\Vince and Mel\Desktop\ebay text.txt
2014-12-13 17:16 - 2014-06-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 09:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-13 03:00 - 2014-02-09 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-13 03:00 - 2013-11-18 16:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 03:25 - 2013-11-17 23:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 03:20 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:04 - 2013-12-17 00:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:02 - 2013-12-17 00:06 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 12:40 - 2014-11-25 20:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 12:40 - 2014-03-06 17:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 12:40 - 2014-03-06 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 00:22 - 2013-12-20 21:22 - 00000000 ____D () C:\Users\Vince and Mel\Documents\My Karaoke
2014-12-10 00:18 - 2013-11-17 02:50 - 00000000 ____D () C:\Users\Vince and Mel
2014-12-10 00:17 - 2014-02-21 20:40 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Local\Citrix
2014-12-10 00:05 - 2013-12-02 17:53 - 00000000 ___RD () C:\Users\Vince and Mel\Dropbox
2014-12-09 20:33 - 2013-12-02 17:53 - 00001039 _____ () C:\Users\Vince and Mel\Desktop\Dropbox.lnk
2014-12-09 20:33 - 2013-12-02 17:50 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-09 20:33 - 2013-12-02 17:49 - 00000000 ____D () C:\Users\Vince and Mel\AppData\Roaming\Dropbox
2014-12-09 18:38 - 2014-01-18 21:54 - 00007633 _____ () C:\Users\Vince and Mel\AppData\Local\Resmon.ResmonCfg
2014-12-09 16:22 - 2014-08-19 14:18 - 00000000 ____D () C:\Users\Public\Downloads\Camera
2014-12-05 08:42 - 2009-07-14 03:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 00:21
==================== End Of Log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Vince and Mel at 2015-01-03 23:15:44
Running from C:\Users\Vince and Mel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS B13.0910.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B13.0910.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte)
APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Address Book 1.1 (HKLM-x32\...\{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2201 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{34A9C5A8-9BB6-4C57-A0D9-1DAAE175009E}) (Version: 1.0.0070 - Brother Industries, Ltd.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.6.0 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
ConvertXtoDVD 3.1.0.18 (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.1.0.18 - )
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Dropbox (HKU\S-1-5-21-2733246317-1088891699-182487046-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 9.1.1.5 (07/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
EZSetupN B13.0628.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetupN B13.0628.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.3.0 - Greenfoot Team)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version: - )
K-Lite Codec Pack 10.6.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MakeMKV v1.8.8 (HKLM-x32\...\MakeMKV) (Version: v1.8.8 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{5677B005-B609-4B5B-9F3C-132BB085D3CF}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Power CD+G Burner (HKLM-x32\...\{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1) (Version: - Doblon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RivaTuner Statistics Server 5.1.1 (HKLM-x32\...\RTSS) (Version: 5.1.1 - Unwinder)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Link 2.0.0.1412161531 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1412161531 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games)
Sid Meier's Railroads! (x32 Version: 1.00 - Firaxis Games) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.209.40724 - Vodafone)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xfire (HKLM-x32\...\Xfire) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2733246317-1088891699-182487046-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
16-12-2014 16:05:24 End of disinfection
16-12-2014 18:25:26 Removed APP Center
17-12-2014 19:10:01 Windows Update
17-12-2014 19:38:56 Windows Update
18-12-2014 22:53:14 Tweaking.com - Windows Repair
20-12-2014 13:09:21 Installed Microsoft Fix it 50195
24-12-2014 03:00:48 Windows Update
31-12-2014 00:08:17 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2014-12-21 20:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1147C0B8-A893-4F52-9DFC-9B132A50073C} - System32\Tasks\Opera scheduled Autoupdate 1402327553 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {2EC483CA-C91D-4EA3-AE82-43234445A0B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {45192D5B-903B-416F-A0B0-6B8CDDF1CD2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5FBD3219-801B-4573-A748-B42F46F74190} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {61CD3F6F-83DD-4CDC-89EF-A9261EC74E44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {6BD3B797-EE60-4632-BD9A-B053B040D2B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {9491727D-5D95-4FAC-94E1-00D9E3DAC5E1} - System32\Tasks\{7F945BF6-B532-4131-A52B-5B321F910A7F} => pcalua.exe -a "Z:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "Z:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {974CCBDD-8A98-48CF-B708-A59F29A0A1F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {B4F44501-AF88-49BF-AFE3-681962AC2FD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06] (Google Inc.)
Task: {B7C3B0AF-15AC-43CB-A381-2F95846B74D1} - System32\Tasks\{1F3DDEC8-FCB5-4CFF-8EF7-1E3908F6EBFA} => Z:\Program Files (x86)\odbg110\OLLYDBG.EXE [2004-05-23] ()
Task: {C0E97ABA-2FE6-407E-89B2-8A7D4BDCAEA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {C6F25EBD-F2C6-4B21-8A28-43A9927BBFE5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-27] (AVAST Software)
Task: {F71B6C08-54C0-4C87-9221-440486C548B0} - System32\Tasks\{9A59EF06-A305-4FD8-82F1-319A42A262F4} => pcalua.exe -a "C:\Users\Vince and Mel\Downloads\startuplite-setup-1.07.exe" -d "C:\Users\Vince and Mel\Downloads"
Task: {F77B9417-F56D-42B7-BD90-7397A3069391} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-07 16:38 - 2014-11-12 21:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-18 15:24 - 2012-06-18 15:24 - 00222720 _____ () z:\Program Files (x86)\Notepad++\NppShell_05.dll
2005-09-09 03:24 - 2005-09-09 03:24 - 00102400 _____ () Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2013-11-17 14:31 - 2014-06-01 18:55 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-17 14:31 - 2014-06-01 18:55 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-11 21:10 - 2014-12-16 15:31 - 00025088 _____ () Z:\Program Files\samsung\Samsung Link\JniSys.dll
2014-07-11 21:10 - 2014-12-16 15:31 - 02633728 _____ () Z:\Program Files\samsung\Samsung Link\scone_proxy.dll
2014-07-11 21:10 - 2014-12-16 15:31 - 02540544 _____ () Z:\Program Files\samsung\Samsung Link\scone_stub.dll
2013-12-21 10:25 - 2013-12-21 10:25 - 00036864 _____ () C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 10:26 - 2013-12-21 10:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2014-07-11 21:10 - 2014-12-16 15:31 - 00049664 _____ () Z:\Program Files\samsung\Samsung Link\JniIO.dll
2014-12-20 19:08 - 2014-12-20 19:08 - 00669696 _____ () C:\Windows\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-20 17:27 - 2014-11-20 17:27 - 01243968 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2013-11-17 03:04 - 2013-04-11 22:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-06-13 21:02 - 2013-06-17 09:42 - 02569216 _____ () Z:\xampp\xampp-control.exe
2014-06-13 21:02 - 2014-01-14 15:54 - 10966528 _____ () z:\xampp\mysql\bin\mysqld.exe
2013-03-21 04:10 - 2013-03-21 04:10 - 00258944 _____ () C:\Program Files (x86)\Xfire\xfire64.exe
2014-12-28 19:46 - 2014-12-28 19:46 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122801\algo.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-03 16:55 - 2015-01-03 16:55 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010301\algo.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL
2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2014-11-27 19:09 - 2014-11-27 19:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () Z:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-06-13 21:02 - 2014-03-11 20:01 - 00217600 _____ () z:\xampp\apache\bin\pcre.dll
2014-06-13 21:02 - 2014-04-08 23:21 - 00128512 _____ () Z:\xampp\php\libpq.dll
2014-06-13 21:02 - 2014-03-11 20:01 - 00217600 _____ () Z:\xampp\apache\bin\pcre.dll
2013-11-17 03:01 - 2013-04-11 15:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-02 19:52 - 2015-01-02 19:52 - 00098816 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32api.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00110080 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\pywintypes27.dll
2015-01-02 19:52 - 2015-01-02 19:52 - 00364544 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\pythoncom27.dll
2015-01-02 19:52 - 2015-01-02 19:52 - 00045568 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\_socket.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 01160704 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\_ssl.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00320512 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32com.shell.shell.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00713216 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\_hashlib.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 01175040 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._core_.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00805888 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._gdi_.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00811008 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._windows_.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 01062400 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._controls_.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00735232 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._misc_.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00128512 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\_elementtree.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00127488 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\pyexpat.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00557056 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\pysqlite2._sqlite.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00087552 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\_ctypes.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00119808 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32file.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00108544 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32security.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00007168 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\hashobjs_ext.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00167936 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32gui.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00018432 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32event.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00038912 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32inet.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00011264 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32crypt.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00070656 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._html2.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00027136 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\_multiprocessing.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00035840 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32process.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00686080 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\unicodedata.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00122368 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._wizard.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00024064 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32pipe.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00025600 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32pdh.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00525640 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\windows._lib_cacheinvalidation.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00010240 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\select.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00017408 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32profile.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00022528 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\win32ts.pyd
2015-01-02 19:52 - 2015-01-02 19:52 - 00078336 _____ () C:\Users\Vince and Mel\AppData\Local\Temp\_MEI375282\wx._animate.pyd
2013-11-11 18:48 - 2013-11-11 18:48 - 00113664 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 02342912 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00246784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00079360 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 02029568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00100352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00258560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00076288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00061440 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00465920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00719872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00114688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00039936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00136704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 01449472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00300032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 01283584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00056320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00048128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00350720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00144896 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 01723904 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 11749888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00049152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00066048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00057856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00049664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00047104 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00085504 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00192512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00091136 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00068096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2013-11-11 18:48 - 2013-11-11 18:48 - 00077824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00292864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 01297920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00359424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00209408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00049152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 01385472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00130560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00183808 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00073728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 01518592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00035328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2013-11-11 18:49 - 2013-11-11 18:49 - 00046080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
========================= Accounts: ==========================
Administrator (S-1-5-21-2733246317-1088891699-182487046-500 - Administrator - Disabled)
Guest (S-1-5-21-2733246317-1088891699-182487046-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2733246317-1088891699-182487046-1006 - Limited - Enabled)
Vince and Mel (S-1-5-21-2733246317-1088891699-182487046-1000 - Administrator - Enabled) => C:\Users\Vince and Mel
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/03/2015 07:20:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 4.0.0.0, time stamp: 0x43215edf
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000332b0
Faulting process id: 0x9074
Faulting application start time: 0xPhotoshopElementsEditor.exe0
Faulting application path: PhotoshopElementsEditor.exe1
Faulting module path: PhotoshopElementsEditor.exe2
Report Id: PhotoshopElementsEditor.exe3
Error: (01/02/2015 02:05:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/31/2014 00:12:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/29/2014 11:51:56 PM) (Source: gadjservice) (EventID: 0) (User: )
Description: gadjservice Get time form NTP server fail.
Error: (12/29/2014 01:19:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/28/2014 11:41:35 PM) (Source: gadjservice) (EventID: 0) (User: )
Description: gadjservice Get time form NTP server fail.
Error: (12/28/2014 10:20:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OCZToolbox.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 25a8
Start Time: 01d022df401110f1
Termination Time: 4678
Application Path: C:\Users\Vince and Mel\Downloads\OCZToolbox_v4.9.0.634_win32\OCZToolbox_v4.9.0.634_win32\OCZToolbox.exe
Report Id: c0d8d32a-8edf-11e4-ba75-94de80c6bd4b
Error: (12/27/2014 01:26:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/24/2014 11:51:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/23/2014 03:49:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/03/2015 08:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (01/03/2015 08:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (01/03/2015 08:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (01/03/2015 08:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (01/03/2015 08:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (01/03/2015 08:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (01/03/2015 07:49:11 PM) (Source: DCOM) (EventID: 10016) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (01/03/2015 07:46:56 PM) (Source: DCOM) (EventID: 10016) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (01/03/2015 07:46:30 PM) (Source: DCOM) (EventID: 10016) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Error: (01/03/2015 07:45:52 PM) (Source: DCOM) (EventID: 10016) (User: Mup-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Mup-PCVince and MelS-1-5-21-2733246317-1088891699-182487046-1000LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-21 19:58:22.032
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-12-21 19:58:22.017
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 16269.49 MB
Available physical RAM: 11008.87 MB
Total Pagefile: 20363.67 MB
Available Pagefile: 14405.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:15.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Pictures and Films) (Fixed) (Total:292.97 GB) (Free:37.77 GB) NTFS
Drive g: (Software) (Fixed) (Total:390.62 GB) (Free:201.06 GB) NTFS
Drive z: (Installs) (Fixed) (Total:488.28 GB) (Free:282.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 336F127B)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3D937C41)
Partition: GPT Partition Type.
==================== End Of Log ============================
Thanks Juliet for looking again, and Happy new year to you
Thank you!
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-2733246317-1088891699-182487046-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~
Download CKScanner by askey127 from HERE (http://downloads.malwareremoval.com/CKScanner.exe)
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Vince and Mel at 2015-01-04 09:30:11 Run:2
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-2733246317-1088891699-182487046-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2733246317-1088891699-182487046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKU\S-1-5-21-2733246317-1088891699-182487046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) => Error: No automatic fix found for this entry.
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 2.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 09:30:22 ====
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\fx\smoke\jeepride_crack_smoke.efx
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\materials\ch_asphaltcracks01
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\materials\ch_asphaltcracks01_dec
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\materials\me_decal_cracks_01
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\material_properties\ch_asphaltcracks01
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\material_properties\ch_asphaltcracks01_dec
c:\program files (x86)\activision\call of duty 4 - modern warfare\raw\material_properties\me_decal_cracks_01
scanner sequence 3.FA.11.KMAAM0
----- EOF -----
I had an error here, the below outdated Java updates need to be removed through add/remove programs list.
Java 7 Update 71
Java SE Development Kit 7 Update 45
Almost afraid to ask but, how's the computer now?
thought I would leave it a few hours to see what the Iexplorer does.
It crept up to 300,000+ with 3 tabs. I closed them all (except this one) and its currently 200,000+ with 97 processes.
I have already got the servers working on the other PC (albeit slow), and have just backed what I hope to be all essential data.
I made use of and offer at... dare I say it... PC world :eek: on another SSD.
http://www.pcworld.co.uk/gbuk/components-upgrades/internal-hard-drives/solid-state-drives/ocz-arc-100-series-2-5-internal-ssd-240-gb-10100705-pdt.html
Ill use the 120 in this one to upgrade the slower PC downstairs.
Ill report back when I'm back up again.
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.