Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Problems with popus etc [Closed]


  • This topic is locked This topic is locked
22 replies to this topic

#1 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 01 September 2014 - 04:23 PM

Hi.  Been having problems with pop ups of late.  Get new pages opening up, also the one that lists the 855-412-1786 number.  As well as worldwidewebcoupons showing up in searches and pop us.  Here is my hijack this log.
 
Thanks.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:17:23 PM, on 9/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\raypahl\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cdloader] "C:\Users\raypahl\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [736701A46C7D59E46F8F7D9F95111119F406C6DA._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\RunOnce: [Application Restart #5] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app" --flag-switches-begin --enable-experimental-extension-apis --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94FA59CE-8C9A-4984-B67B-149BBF13BD4C}: NameServer = 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 17185 bytes

    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 02 September 2014 - 05:58 AM

Hello mommajayne, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 03 September 2014 - 12:08 PM

Thanks so much Adam, my name is Deb.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by raypahl (administrator) on RAYPAHL-PC on 03-09-2014 12:52:10
Running from C:\Users\raypahl\Desktop
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915000 2009-01-08] (Hewlett-Packard)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2009-03-06] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [463360 2009-01-28] (IDT, Inc.)
HKLM-x32\...\Run: [DVDAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [202024 2009-05-11] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-01-13] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [484408 2009-01-23] (Hewlett-Packard)
HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-29] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [cdloader] => C:\Users\raypahl\AppData\Roaming\mjusbsp\cdloader2.exe [50520 2009-08-01] (magicJack L.P.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-15] (Google Inc.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-18] (Electronic Arts)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [736701A46C7D59E46F8F7D9F95111119F406C6DA._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {6463d860-7665-11de-9a1c-00235aa2c19d} - G:\autorun.exe
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {edf1cabe-19b1-11df-b12b-00235aa2c19d} - G:\laucher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://groovorio.com...r=825122000&ir=
SearchScopes: HKLM - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://start.mysearc...r=875945969&ir=
SearchScopes: HKLM-x32 - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {E4F9E70D-278C-4DF1-9FC5-BE3696B95E75} URL = http://websearch.ask...5A-4FFF2E2DCE65
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{94FA59CE-8C9A-4984-B67B-149BBF13BD4C}: [NameServer] 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.facebook.com/", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (YouTube) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-15]
CHR Extension: (Google Search) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-15]
CHR Extension: (Bamboo Spear) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakplngdcboeilofopihpjnoeclenhmn [2014-06-09]
CHR Extension: (ForMATsConnverte) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikibmcaiaglfhgchhnjcnngloanbafb [2014-04-14]
CHR Extension: (Zoominto) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnkoafephiilajeompiffeohpcloapob [2014-07-03]
CHR Extension: (AdBlock) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-31]
CHR Extension: (Norton Identity Safe) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-18]
CHR Extension: (Norton Identity Protection) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-13]
CHR Extension: (Google Wallet) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-15]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\raypahl\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [88576 2008-11-17] (Andrea Electronics Corporation)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe [290304 2009-01-28] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-10] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-20] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\ENG64.SYS [129752 2014-08-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\EX64.SYS [2137304 2014-08-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-07-23] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 12:52 - 2014-09-03 12:53 - 00033709 _____ () C:\Users\raypahl\Desktop\FRST.txt
2014-09-03 12:51 - 2014-09-03 12:52 - 00000000 ____D () C:\FRST
2014-09-03 12:50 - 2014-09-03 12:50 - 02104832 _____ (Farbar) C:\Users\raypahl\Desktop\frst64.exe
2014-09-03 12:49 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Desktop\tdsskiller.exe
2014-09-03 12:48 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Downloads\tdsskiller.exe
2014-09-01 17:17 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis901.txt
2014-09-01 17:16 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis.log
2014-09-01 16:23 - 2014-09-01 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (2).exe
2014-09-01 16:21 - 2014-09-01 16:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (1).exe
2014-08-29 03:02 - 2014-08-22 20:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 03:02 - 2014-08-22 19:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:02 - 2014-08-22 18:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 23:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 23:08 - 2014-08-28 23:22 - 00000000 ____D () C:\AdwCleaner
2014-08-25 22:22 - 2014-08-25 22:22 - 00000004 _____ () C:\Users\raypahl\AppData\Roaming\appdataFr2.bin
2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe
2014-08-25 17:11 - 2014-08-25 17:11 - 04814696 _____ (Piriform Ltd) C:\Users\raypahl\Downloads\ccsetup416pro.exe
2014-08-25 16:46 - 2014-09-02 05:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 16:45 - 2014-08-31 07:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 16:45 - 2014-08-25 16:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 16:45 - 2014-08-25 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-25 16:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-25 16:30 - 2014-08-25 16:30 - 00020212 _____ () C:\Users\raypahl\Downloads\hijackthis.log
2014-08-25 16:28 - 2014-08-25 16:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Desktop\HijackThis.exe
2014-08-22 09:09 - 2014-08-22 09:17 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater
2014-08-22 09:01 - 2014-08-22 09:02 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe
2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe
2014-08-18 08:23 - 2014-08-18 08:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-08-16 03:04 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:04 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:04 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:04 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:04 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:04 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:04 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:03 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 18:11 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 18:11 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 18:11 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 18:11 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 18:11 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 18:11 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 18:11 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 18:11 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 18:11 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 18:11 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 18:11 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 18:11 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 18:11 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 18:11 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 18:11 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 18:11 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 18:11 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 18:11 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 18:11 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 18:11 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 18:11 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 18:11 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-15 18:11 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 18:11 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 18:11 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-15 18:11 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-15 18:11 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 18:10 - 2014-07-07 20:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 18:10 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 18:10 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 18:10 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 17:56 - 2014-06-02 16:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 17:56 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 17:56 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 17:56 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 17:56 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 17:56 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 17:56 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 17:56 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-11 05:46 - 2014-08-25 21:35 - 00000000 ____D () C:\ProgramData\GetDiscountApp
2014-08-07 13:48 - 2014-08-07 13:48 - 00000000 ____D () C:\Users\raypahl\Documents\My Scans
2014-08-05 03:32 - 2014-08-05 03:32 - 00000000 ____D () C:\Users\raypahl\Downloads\ge
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 12:53 - 2014-09-03 12:52 - 00033709 _____ () C:\Users\raypahl\Desktop\FRST.txt
2014-09-03 12:53 - 2012-08-15 05:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 12:52 - 2014-09-03 12:51 - 00000000 ____D () C:\FRST
2014-09-03 12:50 - 2014-09-03 12:50 - 02104832 _____ (Farbar) C:\Users\raypahl\Desktop\frst64.exe
2014-09-03 12:48 - 2014-09-03 12:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Desktop\tdsskiller.exe
2014-09-03 12:48 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Downloads\tdsskiller.exe
2014-09-03 12:42 - 2012-03-30 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 11:15 - 2011-09-30 18:25 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-09-03 11:14 - 2014-05-02 08:06 - 00003702 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63273914-070F-423C-8DEA-C435739090F0}
2014-09-03 11:08 - 2011-09-30 18:26 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\ID Vault
2014-09-03 11:07 - 2009-07-29 09:34 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-03 11:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:04 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 06:37 - 2009-06-13 22:34 - 01494615 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 06:18 - 2012-08-15 05:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 05:41 - 2014-08-25 16:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 17:17 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis901.txt
2014-09-01 17:17 - 2014-09-01 17:16 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis.log
2014-09-01 16:43 - 2013-12-22 21:34 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\PhotoScape
2014-09-01 16:42 - 2011-10-05 06:39 - 00000000 ____D () C:\Users\raypahl\AppData\Local\CrashDumps
2014-09-01 16:36 - 2013-10-18 22:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-01 16:36 - 2009-03-06 02:08 - 00003584 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-09-01 16:34 - 2013-12-22 22:18 - 00000000 ___RD () C:\Users\raypahl\Google Drive
2014-09-01 16:34 - 2011-09-30 18:26 - 00000000 ____D () C:\ID Vault
2014-09-01 16:30 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 16:29 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\security
2014-09-01 16:28 - 2009-03-06 00:13 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-09-01 16:28 - 2006-11-02 10:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-01 16:23 - 2014-09-01 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (2).exe
2014-09-01 16:21 - 2014-09-01 16:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (1).exe
2014-08-31 07:46 - 2014-08-25 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 08:07 - 2011-10-30 10:04 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\HpUpdate
2014-08-29 03:21 - 2006-11-02 10:21 - 00324312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 23:30 - 2011-09-30 18:26 - 00000000 ____D () C:\Users\raypahl\AppData\Local\ID Vault
2014-08-28 23:22 - 2014-08-25 23:08 - 00000000 ____D () C:\AdwCleaner
2014-08-25 23:39 - 2009-07-21 21:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-08-25 22:22 - 2014-08-25 22:22 - 00000004 _____ () C:\Users\raypahl\AppData\Roaming\appdataFr2.bin
2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe
2014-08-25 21:52 - 2012-03-30 23:58 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-25 21:52 - 2012-03-30 23:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 21:52 - 2011-09-30 18:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-25 21:35 - 2014-08-11 05:46 - 00000000 ____D () C:\ProgramData\GetDiscountApp
2014-08-25 21:27 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Provisioning
2014-08-25 21:22 - 2014-07-05 15:25 - 00000000 ____D () C:\ProgramData\RoyaalShopperApp
2014-08-25 21:22 - 2014-05-21 06:01 - 00000000 ____D () C:\ProgramData\LuucakySShoPppEr
2014-08-25 18:56 - 2014-03-17 12:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-25 18:53 - 2011-10-12 14:02 - 00000000 ____D () C:\Windows\Minidump
2014-08-25 18:53 - 2009-03-06 01:34 - 00000000 ____D () C:\Windows\panther
2014-08-25 18:47 - 2013-10-18 22:46 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-25 18:47 - 2013-10-18 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-25 17:11 - 2014-08-25 17:11 - 04814696 _____ (Piriform Ltd) C:\Users\raypahl\Downloads\ccsetup416pro.exe
2014-08-25 16:45 - 2014-08-25 16:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 16:45 - 2014-08-25 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:45 - 2013-10-18 22:47 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\Malwarebytes
2014-08-25 16:45 - 2013-10-18 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-25 16:30 - 2014-08-25 16:30 - 00020212 _____ () C:\Users\raypahl\Downloads\hijackthis.log
2014-08-25 16:30 - 2009-07-21 13:22 - 00000000 ____D () C:\Users\raypahl\AppData\Local\VirtualStore
2014-08-25 16:29 - 2014-08-25 16:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Desktop\HijackThis.exe
2014-08-23 08:01 - 2009-03-06 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-22 20:49 - 2012-08-15 05:39 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 20:48 - 2012-08-15 05:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-22 20:48 - 2012-08-15 05:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-22 20:05 - 2014-08-29 03:02 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:42 - 2014-08-29 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:38 - 2014-08-29 03:02 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 09:34 - 2009-07-21 13:29 - 00079888 _____ () C:\Users\raypahl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-22 09:17 - 2014-08-22 09:09 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater
2014-08-22 09:02 - 2014-08-22 09:01 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe
2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe
2014-08-18 08:23 - 2014-08-18 08:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-08-18 08:15 - 2013-07-11 04:21 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-18 08:15 - 2011-10-07 07:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-18 08:14 - 2013-12-12 05:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-08-18 08:14 - 2011-10-07 07:08 - 00002174 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-08-16 04:24 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-08-16 04:08 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 03:59 - 2009-03-06 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-16 03:31 - 2013-08-14 03:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:22 - 2006-11-02 07:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-08 03:19 - 2013-08-24 14:09 - 00000000 ____D () C:\Users\raypahl\Documents\deb
2014-08-07 13:48 - 2014-08-07 13:48 - 00000000 ____D () C:\Users\raypahl\Documents\My Scans
2014-08-05 03:32 - 2014-08-05 03:32 - 00000000 ____D () C:\Users\raypahl\Downloads\ge
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-02 04:45
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by raypahl at 2014-09-03 12:54:14
Running from C:\Users\raypahl\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CallAtlanta (HKLM-x32\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.425.1 - Comcast)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2512 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
ENE CIR Receiver Driver (12/30/2008 2.7.2.0) (HKLM\...\703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91) (Version: 12/30/2008 2.7.2.0 - ENE)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2829 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.2.2829 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{0BC595C4-F736-4EB4-A1C0-32C7E81800F0}) (Version: 2.1.10 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1709 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.1.1709 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.2.1621 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.2.1621 - Hewlett-Packard) Hidden
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0135 (HKLM-x32\...\{372ED957-0FB5-487B-B51A-388B3D393F7A}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{462DED50-EC2E-4237-ABCF-B5C463C0EE51}) (Version: 3.50.3.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6146.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 12 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1312 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1312 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2512 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2512 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2512 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wiliper (x32 Version: 012.000.1498 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.31 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinTOTAL (HKLM-x32\...\{0A482964-EC0F-4E65-A51E-CC42CEBD2E58}) (Version:  - )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
22-06-2014 15:11:34 Scheduled Checkpoint
23-06-2014 20:48:58 Scheduled Checkpoint
05-07-2014 23:09:26 Scheduled Checkpoint
06-07-2014 14:54:48 Scheduled Checkpoint
09-07-2014 08:00:15 Windows Update
26-07-2014 08:00:47 Windows Update
13-08-2014 02:00:35 Scheduled Checkpoint
14-08-2014 05:00:02 Scheduled Checkpoint
16-08-2014 03:21:21 Scheduled Checkpoint
16-08-2014 08:00:29 Windows Update
16-08-2014 23:23:07 Scheduled Checkpoint
22-08-2014 16:22:09 Scheduled Checkpoint
23-08-2014 12:57:06 Installed HP Update.
26-08-2014 03:00:05 Removed Ask Toolbar
26-08-2014 03:02:21 Removed Ask Toolbar
26-08-2014 04:32:54 Removed Juno Preloader
26-08-2014 04:34:59 Removed NetZero Preloader
29-08-2014 08:00:18 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FFABCD4-278F-42C5-B6B8-107B8E0BD779} - \MySearchDial No Task File <==== ATTENTION
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1E47DECC-A445-437E-BA49-BF68A0FE709D} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2676CF9D-8246-4E69-9166-E93FAAEF4707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25] (Adobe Systems Incorporated)
Task: {26A14F59-C4B7-4635-B55E-D549FC37A5F6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {29F9C852-B915-4224-BCE9-CDDE1720D11E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {53AE83B5-2779-48D8-9291-D9D25528EF92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E74CFCE-FF9D-417D-9884-56337FA84896} - System32\Tasks\HPCeeScheduleForraypahl => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {7270E50C-102D-4B33-907A-B441C7D003B6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {72735A21-F669-4478-AE2E-E5032437DA55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {7AE1E7BC-FB9F-4ECA-90D9-07B5675C3513} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7F356BA2-6175-4E85-B1AA-6A9A6529A56A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {9CCC667C-EEF3-4029-8EE4-EE411D4E7A07} - \Groovorio Updater No Task File <==== ATTENTION
Task: {C4A2780D-68B8-4F95-A118-6E5DD88047E0} - System32\Tasks\NetworkWizardHNW => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-12-17] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F1351889-C902-458D-940D-9EEB132FCC88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForraypahl.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\updaterex.job => C:\Users\raypahl\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2009-03-06 02:02 - 2008-12-23 19:18 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2009-03-06 01:55 - 2008-11-25 18:29 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2008-11-26 19:13 - 2008-11-26 19:13 - 00296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2008-11-26 19:13 - 2008-11-26 19:13 - 00116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2008-11-26 19:12 - 2008-11-26 19:12 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-04-14 14:41 - 2014-04-14 14:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-06 02:02 - 2008-12-23 19:18 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2009-03-06 01:55 - 2008-11-25 18:29 - 00034088 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2008-11-26 19:13 - 2008-11-26 19:13 - 00263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2008-11-26 19:13 - 2008-11-26 19:13 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-04-28 15:32 - 2014-04-28 15:32 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
2008-11-26 19:13 - 2008-11-26 19:13 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2009-04-29 22:11 - 2009-04-29 22:11 - 00906536 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-09-01 16:33 - 2014-09-01 16:33 - 00098816 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32api.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00110080 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pywintypes27.dll
2014-09-01 16:33 - 2014-09-01 16:33 - 00364544 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pythoncom27.dll
2014-09-01 16:33 - 2014-09-01 16:33 - 00044032 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_socket.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 01157120 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_ssl.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00320512 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32com.shell.shell.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00712192 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_hashlib.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 01175040 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._core_.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00805888 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._gdi_.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00811008 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._windows_.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 01062400 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._controls_.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00735232 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._misc_.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00128512 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_elementtree.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00127488 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pyexpat.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00557056 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\pysqlite2._sqlite.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00087040 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_ctypes.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00119808 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32file.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00108544 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32security.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00018432 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32event.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00038912 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32inet.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00122368 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._wizard.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00070656 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\wx._html2.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00026624 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\_multiprocessing.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00010240 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\select.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00024064 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32pipe.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00686080 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\unicodedata.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00025600 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32pdh.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00525640 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\windows._lib_cacheinvalidation.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00011264 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32crypt.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00035840 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32process.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00017408 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32profile.pyd
2014-09-01 16:33 - 2014-09-01 16:33 - 00022528 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI22322\win32ts.pyd
2014-08-22 20:48 - 2014-08-06 22:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-22 20:49 - 2014-08-06 22:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-22 20:48 - 2014-08-06 22:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-22 20:48 - 2014-08-06 22:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2014 00:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1208
Start Time: 01cfc632cf500093
Termination Time: 20
 
Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9531
 
Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9531
 
Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8517
 
Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8517
 
Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7238
 
Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7238
 
Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/01/2014 04:35:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053
 
Error: (09/01/2014 04:35:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0
 
Error: (09/01/2014 04:33:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
 
Error: (09/01/2014 04:27:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (09/01/2014 06:11:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Wlansvc
 
Error: (08/31/2014 04:24:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Wlansvc
 
Error: (08/29/2014 07:21:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (08/29/2014 06:06:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Wlansvc
 
Error: (08/29/2014 03:24:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
 
Error: (08/29/2014 02:20:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (09/03/2014 00:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.143120801cfc632cf50009320
 
Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9531
 
Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9531
 
Error: (09/03/2014 07:28:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8517
 
Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8517
 
Error: (09/03/2014 07:28:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7238
 
Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7238
 
Error: (09/03/2014 07:28:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-03 12:54:00.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:59.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:59.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:58.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:57.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:57.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:56.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:56.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:14.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-03 12:53:14.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 3998.02 MB
Available physical RAM: 1418.57 MB
Total Pagefile: 8205.32 MB
Available Pagefile: 4594.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.13 GB) (Free:165.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:2.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 636BBFB1)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
12:58:11.0373 0x0778  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:58:34.0821 0x0778  ============================================================
12:58:34.0821 0x0778  Current date / time: 2014/09/03 12:58:34.0821
12:58:34.0821 0x0778  SystemInfo:
12:58:34.0821 0x0778  
12:58:34.0821 0x0778  OS Version: 6.0.6002 ServicePack: 2.0
12:58:34.0821 0x0778  Product type: Workstation
12:58:34.0822 0x0778  ComputerName: RAYPAHL-PC
12:58:34.0822 0x0778  UserName: raypahl
12:58:34.0822 0x0778  Windows directory: C:\Windows
12:58:34.0822 0x0778  System windows directory: C:\Windows
12:58:34.0822 0x0778  Running under WOW64
12:58:34.0823 0x0778  Processor architecture: Intel x64
12:58:34.0823 0x0778  Number of processors: 2
12:58:34.0823 0x0778  Page size: 0x1000
12:58:34.0823 0x0778  Boot type: Normal boot
12:58:34.0823 0x0778  ============================================================
12:58:37.0027 0x0778  KLMD registered as C:\Windows\system32\drivers\57894042.sys
12:58:37.0711 0x0778  System UUID: {2C06340C-1871-839E-49B6-F91EF120444B}
12:58:39.0023 0x0778  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:58:39.0041 0x0778  ============================================================
12:58:39.0041 0x0778  \Device\Harddisk0\DR0:
12:58:39.0041 0x0778  MBR partitions:
12:58:39.0041 0x0778  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38844800
12:58:39.0041 0x0778  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38845000, BlocksNum 0x1B3F800
12:58:39.0041 0x0778  ============================================================
12:58:39.0062 0x0778  C: <-> \Device\Harddisk0\DR0\Partition1
12:58:39.0138 0x0778  D: <-> \Device\Harddisk0\DR0\Partition2
12:58:39.0138 0x0778  ============================================================
12:58:39.0138 0x0778  Initialize success
12:58:39.0138 0x0778  ============================================================
12:59:06.0792 0x18ec  ============================================================
12:59:06.0793 0x18ec  Scan started
12:59:06.0793 0x18ec  Mode: Manual; TDLFS; 
12:59:06.0793 0x18ec  ============================================================
12:59:06.0793 0x18ec  KSN ping started
12:59:08.0699 0x18ec  KSN ping finished: true
12:59:10.0304 0x18ec  ================ Scan system memory ========================
12:59:10.0304 0x18ec  System memory - ok
12:59:10.0305 0x18ec  ================ Scan services =============================
12:59:10.0527 0x18ec  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
12:59:10.0531 0x18ec  Accelerometer - ok
12:59:10.0658 0x18ec  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:59:10.0682 0x18ec  ACPI - ok
12:59:10.0912 0x18ec  [ F4BF3ADDDDC1AD372604F13C2B0C1F65, FA37ED5014336A72F778C485226B61BEFECEB861AB754862738795C167F0BAB7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:59:10.0924 0x18ec  AdobeFlashPlayerUpdateSvc - ok
12:59:10.0983 0x18ec  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:59:11.0004 0x18ec  adp94xx - ok
12:59:11.0033 0x18ec  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:59:11.0049 0x18ec  adpahci - ok
12:59:11.0080 0x18ec  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:59:11.0086 0x18ec  adpu160m - ok
12:59:11.0120 0x18ec  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:59:11.0129 0x18ec  adpu320 - ok
12:59:11.0169 0x18ec  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:59:11.0171 0x18ec  AeLookupSvc - ok
12:59:11.0297 0x18ec  [ 9CAC9E19D71E4AF99920FCC3ECA0E3F1, EB18D19783D724472280B46803FA9CAFEB1826975240D35D43738B42C56802FD ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
12:59:11.0303 0x18ec  AESTFilters - ok
12:59:11.0384 0x18ec  [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] AFD             C:\Windows\system32\drivers\afd.sys
12:59:11.0406 0x18ec  AFD - ok
12:59:11.0458 0x18ec  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:59:11.0463 0x18ec  agp440 - ok
12:59:11.0507 0x18ec  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:59:11.0513 0x18ec  aic78xx - ok
12:59:11.0545 0x18ec  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
12:59:11.0550 0x18ec  ALG - ok
12:59:11.0585 0x18ec  [ E0CA5BB8E6C79533DC6B1DA7361A201E, 8AD71C49E520E0CD0A1B4F840DB77D373AD3A5F59B30B22FE0A1DF2043805168 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:59:11.0587 0x18ec  aliide - ok
12:59:11.0601 0x18ec  [ 7034F8D1B9703D711D3F92C95DEB377D, 5FD6F929226B81899DA57C0D40CCAB5B6D24FC913E3783236809B6110E8061B5 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:59:11.0603 0x18ec  amdide - ok
12:59:11.0635 0x18ec  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:59:11.0639 0x18ec  AmdK8 - ok
12:59:11.0693 0x18ec  [ 71AFF825B960731E2AE366467BC0D1F3, 7F783B2FC6EE92A80E8749C7B8B0DD08F1FF00788D4CEBD5BF36370DF43E8ED1 ] Amfilter        C:\Windows\system32\DRIVERS\Amfltx64.sys
12:59:11.0695 0x18ec  Amfilter - ok
12:59:11.0729 0x18ec  [ 8F1DB3D133197AFFA3A721953EB0988C, 22A348AEAED22DDA843142F7D96DFA39C44BED3DEBD9955911D19D165E0A6F05 ] Amusbprt        C:\Windows\system32\DRIVERS\Amusbx64.sys
12:59:11.0731 0x18ec  Amusbprt - ok
12:59:11.0803 0x18ec  [ E531B633B2C92F8E09122BA20E31CE86, 74E492BC12A8AC15AB0ABED3EFE9A6F09CCE53EF53C08104EC74CE523F8DC959 ] AntiLog32       C:\Windows\system32\drivers\AntiLog64.sys
12:59:11.0807 0x18ec  AntiLog32 - ok
12:59:11.0869 0x18ec  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo         C:\Windows\System32\appinfo.dll
12:59:11.0873 0x18ec  Appinfo - ok
12:59:12.0003 0x18ec  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:59:12.0006 0x18ec  Apple Mobile Device - ok
12:59:12.0031 0x18ec  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
12:59:12.0036 0x18ec  arc - ok
12:59:12.0063 0x18ec  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:59:12.0068 0x18ec  arcsas - ok
12:59:12.0204 0x18ec  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:59:12.0257 0x18ec  aspnet_state - ok
12:59:12.0301 0x18ec  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:59:12.0303 0x18ec  AsyncMac - ok
12:59:12.0341 0x18ec  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
12:59:12.0343 0x18ec  atapi - ok
12:59:12.0478 0x18ec  [ 8AAB1125385D6C2F0D2795D143118383, 8FBD2F92DEF852CA1F1DFB7FBC12EF4CD50D744BEB89A0AC1AEF9377554D2390 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:59:12.0558 0x18ec  athr - ok
12:59:12.0642 0x18ec  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:59:12.0664 0x18ec  AudioEndpointBuilder - ok
12:59:12.0706 0x18ec  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:59:12.0728 0x18ec  AudioSrv - ok
12:59:12.0810 0x18ec  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
12:59:12.0832 0x18ec  BFE - ok
12:59:13.0099 0x18ec  [ F0F1D0C0854978F9187EAA047E407EE6, C90B529F8A11F48C353450E932C85BEE3158E2E34A270A3676F4BE367DDBCAF1 ] BHDrvx64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys
12:59:13.0189 0x18ec  BHDrvx64 - ok
12:59:13.0211 0x1844  Object required for P2P: [ 9D41C435619733B34CC16A511E644B11 ] arcsas
12:59:13.0315 0x18ec  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\System32\qmgr.dll
12:59:13.0362 0x18ec  BITS - ok
12:59:13.0437 0x18ec  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:59:13.0441 0x18ec  blbdrive - ok
12:59:13.0565 0x18ec  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:59:13.0591 0x18ec  Bonjour Service - ok
12:59:13.0638 0x18ec  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:59:13.0644 0x18ec  bowser - ok
12:59:13.0697 0x18ec  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:59:13.0700 0x18ec  BrFiltLo - ok
12:59:13.0709 0x1844  Object send P2P result: true
12:59:13.0726 0x18ec  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:59:13.0728 0x18ec  BrFiltUp - ok
12:59:13.0768 0x18ec  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
12:59:13.0775 0x18ec  Browser - ok
12:59:13.0824 0x18ec  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
12:59:13.0831 0x18ec  Brserid - ok
12:59:13.0862 0x18ec  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:59:13.0867 0x18ec  BrSerWdm - ok
12:59:13.0890 0x18ec  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:59:13.0893 0x18ec  BrUsbMdm - ok
12:59:13.0929 0x18ec  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
12:59:13.0932 0x18ec  BrUsbSer - ok
12:59:13.0988 0x18ec  [ 471FF09330A53177BBE9FD6DDF8A8259, 6A0FAF219B1849EFF8CCCCD3700BD45DEF34426DA288297124EF4429A9734246 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
12:59:13.0992 0x18ec  BthEnum - ok
12:59:14.0036 0x18ec  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:59:14.0040 0x18ec  BTHMODEM - ok
12:59:14.0093 0x18ec  [ BEFC5311736B475AC5B60C14FF7C775A, 8B9BF5486B09E10361E8C412481E684CD1B03B5C06023AD9B7C29553D51F0455 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:59:14.0103 0x18ec  BthPan - ok
12:59:14.0198 0x18ec  [ 7D104F22C04A76F0D2F96F789AC07FCB, 0D3DD1729334AC439F965E103F2C713BA3DEBCF897CAD5E9BD8BB546464B8A14 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:59:14.0250 0x18ec  BTHPORT - ok
12:59:14.0325 0x18ec  [ 22E65FFD640F16968F855F5B3528D366, 6EF7FC170E2533BD7BFF0125391757E27E3D5F05EDE1A986E4295CDCD2D9B197 ] BthServ         C:\Windows\System32\bthserv.dll
12:59:14.0329 0x18ec  BthServ - ok
12:59:14.0354 0x18ec  [ D9324F0C142267961CE900BFC3798BB1, FFAF2ABD81635BB42D0325F1CAAD148A58DFFF5573E31306D98E1B3F3735D698 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:59:14.0357 0x18ec  BTHUSB - ok
12:59:14.0520 0x18ec  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys
12:59:14.0528 0x18ec  ccSet_N360 - ok
12:59:14.0561 0x18ec  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:59:14.0565 0x18ec  cdfs - ok
12:59:14.0622 0x18ec  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:59:14.0626 0x18ec  cdrom - ok
12:59:14.0651 0x18ec  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:59:14.0654 0x18ec  CertPropSvc - ok
12:59:14.0680 0x18ec  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:59:14.0683 0x18ec  circlass - ok
12:59:14.0738 0x18ec  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
12:59:14.0759 0x18ec  CLFS - ok
12:59:14.0836 0x18ec  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:59:14.0841 0x18ec  clr_optimization_v2.0.50727_32 - ok
12:59:14.0933 0x18ec  [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:59:14.0939 0x18ec  clr_optimization_v2.0.50727_64 - ok
12:59:15.0064 0x18ec  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:59:15.0099 0x18ec  clr_optimization_v4.0.30319_32 - ok
12:59:15.0187 0x18ec  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:59:15.0197 0x18ec  clr_optimization_v4.0.30319_64 - ok
12:59:15.0236 0x18ec  [ B52D9A14CE4101577900A364BA86F3DF, A8AA928DDF5FE3861973D4EA03A5B700E99138236F1E8FF594293B9705BF470C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:59:15.0238 0x18ec  CmBatt - ok
12:59:15.0278 0x18ec  [ 8C6AA24C1D7273A02284588426AB8CE3, 3CF806448811542F44CDCFF20A4196D4C0FF8BF2BF5D86E6176B8AEE8DE0D721 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:59:15.0281 0x18ec  cmdide - ok
12:59:15.0359 0x18ec  [ C7A0E61D5714AC20DE52D4F66EC773B8, 53F0C91FD62E6787221EFB4BFDB087C2087CACD6B0C0605F58FC391F546EBA7A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:59:15.0375 0x18ec  Com4QLBEx - ok
12:59:15.0407 0x18ec  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:59:15.0410 0x18ec  Compbatt - ok
12:59:15.0421 0x18ec  COMSysApp - ok
12:59:15.0443 0x18ec  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:59:15.0447 0x18ec  crcdisk - ok
12:59:15.0530 0x18ec  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:59:15.0540 0x18ec  CryptSvc - ok
12:59:15.0627 0x18ec  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:59:15.0655 0x18ec  DcomLaunch - ok
12:59:15.0688 0x18ec  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:59:15.0693 0x18ec  DfsC - ok
12:59:15.0938 0x18ec  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
12:59:16.0163 0x18ec  DFSR - ok
12:59:16.0244 0x18ec  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:59:16.0254 0x18ec  Dhcp - ok
12:59:16.0296 0x18ec  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
12:59:16.0299 0x18ec  disk - ok
12:59:16.0339 0x18ec  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:59:16.0345 0x18ec  Dnscache - ok
12:59:16.0398 0x18ec  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
12:59:16.0410 0x18ec  dot3svc - ok
12:59:16.0442 0x18ec  [ 74C02B1717740C3B8039539E23E4B53F, FF17BC1DAAE92C99D17EAE5C43FCFCC4B76E390D05EE2C603E5579C78A5536F0 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:59:16.0450 0x18ec  Dot4 - ok
12:59:16.0493 0x18ec  [ 08321D1860235BF42CF2854234337AEA, 39BD593B373A43C34FDDE283BA17F8127558036E8B5604D7C7091BC99CA9D739 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:59:16.0495 0x18ec  Dot4Print - ok
12:59:16.0521 0x18ec  [ 4ADCCF0124F2B6911D3786A5D0E779E5, 950B6FA2B9ABF353036A64133ED441EF58EEE36DC4BF5D5C4FFB71796438B5AA ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:59:16.0525 0x18ec  dot4usb - ok
12:59:16.0572 0x18ec  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
12:59:16.0580 0x18ec  DPS - ok
12:59:16.0625 0x18ec  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:59:16.0627 0x18ec  drmkaud - ok
12:59:16.0719 0x18ec  [ 362CCEF305F45829316D62D3410F2062, 35033749E9B6B5AFC9C8C305F4AA1597E9776D465E7BBC24A20E836B7BEF0D73 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:59:16.0761 0x18ec  DXGKrnl - ok
12:59:16.0807 0x18ec  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
12:59:16.0815 0x18ec  E1G60 - ok
12:59:16.0864 0x18ec  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
12:59:16.0868 0x18ec  EapHost - ok
12:59:16.0936 0x18ec  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:59:16.0944 0x18ec  Ecache - ok
12:59:17.0031 0x18ec  [ 5E346ADBAD5110EAB2E9808ABE877A00, 4B72C34E41B8AA15D166F65B5A037A1230A9FF65F827D18A57E2198573616EAD ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:59:17.0058 0x18ec  eeCtrl - ok
12:59:17.0127 0x18ec  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:59:17.0147 0x18ec  ehRecvr - ok
12:59:17.0185 0x18ec  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
12:59:17.0195 0x18ec  ehSched - ok
12:59:17.0210 0x18ec  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:59:17.0212 0x18ec  ehstart - ok
12:59:17.0275 0x18ec  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:59:17.0297 0x18ec  elxstor - ok
12:59:17.0371 0x18ec  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:59:17.0393 0x18ec  EMDMgmt - ok
12:59:17.0445 0x18ec  [ CD0C80E5E9A9BF8DD145F43713D77993, 1D98B41BEF50B7860D003CEF93A32B728172C122DEA28031CAD299DB278D7589 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
12:59:17.0450 0x18ec  enecir - ok
12:59:17.0512 0x18ec  [ 773ACF5823046FA40D7FD898559A7228, 7DF39C42F781E7864CC791E3449CCDF0124930D128D168E8F9C80374640FFBE7 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:59:17.0523 0x18ec  EraserUtilRebootDrv - ok
12:59:17.0568 0x18ec  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:59:17.0571 0x18ec  ErrDev - ok
12:59:17.0658 0x18ec  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
12:59:17.0682 0x18ec  EventSystem - ok
12:59:17.0732 0x18ec  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:59:17.0746 0x18ec  exfat - ok
12:59:17.0807 0x18ec  [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:59:17.0822 0x18ec  fastfat - ok
12:59:17.0895 0x18ec  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:59:17.0899 0x18ec  fdc - ok
12:59:17.0947 0x18ec  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:59:17.0951 0x18ec  fdPHost - ok
12:59:17.0975 0x18ec  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:59:17.0981 0x18ec  FDResPub - ok
12:59:18.0023 0x18ec  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:59:18.0028 0x18ec  FileInfo - ok
12:59:18.0063 0x18ec  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:59:18.0066 0x18ec  Filetrace - ok
12:59:18.0094 0x18ec  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:59:18.0097 0x18ec  flpydisk - ok
12:59:18.0151 0x18ec  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:59:18.0165 0x18ec  FltMgr - ok
12:59:18.0309 0x18ec  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
12:59:18.0362 0x18ec  FontCache - ok
12:59:18.0419 0x18ec  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:59:18.0421 0x18ec  FontCache3.0.0.0 - ok
12:59:18.0478 0x18ec  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
12:59:18.0481 0x18ec  fssfltr - ok
12:59:18.0686 0x18ec  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:59:18.0769 0x18ec  fsssvc - ok
12:59:18.0826 0x18ec  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:59:18.0828 0x18ec  Fs_Rec - ok
12:59:18.0868 0x18ec  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:59:18.0873 0x18ec  gagp30kx - ok
12:59:18.0960 0x18ec  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:59:18.0970 0x18ec  GamesAppService - ok
12:59:19.0032 0x18ec  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:59:19.0035 0x18ec  GEARAspiWDM - ok
12:59:19.0112 0x18ec  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:59:19.0151 0x18ec  gpsvc - ok
12:59:19.0264 0x18ec  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:59:19.0271 0x18ec  gupdate - ok
12:59:19.0287 0x18ec  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:59:19.0293 0x18ec  gupdatem - ok
12:59:19.0339 0x18ec  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:59:19.0348 0x18ec  gusvc - ok
12:59:19.0411 0x18ec  [ DF45F8142DC6DF9D18C39B3EFFBD0409, E0F04525530FF403C5A34B7E9A03CDE70B7BACE12E2E50103554E92AF374BD09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:59:19.0424 0x18ec  HdAudAddService - ok
12:59:19.0515 0x18ec  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:59:19.0561 0x18ec  HDAudBus - ok
12:59:19.0602 0x18ec  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:59:19.0605 0x18ec  HidBth - ok
12:59:19.0654 0x18ec  [ 5F47839455D01FF6403B008D481A6F5B, 0CC1E8EE4C3E46937DEA39EAC2498C1A89667D6828430162FDFAE845C37D7079 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:59:19.0656 0x18ec  HidIr - ok
12:59:19.0698 0x18ec  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\system32\hidserv.dll
12:59:19.0701 0x18ec  hidserv - ok
12:59:19.0725 0x18ec  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:59:19.0727 0x18ec  HidUsb - ok
12:59:19.0759 0x18ec  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:59:19.0765 0x18ec  hkmsvc - ok
12:59:19.0814 0x18ec  [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:59:19.0819 0x18ec  HP Health Check Service - ok
12:59:19.0866 0x18ec  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:59:19.0869 0x18ec  HpCISSs - ok
12:59:19.0909 0x18ec  [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
12:59:19.0911 0x18ec  hpdskflt - ok
12:59:20.0043 0x18ec  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:59:20.0056 0x18ec  hpqcxs08 - ok
12:59:20.0081 0x18ec  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:59:20.0089 0x18ec  hpqddsvc - ok
12:59:20.0133 0x18ec  [ 9AF482D058BE59CC28BCE52E7C4B747C, 2D150CD0C82B575CDE2E1B3941FD72EFCB254850D6FF1D7C40D3B29643018EFF ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:59:20.0135 0x18ec  HpqKbFiltr - ok
12:59:20.0214 0x18ec  [ FDF273A845F1FFCCEADF363AAF47582F, 9BB99346A977225EF77261CD3CF4219A238EB06FFE2DB91D00A0037BDCFECEF1 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:59:20.0229 0x18ec  hpqwmiex - ok
12:59:20.0344 0x18ec  [ 4F6C514B6149E380B8C1EDEAC3D7AEC5, A794536CD0E9898A90C5C5BA89427BAD1B29B9AE31769F1B8395E81A31737F1E ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:59:20.0417 0x18ec  HPSLPSVC - ok
12:59:20.0445 0x18ec  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv           C:\Windows\system32\Hpservice.exe
12:59:20.0449 0x18ec  hpsrv - ok
12:59:20.0519 0x18ec  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:59:20.0548 0x18ec  HTTP - ok
12:59:20.0577 0x18ec  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:59:20.0579 0x18ec  i2omp - ok
12:59:20.0618 0x18ec  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:59:20.0622 0x18ec  i8042prt - ok
12:59:20.0664 0x18ec  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:59:20.0678 0x18ec  iaStorV - ok
12:59:20.0746 0x18ec  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:59:20.0750 0x18ec  IDriverT - ok
12:59:20.0878 0x18ec  [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:59:20.0927 0x18ec  idsvc - ok
12:59:21.0060 0x18ec  [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys
12:59:21.0098 0x18ec  IDSVia64 - ok
12:59:21.0164 0x18ec  [ 918EEBD9EC67CD0902627C77999072A0, 9FC9EC15545FA4FCF920F66BA03A271F1D41BC38BB6497F6F298EE110A5AFD53 ] IDVaultSvc      C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
12:59:21.0168 0x18ec  IDVaultSvc - ok
12:59:21.0809 0x18ec  [ 7B0A679638E9380C0D8D42C7D43F8169, 1F0E142FA29B5653ED3D452884738FAE716F080195283E7C3ECF117670465E57 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:59:22.0214 0x18ec  igfx - ok
12:59:22.0283 0x18ec  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:59:22.0285 0x18ec  iirsp - ok
12:59:22.0352 0x18ec  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
12:59:22.0370 0x18ec  IKEEXT - ok
12:59:22.0436 0x18ec  [ BE1CB000C655396C9DEF09AEE3EA2D67, 1194388255D136D3C32A730117FBFCD2EAE6BD15C328EE444FC2A5F080442589 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
12:59:22.0442 0x18ec  IntcHdmiAddService - ok
12:59:22.0488 0x18ec  [ 475490CAF376E55E6E8B37BBDFEB2E81, 7ABAC64094C794391E909B0E8C3D47F75A6D838304A29AE1580717370FE7C7C2 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:59:22.0491 0x18ec  intelide - ok
12:59:22.0515 0x18ec  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:59:22.0518 0x18ec  intelppm - ok
12:59:22.0615 0x18ec  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:59:22.0617 0x18ec  IntuitUpdateServiceV4 - ok
12:59:22.0643 0x18ec  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:59:22.0652 0x18ec  IPBusEnum - ok
12:59:22.0712 0x18ec  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:59:22.0718 0x18ec  IpFilterDriver - ok
12:59:22.0777 0x18ec  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:59:22.0790 0x18ec  iphlpsvc - ok
12:59:22.0799 0x18ec  IpInIp - ok
12:59:22.0839 0x18ec  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:59:22.0844 0x18ec  IPMIDRV - ok
12:59:22.0875 0x18ec  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:59:22.0883 0x18ec  IPNAT - ok
12:59:22.0955 0x18ec  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:59:22.0978 0x18ec  iPod Service - ok
12:59:23.0014 0x18ec  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:59:23.0016 0x18ec  IRENUM - ok
12:59:23.0057 0x18ec  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:59:23.0059 0x18ec  isapnp - ok
12:59:23.0117 0x18ec  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:59:23.0128 0x18ec  iScsiPrt - ok
12:59:23.0180 0x18ec  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:59:23.0182 0x18ec  iteatapi - ok
12:59:23.0210 0x18ec  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:59:23.0212 0x18ec  iteraid - ok
12:59:23.0244 0x18ec  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:59:23.0247 0x18ec  kbdclass - ok
12:59:23.0286 0x18ec  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:59:23.0289 0x18ec  kbdhid - ok
12:59:23.0329 0x18ec  [ F03A97CEAF4E848978864C59A50D1E3D, C46061F51C5A7AB47C21C66FBFC3606686664298814AD104A243B6D98CA18ADD ] keycrypt        C:\Windows\system32\DRIVERS\KeyCrypt64.sys
12:59:23.0333 0x18ec  keycrypt - ok
12:59:23.0360 0x18ec  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
12:59:23.0363 0x18ec  KeyIso - ok
12:59:23.0422 0x18ec  [ 4E76398AEF64CB6D782CFEB99B4EAE55, ED8CDC9A454FD6C7C907B1983259DB85FF76F4B85CD501D4679BB4035F16ACA2 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:59:23.0425 0x18ec  KMWDFILTER - ok
12:59:23.0500 0x18ec  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:59:23.0529 0x18ec  KSecDD - ok
12:59:23.0561 0x18ec  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:59:23.0564 0x18ec  ksthunk - ok
12:59:23.0626 0x18ec  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:59:23.0647 0x18ec  KtmRm - ok
12:59:23.0712 0x18ec  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:59:23.0727 0x18ec  LanmanServer - ok
12:59:23.0794 0x18ec  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:59:23.0808 0x18ec  LanmanWorkstation - ok
12:59:23.0852 0x18ec  [ ABF90FC5A127F481219B873C1B8DFC1C, 465188183B2848C11743B2A6B987B307D30F636E4958E60766336479473DD121 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:59:23.0857 0x18ec  LightScribeService - ok
12:59:23.0883 0x18ec  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:59:23.0887 0x18ec  lltdio - ok
12:59:23.0942 0x18ec  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:59:23.0961 0x18ec  lltdsvc - ok
12:59:23.0999 0x18ec  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:59:24.0002 0x18ec  lmhosts - ok
12:59:24.0105 0x18ec  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:59:24.0120 0x18ec  LSI_FC - ok
12:59:24.0254 0x18ec  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:59:24.0261 0x18ec  LSI_SAS - ok
12:59:24.0294 0x18ec  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:59:24.0301 0x18ec  LSI_SCSI - ok
12:59:24.0316 0x18ec  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:59:24.0323 0x18ec  luafv - ok
12:59:24.0370 0x18ec  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:59:24.0372 0x18ec  MBAMProtector - ok
12:59:24.0559 0x18ec  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
12:59:24.0642 0x18ec  MBAMScheduler - ok
12:59:24.0743 0x18ec  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
12:59:24.0782 0x18ec  MBAMService - ok
12:59:24.0840 0x18ec  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:59:24.0846 0x18ec  MBAMSwissArmy - ok
12:59:24.0873 0x18ec  [ 3C88AB26DEDCD50396240CA37D5085AF, 2513CBD3CA303CB9B424659F2F5E89B22CA4E724DCEB31B4A0DA1A5B731A9A39 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:59:24.0876 0x18ec  MBAMWebAccessControl - ok
12:59:24.0941 0x18ec  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:59:24.0947 0x18ec  Mcx2Svc - ok
12:59:24.0985 0x18ec  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:59:24.0988 0x18ec  megasas - ok
12:59:25.0036 0x18ec  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
12:59:25.0061 0x18ec  MegaSR - ok
12:59:25.0090 0x18ec  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
12:59:25.0095 0x18ec  MMCSS - ok
12:59:25.0124 0x18ec  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
12:59:25.0127 0x18ec  Modem - ok
12:59:25.0177 0x18ec  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:59:25.0181 0x18ec  monitor - ok
12:59:25.0227 0x18ec  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:59:25.0230 0x18ec  mouclass - ok
12:59:25.0248 0x18ec  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:59:25.0250 0x18ec  mouhid - ok
12:59:25.0283 0x18ec  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:59:25.0288 0x18ec  MountMgr - ok
12:59:25.0322 0x18ec  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
12:59:25.0329 0x18ec  mpio - ok
12:59:25.0353 0x18ec  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:59:25.0358 0x18ec  mpsdrv - ok
12:59:25.0418 0x18ec  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:59:25.0442 0x18ec  MpsSvc - ok
12:59:25.0477 0x18ec  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:59:25.0480 0x18ec  Mraid35x - ok
12:59:25.0526 0x18ec  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:59:25.0534 0x18ec  MRxDAV - ok
12:59:25.0568 0x18ec  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:59:25.0575 0x18ec  mrxsmb - ok
12:59:25.0624 0x18ec  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:59:25.0637 0x18ec  mrxsmb10 - ok
12:59:25.0661 0x18ec  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:59:25.0667 0x18ec  mrxsmb20 - ok
12:59:25.0717 0x18ec  [ AA459F2AB3AB603C357FF117CAE3D818, C633178227A0C446920908967E6F2F4979BE77209C7377B9A41B90F5F31B41B3 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:59:25.0720 0x18ec  msahci - ok
12:59:25.0753 0x18ec  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:59:25.0760 0x18ec  msdsm - ok
12:59:25.0795 0x18ec  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
12:59:25.0803 0x18ec  MSDTC - ok
12:59:25.0848 0x18ec  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:59:25.0851 0x18ec  Msfs - ok
12:59:25.0879 0x18ec  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:59:25.0882 0x18ec  msisadrv - ok
12:59:25.0924 0x18ec  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:59:25.0935 0x18ec  MSiSCSI - ok
12:59:25.0945 0x18ec  msiserver - ok
12:59:25.0977 0x18ec  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:59:25.0979 0x18ec  MSKSSRV - ok
12:59:26.0008 0x18ec  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:59:26.0010 0x18ec  MSPCLOCK - ok
12:59:26.0047 0x18ec  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:59:26.0049 0x18ec  MSPQM - ok
12:59:26.0106 0x18ec  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:59:26.0124 0x18ec  MsRPC - ok
12:59:26.0190 0x18ec  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:59:26.0193 0x18ec  mssmbios - ok
12:59:26.0230 0x18ec  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:59:26.0232 0x18ec  MSTEE - ok
12:59:26.0273 0x18ec  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:59:26.0278 0x18ec  Mup - ok
12:59:26.0412 0x18ec  [ DC2F9537C3BB5031CFE640C5FB144933, FAAEC95B5F2306F2E8396D71BD9E9FBA8274DD7DBAE20F486EFC86B5176C3A04 ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
12:59:26.0436 0x18ec  N360 - ok
12:59:26.0505 0x18ec  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
12:59:26.0529 0x18ec  napagent - ok
12:59:26.0589 0x18ec  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:59:26.0600 0x18ec  NativeWifiP - ok
12:59:26.0706 0x18ec  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\ENG64.SYS
12:59:26.0714 0x18ec  NAVENG - ok
12:59:26.0860 0x18ec  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.019\EX64.SYS
12:59:26.0979 0x18ec  NAVEX15 - ok
12:59:27.0065 0x18ec  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:59:27.0098 0x18ec  NDIS - ok
12:59:27.0125 0x18ec  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:59:27.0127 0x18ec  NdisTapi - ok
12:59:27.0173 0x18ec  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:59:27.0175 0x18ec  Ndisuio - ok
12:59:27.0228 0x18ec  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:59:27.0236 0x18ec  NdisWan - ok
12:59:27.0260 0x18ec  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:59:27.0264 0x18ec  NDProxy - ok
12:59:27.0323 0x18ec  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:59:27.0329 0x18ec  Net Driver HPZ12 - ok
12:59:27.0347 0x18ec  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:59:27.0351 0x18ec  NetBIOS - ok
12:59:27.0413 0x18ec  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:59:27.0429 0x18ec  netbt - ok
12:59:27.0453 0x18ec  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
12:59:27.0456 0x18ec  Netlogon - ok
12:59:27.0501 0x18ec  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
12:59:27.0520 0x18ec  Netman - ok
12:59:27.0579 0x18ec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:27.0592 0x18ec  NetMsmqActivator - ok
12:59:27.0611 0x18ec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:27.0621 0x18ec  NetPipeActivator - ok
12:59:27.0686 0x18ec  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
12:59:27.0701 0x18ec  netprofm - ok
12:59:27.0734 0x18ec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:27.0740 0x18ec  NetTcpActivator - ok
12:59:27.0757 0x18ec  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:59:27.0763 0x18ec  NetTcpPortSharing - ok
12:59:27.0990 0x18ec  [ C86984AEE87900C1EEB6942EDE3BF4B6, 9C6417E464467008B89D962E64207207AFC6DE254F8B3C56A266623F3FE3D415 ] NETw3v64        C:\Windows\system32\DRIVERS\NETw3v64.sys
12:59:28.0156 0x18ec  NETw3v64 - ok
12:59:28.0205 0x18ec  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:59:28.0208 0x18ec  nfrd960 - ok
12:59:28.0254 0x18ec  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:59:28.0264 0x18ec  NlaSvc - ok
12:59:28.0306 0x18ec  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:59:28.0309 0x18ec  Npfs - ok
12:59:28.0336 0x18ec  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
12:59:28.0340 0x18ec  nsi - ok
12:59:28.0361 0x18ec  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:59:28.0364 0x18ec  nsiproxy - ok
12:59:28.0502 0x18ec  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:59:28.0587 0x18ec  Ntfs - ok
12:59:28.0616 0x18ec  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
12:59:28.0617 0x18ec  Null - ok
12:59:28.0643 0x18ec  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:59:28.0649 0x18ec  nvraid - ok
12:59:28.0665 0x18ec  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:59:28.0669 0x18ec  nvstor - ok
12:59:28.0709 0x18ec  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:59:28.0715 0x18ec  nv_agp - ok
12:59:28.0725 0x18ec  NwlnkFlt - ok
12:59:28.0733 0x18ec  NwlnkFwd - ok
12:59:28.0760 0x18ec  [ 1B30103FDE512915A9214B108B6E7A9C, C572D3DCB2058A0619D165D4EFC389AFB6C93CDD70D80C29ED34C6397C88356B ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:59:28.0764 0x18ec  ohci1394 - ok
12:59:28.0821 0x18ec  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:28.0829 0x18ec  ose - ok
12:59:28.0929 0x18ec  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:59:28.0972 0x18ec  p2pimsvc - ok
12:59:29.0017 0x18ec  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:59:29.0048 0x18ec  p2psvc - ok
12:59:29.0076 0x18ec  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
12:59:29.0081 0x18ec  Parport - ok
12:59:29.0131 0x18ec  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:59:29.0176 0x18ec  partmgr - ok
12:59:29.0200 0x18ec  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:59:29.0207 0x18ec  PcaSvc - ok
12:59:29.0256 0x18ec  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
12:59:29.0295 0x18ec  pci - ok
12:59:29.0330 0x18ec  [ 15E5C3F89A3452EFBDA3B39816DBC4EE, 3004BE8D9D68244E8510C3E0A8913E53C760F79BB1055D73AC128D9020BAF0E7 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:59:29.0347 0x18ec  pciide - ok
12:59:29.0468 0x18ec  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:59:29.0480 0x18ec  pcmcia - ok
12:59:29.0554 0x18ec  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:59:29.0594 0x18ec  PEAUTH - ok
12:59:29.0713 0x18ec  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:59:29.0716 0x18ec  PerfHost - ok
12:59:29.0862 0x18ec  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
12:59:29.0940 0x18ec  pla - ok
12:59:30.0000 0x18ec  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:59:30.0014 0x18ec  PlugPlay - ok
12:59:30.0049 0x18ec  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:59:30.0055 0x18ec  Pml Driver HPZ12 - ok
12:59:30.0118 0x18ec  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:59:30.0158 0x18ec  PNRPAutoReg - ok
12:59:30.0203 0x18ec  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:59:30.0235 0x18ec  PNRPsvc - ok
12:59:30.0304 0x18ec  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:59:30.0329 0x18ec  PolicyAgent - ok
12:59:30.0374 0x18ec  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:59:30.0379 0x18ec  PptpMiniport - ok
12:59:30.0411 0x18ec  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
12:59:30.0415 0x18ec  Processor - ok
12:59:30.0466 0x18ec  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
12:59:30.0477 0x18ec  ProfSvc - ok
12:59:30.0498 0x18ec  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:59:30.0501 0x18ec  ProtectedStorage - ok
12:59:30.0548 0x18ec  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:59:30.0554 0x18ec  PSched - ok
12:59:30.0660 0x18ec  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:59:30.0729 0x18ec  ql2300 - ok
12:59:30.0764 0x18ec  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:59:30.0772 0x18ec  ql40xx - ok
12:59:30.0812 0x18ec  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
12:59:30.0831 0x18ec  QWAVE - ok
12:59:30.0870 0x18ec  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:59:30.0874 0x18ec  QWAVEdrv - ok
12:59:30.0894 0x18ec  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:59:30.0896 0x18ec  RasAcd - ok
12:59:30.0954 0x18ec  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
12:59:30.0964 0x18ec  RasAuto - ok
12:59:31.0014 0x18ec  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:59:31.0022 0x18ec  Rasl2tp - ok
12:59:31.0065 0x18ec  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
12:59:31.0083 0x18ec  RasMan - ok
12:59:31.0122 0x18ec  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:59:31.0128 0x18ec  RasPppoe - ok
12:59:31.0201 0x18ec  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:59:31.0208 0x18ec  RasSstp - ok
12:59:31.0282 0x18ec  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:59:31.0300 0x18ec  rdbss - ok
12:59:31.0327 0x18ec  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:59:31.0329 0x18ec  RDPCDD - ok
12:59:31.0384 0x18ec  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:59:31.0399 0x18ec  rdpdr - ok
12:59:31.0408 0x18ec  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:59:31.0410 0x18ec  RDPENCDD - ok
12:59:31.0468 0x18ec  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:59:31.0478 0x18ec  RDPWD - ok
12:59:31.0563 0x18ec  [ 2063D6B51FD874E67502B31A9FDBA685, 38AB5B822DB1803C1A2A7D9DF58BCD8C99693396C833D4CEA4904E13B702B9F1 ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
12:59:31.0580 0x18ec  Recovery Service for Windows - ok
12:59:31.0612 0x18ec  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:59:31.0619 0x18ec  RemoteAccess - ok
12:59:31.0665 0x18ec  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:59:31.0677 0x18ec  RemoteRegistry - ok
12:59:31.0713 0x18ec  [ 72C35598BA591ABDDC37FCE7D26FE1C4, 6931E6D2FFD21C3F6CC7DBAE65B8B17CB15576C7DDCE165F1305E94D90AB7605 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:59:31.0723 0x18ec  RFCOMM - ok
12:59:31.0800 0x18ec  [ 498EB62A160674E793FA40FD65390625, F7EFD480E6C95F5B6202EEB87F519A8A8187F7F26281FB3E302EDD1AD5771025 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:59:31.0814 0x18ec  RichVideo - ok
12:59:31.0849 0x18ec  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
12:59:31.0852 0x18ec  RpcLocator - ok
12:59:31.0934 0x18ec  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
12:59:31.0972 0x18ec  RpcSs - ok
12:59:32.0002 0x18ec  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:59:32.0008 0x18ec  rspndr - ok
12:59:32.0043 0x18ec  [ 390482953C63E81BAE52F20386394421, C5385C4B1CD8A18675B113B2664701FE4BFEFA60FB4B0412C1058880D2CBCF86 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
12:59:32.0055 0x18ec  RTL8169 - ok
12:59:32.0113 0x18ec  [ 4AD8464FECE8EBE276D4A7D75E418452, E48988079630309FF5C3BDEFE80098DCE8F538AB7C325E386B3FD97083CC2B36 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
12:59:32.0119 0x18ec  RTSTOR - ok
12:59:32.0142 0x18ec  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
12:59:32.0145 0x18ec  SamSs - ok
12:59:32.0196 0x18ec  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:59:32.0203 0x18ec  sbp2port - ok
12:59:32.0267 0x18ec  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:59:32.0282 0x18ec  SCardSvr - ok
12:59:32.0379 0x18ec  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
12:59:32.0444 0x18ec  Schedule - ok
12:59:32.0497 0x18ec  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:59:32.0501 0x18ec  SCPolicySvc - ok
12:59:32.0549 0x18ec  [ B42EE50F7D24F837F925332EB349ECA5, 5DA793DADA7E244A48FFE3249A0271974BA31839A70173F2F14BE80673C86014 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:59:32.0557 0x18ec  sdbus - ok
12:59:32.0594 0x18ec  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:59:32.0603 0x18ec  SDRSVC - ok
12:59:32.0631 0x18ec  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:59:32.0633 0x18ec  secdrv - ok
12:59:32.0650 0x18ec  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
12:59:32.0654 0x18ec  seclogon - ok
12:59:32.0686 0x18ec  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\System32\sens.dll
12:59:32.0691 0x18ec  SENS - ok
12:59:32.0722 0x18ec  [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:59:32.0725 0x18ec  Serenum - ok
12:59:32.0774 0x18ec  [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial          C:\Windows\system32\drivers\serial.sys
12:59:32.0780 0x18ec  Serial - ok
12:59:32.0804 0x18ec  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:59:32.0806 0x18ec  sermouse - ok
12:59:32.0863 0x18ec  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
12:59:32.0868 0x18ec  SessionEnv - ok
12:59:32.0888 0x18ec  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:59:32.0890 0x18ec  sffdisk - ok
12:59:32.0926 0x18ec  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:59:32.0928 0x18ec  sffp_mmc - ok
12:59:32.0946 0x18ec  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:59:32.0948 0x18ec  sffp_sd - ok
12:59:32.0973 0x18ec  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:59:32.0976 0x18ec  sfloppy - ok
12:59:33.0026 0x18ec  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:59:33.0047 0x18ec  SharedAccess - ok
12:59:33.0108 0x18ec  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:59:33.0126 0x18ec  ShellHWDetection - ok
12:59:33.0172 0x18ec  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:59:33.0176 0x18ec  SiSRaid2 - ok
12:59:33.0193 0x18ec  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:59:33.0198 0x18ec  SiSRaid4 - ok
12:59:33.0391 0x18ec  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
12:59:33.0521 0x18ec  slsvc - ok
12:59:33.0572 0x18ec  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:59:33.0579 0x18ec  SLUINotify - ok
12:59:33.0622 0x18ec  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:59:33.0627 0x18ec  Smb - ok
12:59:33.0683 0x18ec  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:59:33.0687 0x18ec  SNMPTRAP - ok
12:59:33.0722 0x18ec  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:59:33.0725 0x18ec  spldr - ok
12:59:33.0779 0x18ec  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
12:59:33.0795 0x18ec  Spooler - ok
12:59:33.0917 0x18ec  [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] SRTSP           C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS
12:59:33.0956 0x18ec  SRTSP - ok
12:59:33.0976 0x18ec  [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX          C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS
12:59:33.0979 0x18ec  SRTSPX - ok
12:59:34.0040 0x18ec  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:59:34.0061 0x18ec  srv - ok
12:59:34.0113 0x18ec  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:59:34.0121 0x18ec  srv2 - ok
12:59:34.0165 0x18ec  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:59:34.0172 0x18ec  srvnet - ok
12:59:34.0232 0x18ec  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:59:34.0246 0x18ec  SSDPSRV - ok
12:59:34.0289 0x18ec  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:59:34.0301 0x18ec  SstpSvc - ok
12:59:34.0422 0x18ec  [ 60706B595C63B595DE05BA1B6EA008F8, D26E11FADF5815616A38673D73ECB926D779E87C0363EA1F289AB587403099E3 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe
12:59:34.0440 0x18ec  STacSV - ok
12:59:34.0541 0x18ec  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:59:34.0586 0x18ec  Steam Client Service - ok
12:59:34.0665 0x18ec  [ AA408EC8F77D3F5E745F5F7E5B133D8E, C66D225C501CD67D6729B924AE52468B10F8DF0DEC49BF7CF96F688E637E5444 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:59:34.0709 0x18ec  STHDA - ok
12:59:34.0787 0x18ec  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
12:59:34.0823 0x18ec  stisvc - ok
12:59:34.0853 0x18ec  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:59:34.0855 0x18ec  swenum - ok
12:59:34.0932 0x18ec  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
12:59:34.0958 0x18ec  swprv - ok
12:59:34.0987 0x18ec  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:59:34.0990 0x18ec  Symc8xx - ok
12:59:35.0078 0x18ec  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS
12:59:35.0100 0x18ec  SymDS - ok
12:59:35.0226 0x18ec  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS
12:59:35.0280 0x18ec  SymEFA - ok
12:59:35.0342 0x18ec  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:59:35.0350 0x18ec  SymEvent - ok
12:59:35.0429 0x18ec  [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON         C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS
12:59:35.0441 0x18ec  SymIRON - ok
12:59:35.0542 0x18ec  [ 018D1F8343C301B4AF9DD042D2FFBCC8, 5DE8FADCBFA91B018DFA1E9B55CC84F70539791E1EDABB06301569EE92AFD970 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS
12:59:35.0571 0x18ec  SYMTDIv - ok
12:59:35.0603 0x18ec  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:59:35.0607 0x18ec  Sym_hi - ok
12:59:35.0620 0x18ec  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:59:35.0625 0x18ec  Sym_u3 - ok
12:59:35.0677 0x18ec  [ AC3CC98B1BDB6540021D3FFB105AC2B9, 671146CC16139AECE0BCCC44983807E045A930E262F64461D0D882A0A0B77E4F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:59:35.0700 0x18ec  SynTP - ok
12:59:35.0786 0x18ec  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
12:59:35.0839 0x18ec  SysMain - ok
12:59:35.0875 0x18ec  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
12:59:35.0884 0x18ec  TabletInputService - ok
12:59:35.0939 0x18ec  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:59:35.0957 0x18ec  TapiSrv - ok
12:59:35.0985 0x18ec  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
12:59:35.0994 0x18ec  TBS - ok
12:59:36.0118 0x18ec  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:59:36.0186 0x18ec  Tcpip - ok
12:59:36.0267 0x18ec  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:59:36.0333 0x18ec  Tcpip6 - ok
12:59:36.0377 0x18ec  [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:59:36.0380 0x18ec  tcpipreg - ok
12:59:36.0408 0x18ec  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:59:36.0410 0x18ec  TDPIPE - ok
12:59:36.0440 0x18ec  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:59:36.0443 0x18ec  TDTCP - ok
12:59:36.0491 0x18ec  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:59:36.0497 0x18ec  tdx - ok
12:59:36.0513 0x18ec  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:59:36.0517 0x18ec  TermDD - ok
12:59:36.0585 0x18ec  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
12:59:36.0614 0x18ec  TermService - ok
12:59:36.0653 0x18ec  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
12:59:36.0670 0x18ec  Themes - ok
12:59:36.0702 0x18ec  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:59:36.0707 0x18ec  THREADORDER - ok
12:59:36.0748 0x18ec  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
12:59:36.0758 0x18ec  TrkWks - ok
12:59:36.0833 0x18ec  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:59:36.0835 0x18ec  TrustedInstaller - ok
12:59:36.0876 0x18ec  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:59:36.0879 0x18ec  tssecsrv - ok
12:59:36.0937 0x18ec  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:59:36.0939 0x18ec  tunmp - ok
12:59:36.0970 0x18ec  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:59:36.0973 0x18ec  tunnel - ok
12:59:37.0086 0x18ec  [ 1C31169DDDC70C1605F703DA701EAEEA, 85F6EB6A351A9D850C484A35A814B714985A4364768DC4E92E8E4B8AC6B9860C ] TVCapSvc        C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
12:59:37.0102 0x18ec  TVCapSvc - ok
12:59:37.0131 0x18ec  [ 290B8C381DBC15D3DBCBD2BDB6B0BA12, 4DE1A8458137E7B825B1AF6DDDA6F1F8FCC6DB1D8A8B174538B1D2D00CA6FAD0 ] TVSched         C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
12:59:37.0138 0x18ec  TVSched - ok
12:59:37.0214 0x18ec  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:59:37.0219 0x18ec  uagp35 - ok
12:59:37.0284 0x18ec  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:59:37.0303 0x18ec  udfs - ok
12:59:37.0368 0x18ec  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:59:37.0375 0x18ec  UI0Detect - ok
12:59:37.0403 0x18ec  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:59:37.0408 0x18ec  uliagpkx - ok
12:59:37.0447 0x18ec  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:59:37.0461 0x18ec  uliahci - ok
12:59:37.0479 0x18ec  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:59:37.0487 0x18ec  UlSata - ok
12:59:37.0504 0x18ec  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:59:37.0516 0x18ec  ulsata2 - ok
12:59:37.0534 0x18ec  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:59:37.0537 0x18ec  umbus - ok
12:59:37.0580 0x18ec  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
12:59:37.0599 0x18ec  upnphost - ok
12:59:37.0647 0x18ec  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:59:37.0651 0x18ec  USBAAPL64 - ok
12:59:37.0703 0x18ec  [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:59:37.0710 0x18ec  usbaudio - ok
12:59:37.0764 0x18ec  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:59:37.0770 0x18ec  usbccgp - ok
12:59:37.0815 0x18ec  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:59:37.0820 0x18ec  usbcir - ok
12:59:37.0858 0x18ec  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:59:37.0864 0x18ec  usbehci - ok
12:59:37.0923 0x18ec  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:59:37.0936 0x18ec  usbhub - ok
12:59:37.0971 0x18ec  [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:59:37.0973 0x18ec  usbohci - ok
12:59:38.0024 0x18ec  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:59:38.0027 0x18ec  usbprint - ok
12:59:38.0085 0x18ec  [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:59:38.0088 0x18ec  usbscan - ok
12:59:38.0137 0x18ec  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:59:38.0142 0x18ec  USBSTOR - ok
12:59:38.0211 0x18ec  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:59:38.0214 0x18ec  usbuhci - ok
12:59:38.0394 0x18ec  [ BF7A051DCCBA57C95541135B29CE0FB4, F3570ED5B57CB64A8222164038D53D1C2009013C50CFDE2E6105E8D4F642FEA6 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:59:38.0408 0x18ec  usbvideo - ok
12:59:38.0446 0x18ec  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
12:59:38.0454 0x18ec  UxSms - ok
12:59:38.0543 0x18ec  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
12:59:38.0598 0x18ec  vds - ok
12:59:38.0650 0x18ec  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:59:38.0654 0x18ec  vga - ok
12:59:38.0685 0x18ec  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:59:38.0689 0x18ec  VgaSave - ok
12:59:38.0721 0x18ec  [ 4F964E6828156F0EF3FA8D3A9A7895DE, 2C774979D42F2FDBFFADC8B5398B3098EE84565E1125B497BB5BAABE8300CA00 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:59:38.0724 0x18ec  viaide - ok
12:59:38.0773 0x18ec  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:59:38.0780 0x18ec  volmgr - ok
12:59:38.0827 0x18ec  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:59:38.0851 0x18ec  volmgrx - ok
12:59:38.0914 0x18ec  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:59:38.0926 0x18ec  volsnap - ok
12:59:39.0013 0x18ec  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:59:39.0020 0x18ec  vsmraid - ok
12:59:39.0209 0x18ec  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
12:59:39.0356 0x18ec  VSS - ok
12:59:39.0455 0x18ec  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
12:59:39.0476 0x18ec  W32Time - ok
12:59:39.0513 0x18ec  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:59:39.0516 0x18ec  WacomPen - ok
12:59:39.0578 0x18ec  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:59:39.0585 0x18ec  Wanarp - ok
12:59:39.0596 0x18ec  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:59:39.0601 0x18ec  Wanarpv6 - ok
12:59:39.0703 0x18ec  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:59:39.0750 0x18ec  wcncsvc - ok
12:59:39.0783 0x18ec  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:59:39.0791 0x18ec  WcsPlugInService - ok
12:59:39.0824 0x18ec  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
12:59:39.0827 0x18ec  Wd - ok
12:59:39.0975 0x18ec  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:59:40.0021 0x18ec  Wdf01000 - ok
12:59:40.0044 0x18ec  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:59:40.0053 0x18ec  WdiServiceHost - ok
12:59:40.0064 0x18ec  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:59:40.0073 0x18ec  WdiSystemHost - ok
12:59:40.0129 0x18ec  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
12:59:40.0142 0x18ec  WebClient - ok
12:59:40.0220 0x18ec  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:59:40.0234 0x18ec  Wecsvc - ok
12:59:40.0279 0x18ec  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:59:40.0286 0x18ec  wercplsupport - ok
12:59:40.0309 0x18ec  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:59:40.0316 0x18ec  WerSvc - ok
12:59:40.0334 0x18ec  WinDefend - ok
12:59:40.0350 0x18ec  WinHttpAutoProxySvc - ok
12:59:40.0441 0x18ec  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:59:40.0453 0x18ec  Winmgmt - ok
12:59:40.0664 0x18ec  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
12:59:40.0831 0x18ec  WinRM - ok
12:59:40.0926 0x18ec  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:59:40.0958 0x18ec  Wlansvc - ok
12:59:41.0079 0x18ec  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:59:41.0082 0x18ec  wlcrasvc - ok
12:59:41.0284 0x18ec  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:59:41.0446 0x18ec  wlidsvc - ok
12:59:41.0496 0x18ec  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:59:41.0498 0x18ec  WmiAcpi - ok
12:59:41.0571 0x18ec  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:59:41.0582 0x18ec  wmiApSrv - ok
12:59:41.0606 0x18ec  WMPNetworkSvc - ok
12:59:41.0641 0x18ec  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:59:41.0651 0x18ec  WPCSvc - ok
12:59:41.0715 0x18ec  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:59:41.0722 0x18ec  WPDBusEnum - ok
12:59:41.0790 0x18ec  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:59:41.0793 0x18ec  WpdUsb - ok
12:59:41.0987 0x18ec  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:59:42.0035 0x18ec  WPFFontCache_v0400 - ok
12:59:42.0092 0x18ec  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:59:42.0094 0x18ec  ws2ifsl - ok
12:59:42.0144 0x18ec  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:59:42.0150 0x18ec  wscsvc - ok
12:59:42.0158 0x18ec  WSearch - ok
12:59:42.0397 0x18ec  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:59:42.0552 0x18ec  wuauserv - ok
12:59:42.0617 0x18ec  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:59:42.0621 0x18ec  WudfPf - ok
12:59:42.0672 0x18ec  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:59:42.0682 0x18ec  WUDFRd - ok
12:59:42.0725 0x18ec  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:59:42.0735 0x18ec  wudfsvc - ok
12:59:42.0902 0x18ec  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:59:42.0936 0x18ec  YahooAUService - ok
12:59:43.0002 0x18ec  [ 07F7285220307AAFB755D890295F0F9A, 101654B40D61DF19D302611B3C1441C72ADAC3ED9318EFE91E8854B19123ACE0 ] yukonx64        C:\Windows\system32\DRIVERS\yk60x64.sys
12:59:43.0018 0x18ec  yukonx64 - ok
12:59:43.0080 0x18ec  [ 1CACFEF9E5DD866C5B79A135EE729E18, D46DBD2FA4B21F1EE9452EBBCBA143AB5BF83E2C9C8ACF25CEDBEFE02B4EA97D ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
12:59:43.0091 0x18ec  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
12:59:43.0106 0x18ec  ================ Scan global ===============================
12:59:43.0146 0x18ec  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
12:59:43.0227 0x18ec  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
12:59:43.0309 0x18ec  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
12:59:43.0441 0x18ec  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
12:59:43.0465 0x18ec  [ Global ] - ok
12:59:43.0466 0x18ec  ================ Scan MBR ==================================
12:59:43.0493 0x18ec  [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
12:59:44.0994 0x18ec  \Device\Harddisk0\DR0 - ok
12:59:44.0995 0x18ec  ================ Scan VBR ==================================
12:59:45.0074 0x18ec  [ D3E43072055A587218959F77FBBEE488 ] \Device\Harddisk0\DR0\Partition1
12:59:45.0156 0x18ec  \Device\Harddisk0\DR0\Partition1 - ok
12:59:45.0195 0x18ec  [ 6398DE9A0AB1334436D945060881057B ] \Device\Harddisk0\DR0\Partition2
12:59:45.0220 0x18ec  \Device\Harddisk0\DR0\Partition2 - ok
12:59:45.0221 0x18ec  ================ Scan generic autorun ======================
12:59:45.0268 0x18ec  [ 7DBB6F0091C74793D164FE5E1350C6AE, 8CEA5BB17D724A9A474180CDF03FEF0BE0B998D8958E53DA7863D10CEC3C3DA7 ] C:\Windows\system32\igfxtray.exe
12:59:45.0276 0x18ec  IgfxTray - ok
12:59:45.0333 0x18ec  [ 6AADDC7AD20F5FAEA7D484761AC670F5, C5212D4CA864A1EF10B4F6DBFF6C1FF2C1D0268992B64135C6A7D30C780F47E0 ] C:\Windows\system32\hkcmd.exe
12:59:45.0342 0x18ec  HotKeysCmds - ok
12:59:45.0406 0x18ec  [ 8D18C0E362998913FC91146E415FDE1B, 57E2E9EE7FF313197683138FAD4267802B354B2CEE14642C9053715DC16D7DD1 ] C:\Windows\system32\igfxpers.exe
12:59:45.0418 0x18ec  Persistence - ok
12:59:45.0420 0x18ec  SynTPEnh - ok
12:59:45.0426 0x18ec  SmartMenu - ok
12:59:45.0431 0x18ec  Windows Defender - ok
12:59:45.0486 0x18ec  [ 62FCC07DF9F443A8425C790F32123CDF, AC7E9ED9D852EA5C52BCCB7186689D829E8DD0E058256FA1EB2433EA952F2355 ] C:\Program Files\Java\jre6\bin\jusched.exe
12:59:45.0496 0x18ec  SunJavaUpdateSched - ok
12:59:45.0498 0x18ec  SysTrayApp - ok
12:59:45.0601 0x18ec  [ B6F6228AB545E2819A60C0D63A84E52E, B1B8F786057DC3CA89B41D4109C1BC014F11DAFBF2A007999B4C7695D6A2377D ] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
12:59:45.0684 0x18ec  DVDAgent - ok
12:59:45.0760 0x18ec  [ CB253098B728546DDD9525822E04F2F1, 1A2321FCC9C43CF8ED7810A732184A99066B2B7A8AFBAEA740550DC975DAC826 ] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
12:59:45.0772 0x18ec  TVAgent - ok
12:59:45.0842 0x18ec  [ 601D77C0AA637A99073210894554B6BA, 0EE521E25512E7D303D6014D31F2D7057CEAA477F6481451111B941BCB8BF1F2 ] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
12:59:45.0858 0x18ec  UpdateLBPShortCut - ok
12:59:45.0928 0x18ec  [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
12:59:45.0944 0x18ec  UpdatePSTShortCut - ok
12:59:46.0013 0x18ec  [ 8F89E6CB82E6DB45BC993D423CD0FDBD, 254DD6E7EBCD1BAEE8DB5AD34451B66241DCCE6496D440400DA092C9C867F165 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
12:59:46.0036 0x18ec  QlbCtrl.exe - ok
12:59:46.0117 0x18ec  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
12:59:46.0130 0x18ec  UpdateP2GoShortCut - ok
12:59:46.0259 0x18ec  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
12:59:46.0270 0x18ec  UpdatePDIRShortCut - ok
12:59:46.0315 0x18ec  [ AE37F6508716D2DD6122744C46686BEC, 7B56FF8BE142772819E0FD4E9FA6CF9C194D1AF938C7463B1DD4D6C52E1593C2 ] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
12:59:46.0319 0x18ec  HP Health Check Scheduler - ok
12:59:46.0374 0x18ec  [ D5BF6F7CD2F0CF8C01C98B12D0A29D06, ECB8A3E63B385261A5C5F8DBB7CE7A47D3B9B62BA6E0D97DC9D1FEA9485EB939 ] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
12:59:46.0395 0x18ec  WirelessAssistant - ok
12:59:46.0531 0x18ec  [ 640FFD6549C5C06627B5C6228DB67D02, C86F05EAD114F62230E4C5730AA4A138DDC15BAE5320ED8F2C2D7768F8D0D31E ] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
12:59:46.0605 0x18ec  TSMAgent - ok
12:59:46.0741 0x18ec  [ 890A079B449A3A1B8C379E6EF906CF03, D7C7BD8B7DF9C2565651B633B2C4BD132951947A9F0D80C4D2012B7BAB8EF8D0 ] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
12:59:46.0750 0x18ec  CLMLServer for HP TouchSmart - ok
12:59:46.0812 0x18ec  [ CD1E74BC24CB1D1544406741F46F4D61, 658529854926471AE413D8A365C8E6500AEBDC33A562607DAB185F1571A5524B ] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
12:59:46.0822 0x18ec  UCam_Menu - ok
12:59:46.0867 0x18ec  [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
12:59:46.0870 0x18ec  HP Software Update - ok
12:59:46.0915 0x18ec  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
12:59:46.0918 0x18ec  Adobe Reader Speed Launcher - ok
12:59:47.0087 0x18ec  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:59:47.0147 0x18ec  Adobe ARM - ok
12:59:47.0304 0x18ec  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:59:47.0308 0x18ec  APSDaemon - ok
12:59:47.0422 0x18ec  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
12:59:47.0440 0x18ec  SunJavaUpdateSched - ok
12:59:47.0521 0x18ec  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
12:59:47.0540 0x18ec  QuickTime Task - ok
12:59:47.0609 0x18ec  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
12:59:47.0615 0x18ec  iTunesHelper - ok
12:59:47.0901 0x18ec  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:59:47.0986 0x18ec  Sidebar - ok
12:59:47.0994 0x18ec  WindowsWelcomeCenter - ok
12:59:48.0235 0x18ec  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:59:48.0304 0x18ec  Sidebar - ok
12:59:48.0313 0x18ec  WindowsWelcomeCenter - ok
12:59:48.0650 0x18ec  [ 4A9295C9BE22739D030AB072E9A0B169, 160DD838AAE97B448D5443BB05C3C1D97637A72FFA714143CF69BA5A7FC066A6 ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
12:59:48.0781 0x18ec  LightScribe Control Panel - ok
12:59:48.0978 0x18ec  [ 1C2C3F7F29D8217A0560B1E82E69028E, 4C42B633322F7CAB0639127C4B0BFBB1F13DE822C8A163B037C621859AC5476D ] C:\Users\raypahl\AppData\Roaming\mjusbsp\cdloader2.exe
12:59:48.0980 0x18ec  cdloader - ok
12:59:49.0025 0x18ec  [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe
12:59:49.0033 0x18ec  ehTray.exe - ok
12:59:49.0122 0x18ec  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
12:59:49.0125 0x18ec  swg - ok
12:59:49.0175 0x18ec  GoogleDriveSync - ok
12:59:49.0487 0x18ec  [ C45F039D216F214978E6CB6627E94834, 50127C7A449ABBE7031D602669E52CBBDF2C109393E2E8CC7D00A5F9D30B7D7A ] C:\Program Files (x86)\Origin\Origin.exe
12:59:49.0751 0x18ec  EADM - ok
12:59:50.0633 0x18ec  [ 6D0BCB1BA8F55A6C1107C2D9DA03DAD7, 175019D3359446DDD2416EA5462AEB82434DBC9C96E3AC4726F5E68D0728F10F ] C:\Program Files\CCleaner\CCleaner64.exe
12:59:51.0374 0x18ec  CCleaner Monitoring - ok
12:59:51.0527 0x18ec  [ 0BDAE865738D27A4D84D50591C8C9D2D, 70010EBA09129858AF32F03079E70E974EBFF8700F5F93DCA2EC8A6B0991E2AC ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
12:59:51.0557 0x18ec  736701A46C7D59E46F8F7D9F95111119F406C6DA._service_run - ok
12:59:51.0561 0x18ec  Waiting for KSN requests completion. In queue: 113
12:59:52.0679 0x18ec  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x50000 ( disabled : updated )
12:59:52.0683 0x18ec  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51010 ( enabled )
12:59:52.0991 0x18ec  ============================================================
12:59:52.0991 0x18ec  Scan finished
12:59:52.0991 0x18ec  ============================================================
12:59:53.0021 0x1dd0  Detected object count: 0
12:59:53.0021 0x1dd0  Actual detected object count: 0
13:04:21.0989 0x12c4  Deinitialize success
 
 


#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 September 2014 - 01:35 PM

Hi Deb, 

 

Lets begin by clearing your Temp files, and removing the adware/Potentially Unwanted Programmes (PUPs) from your machine. Please let me know how your computer is performing after carrying out the steps below. 

 

STEP 1
bQqV3wh.png.pagespeed.ce.nfnKaopJpl.png Temporary File Clean (TFC)

  • Please download TFC and save the file to your Desktop
  • Close any open windows. 
  • Double-click TFC.exe to run the programme. 
  • Click Start
  • Allow TFC to run interrupted
  • Upon completion, your computer will reboot automatically. If this does not happen, please manually reboot
  • Note: It is not unusual for a computer to reboot slower than usual immediately after running TFC. 
     

STEP 2
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

 

======================================================

STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
  • How is your computer performing?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 04 September 2014 - 10:05 PM

# AdwCleaner v3.309 - Report created 04/09/2014 at 22:14:41
# Updated 02/09/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : raypahl - RAYPAHL-PC
# Running from : C:\Users\raypahl\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16563
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=393&systemid=1&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=394&systemid=406&v=n10569-191&apn_uid=5242587643844406&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtAyD0A0AtB0CtCzy0DyDzytAyCtN0D0Tzu0SzztDzztN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBtAtA0DtBtB0F0CtGyC0CyEyBtG0AzzzzzytGyByEzytCtGtA0Bzy0BtByB0F0AzzyE0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyBtCyCtCzzyDtGzzyDyD0FtG0F0CyCtBtGyEyDyD0AtGyBtCzztDtByEyBtAtC0B0Dzz2Q&cr=875945969&ir=
Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtByDyDyCtD0B0CtCyE0AyDzytAyCtN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0AtBtB0CzytD0AtG0B0DyDyDtGtByB0E0FtG0AzzzytCtGyEtBtA0EtDyC0E0FtDyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyBtCyCtCzzyDtGzzyDyD0FtG0F0CyCtBtGyEyDyD0AtGyBtCzztDtByEyBtAtC0B0Dzz2Q&cr=825122000&ir=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.copykat.com/search-results/?cx=partner-pub-0841833791264058%3Ayum4s9-67sy&cof=FORID%3A10&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=hxxp%3A%2F%2Fwww.copykat.com&siteurl=www.copykat.com%2F&ref=&ss=2800j567634j17
 
*************************
 
AdwCleaner[R0].txt - [21488 octets] - [25/08/2014 23:08:19]
AdwCleaner[R1].txt - [16674 octets] - [28/08/2014 23:16:54]
AdwCleaner[R2].txt - [3238 octets] - [04/09/2014 22:11:16]
AdwCleaner[S0].txt - [14523 octets] - [28/08/2014 23:21:13]
AdwCleaner[S1].txt - [2981 octets] - [04/09/2014 22:14:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3041 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by raypahl on Thu 09/04/2014 at 22:22:55.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4F9E70D-278C-4DF1-9FC5-BE3696B95E75}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/04/2014 at 22:35:41.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by raypahl (administrator) on RAYPAHL-PC on 04-09-2014 22:37:12
Running from C:\Users\raypahl\Desktop
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915000 2009-01-08] (Hewlett-Packard)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2009-03-06] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [463360 2009-01-28] (IDT, Inc.)
HKLM-x32\...\Run: [DVDAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TVAgent] => C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [202024 2009-05-11] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-01-13] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [484408 2009-01-23] (Hewlett-Packard)
HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-29] (CyberLink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [cdloader] => C:\Users\raypahl\AppData\Roaming\mjusbsp\cdloader2.exe [50520 2009-08-01] (magicJack L.P.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-15] (Google Inc.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-18] (Electronic Arts)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\Run: [736701A46C7D59E46F8F7D9F95111119F406C6DA._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {6463d860-7665-11de-9a1c-00235aa2c19d} - G:\autorun.exe
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {edf1cabe-19b1-11df-b12b-00235aa2c19d} - G:\laucher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://start.mysearc...r=875945969&ir=
SearchScopes: HKLM-x32 - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{94FA59CE-8C9A-4984-B67B-149BBF13BD4C}: [NameServer] 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-04]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.facebook.com/", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (YouTube) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-15]
CHR Extension: (Google Search) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-15]
CHR Extension: (Bamboo Spear) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakplngdcboeilofopihpjnoeclenhmn [2014-06-09]
CHR Extension: (ForMATsConnverte) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikibmcaiaglfhgchhnjcnngloanbafb [2014-04-14]
CHR Extension: (Zoominto) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnkoafephiilajeompiffeohpcloapob [2014-07-03]
CHR Extension: (AdBlock) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-31]
CHR Extension: (Norton Identity Safe) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-18]
CHR Extension: (Norton Identity Protection) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-13]
CHR Extension: (Google Wallet) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-15]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\raypahl\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [88576 2008-11-17] (Andrea Electronics Corporation)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-11-25] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe [290304 2009-01-28] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-10] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-20] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140903.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140904.001\ENG64.SYS [129752 2014-08-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140904.001\EX64.SYS [2137304 2014-08-27] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-07-23] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 22:35 - 2014-09-04 22:35 - 00001260 _____ () C:\Users\raypahl\Desktop\JRT.txt
2014-09-04 22:22 - 2014-09-04 22:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 22:20 - 2014-09-04 22:20 - 00003125 _____ () C:\Users\raypahl\Desktop\AdwCleaner[S1].txt
2014-09-04 22:06 - 2014-09-04 22:17 - 00000656 _____ () C:\Windows\PFRO.log
2014-09-04 22:01 - 2014-09-04 22:01 - 01016261 _____ (Thisisu) C:\Users\raypahl\Desktop\JRT.exe
2014-09-04 21:59 - 2014-09-04 21:59 - 01370467 _____ () C:\Users\raypahl\Desktop\AdwCleaner.exe
2014-09-04 21:55 - 2014-09-04 21:55 - 00448512 _____ (OldTimer Tools) C:\Users\raypahl\Desktop\TFC.exe
2014-09-03 12:54 - 2014-09-03 12:55 - 00043910 _____ () C:\Users\raypahl\Desktop\Addition.txt
2014-09-03 12:52 - 2014-09-04 22:38 - 00031077 _____ () C:\Users\raypahl\Desktop\FRST.txt
2014-09-03 12:51 - 2014-09-04 22:37 - 00000000 ____D () C:\FRST
2014-09-03 12:50 - 2014-09-03 12:50 - 02104832 _____ (Farbar) C:\Users\raypahl\Desktop\frst64.exe
2014-09-03 12:49 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Desktop\tdsskiller.exe
2014-09-03 12:48 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Downloads\tdsskiller.exe
2014-09-01 17:17 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis901.txt
2014-09-01 17:16 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis.log
2014-09-01 16:23 - 2014-09-01 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (2).exe
2014-09-01 16:21 - 2014-09-01 16:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (1).exe
2014-08-29 03:02 - 2014-08-22 20:05 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 03:02 - 2014-08-22 19:42 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:02 - 2014-08-22 18:38 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 23:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 23:08 - 2014-09-04 22:15 - 00000000 ____D () C:\AdwCleaner
2014-08-25 22:22 - 2014-08-25 22:22 - 00000004 _____ () C:\Users\raypahl\AppData\Roaming\appdataFr2.bin
2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe
2014-08-25 17:11 - 2014-08-25 17:11 - 04814696 _____ (Piriform Ltd) C:\Users\raypahl\Downloads\ccsetup416pro.exe
2014-08-25 16:46 - 2014-09-04 22:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 16:45 - 2014-08-31 07:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 16:45 - 2014-08-25 16:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 16:45 - 2014-08-25 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-25 16:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-25 16:30 - 2014-08-25 16:30 - 00020212 _____ () C:\Users\raypahl\Downloads\hijackthis.log
2014-08-25 16:28 - 2014-08-25 16:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Desktop\HijackThis.exe
2014-08-22 09:09 - 2014-08-22 09:17 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater
2014-08-22 09:01 - 2014-08-22 09:02 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe
2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe
2014-08-18 08:23 - 2014-08-18 08:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-08-16 03:04 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:04 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:04 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:04 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:04 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:04 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:04 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:03 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 18:11 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 18:11 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 18:11 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 18:11 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 18:11 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 18:11 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 18:11 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 18:11 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 18:11 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 18:11 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 18:11 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 18:11 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 18:11 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 18:11 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 18:11 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 18:11 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 18:11 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 18:11 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 18:11 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 18:11 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 18:11 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 18:11 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 18:11 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-15 18:11 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 18:11 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 18:11 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 18:11 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-15 18:11 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-15 18:11 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-15 18:11 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 18:10 - 2014-07-07 20:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 18:10 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 18:10 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 18:10 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 17:56 - 2014-06-02 16:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 17:56 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 17:56 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 17:56 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-15 17:56 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 17:56 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 17:56 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 17:56 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-11 05:46 - 2014-08-25 21:35 - 00000000 ____D () C:\ProgramData\GetDiscountApp
2014-08-07 13:48 - 2014-08-07 13:48 - 00000000 ____D () C:\Users\raypahl\Documents\My Scans
2014-08-05 03:32 - 2014-08-05 03:32 - 00000000 ____D () C:\Users\raypahl\Downloads\ge
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 22:38 - 2014-09-03 12:52 - 00031077 _____ () C:\Users\raypahl\Desktop\FRST.txt
2014-09-04 22:37 - 2014-09-03 12:51 - 00000000 ____D () C:\FRST
2014-09-04 22:35 - 2014-09-04 22:35 - 00001260 _____ () C:\Users\raypahl\Desktop\JRT.txt
2014-09-04 22:27 - 2011-09-30 18:26 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\ID Vault
2014-09-04 22:25 - 2009-06-13 22:34 - 01514209 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 22:22 - 2014-09-04 22:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-04 22:20 - 2014-09-04 22:20 - 00003125 _____ () C:\Users\raypahl\Desktop\AdwCleaner[S1].txt
2014-09-04 22:20 - 2013-12-22 22:18 - 00000000 ___RD () C:\Users\raypahl\Google Drive
2014-09-04 22:19 - 2014-08-25 16:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 22:17 - 2014-09-04 22:06 - 00000656 _____ () C:\Windows\PFRO.log
2014-09-04 22:17 - 2012-08-15 05:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 22:17 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 22:17 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 22:17 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 22:15 - 2014-08-25 23:08 - 00000000 ____D () C:\AdwCleaner
2014-09-04 22:15 - 2009-03-06 00:13 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-09-04 22:15 - 2006-11-02 10:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-04 22:04 - 2011-09-30 18:26 - 00000000 ____D () C:\ID Vault
2014-09-04 22:01 - 2014-09-04 22:01 - 01016261 _____ (Thisisu) C:\Users\raypahl\Desktop\JRT.exe
2014-09-04 21:59 - 2014-09-04 21:59 - 01370467 _____ () C:\Users\raypahl\Desktop\AdwCleaner.exe
2014-09-04 21:55 - 2014-09-04 21:55 - 00448512 _____ (OldTimer Tools) C:\Users\raypahl\Desktop\TFC.exe
2014-09-04 19:53 - 2012-08-15 05:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 19:42 - 2012-03-30 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 12:55 - 2014-09-03 12:54 - 00043910 _____ () C:\Users\raypahl\Desktop\Addition.txt
2014-09-03 12:50 - 2014-09-03 12:50 - 02104832 _____ (Farbar) C:\Users\raypahl\Desktop\frst64.exe
2014-09-03 12:48 - 2014-09-03 12:49 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Desktop\tdsskiller.exe
2014-09-03 12:48 - 2014-09-03 12:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\raypahl\Downloads\tdsskiller.exe
2014-09-03 11:15 - 2011-09-30 18:25 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-09-03 11:14 - 2014-05-02 08:06 - 00003702 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63273914-070F-423C-8DEA-C435739090F0}
2014-09-03 11:07 - 2009-07-29 09:34 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-01 17:17 - 2014-09-01 17:17 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis901.txt
2014-09-01 17:17 - 2014-09-01 17:16 - 00017187 _____ () C:\Users\raypahl\Desktop\hijackthis.log
2014-09-01 16:43 - 2013-12-22 21:34 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\PhotoScape
2014-09-01 16:42 - 2011-10-05 06:39 - 00000000 ____D () C:\Users\raypahl\AppData\Local\CrashDumps
2014-09-01 16:36 - 2013-10-18 22:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-01 16:36 - 2009-03-06 02:08 - 00003584 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-09-01 16:29 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\security
2014-09-01 16:23 - 2014-09-01 16:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (2).exe
2014-09-01 16:21 - 2014-09-01 16:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Downloads\HiJackThis (1).exe
2014-08-31 07:46 - 2014-08-25 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 08:07 - 2011-10-30 10:04 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\HpUpdate
2014-08-29 03:21 - 2006-11-02 10:21 - 00324312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 23:30 - 2011-09-30 18:26 - 00000000 ____D () C:\Users\raypahl\AppData\Local\ID Vault
2014-08-25 23:39 - 2009-07-21 21:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-08-25 22:22 - 2014-08-25 22:22 - 00000004 _____ () C:\Users\raypahl\AppData\Roaming\appdataFr2.bin
2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe
2014-08-25 21:52 - 2012-03-30 23:58 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-25 21:52 - 2012-03-30 23:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 21:52 - 2011-09-30 18:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-25 21:35 - 2014-08-11 05:46 - 00000000 ____D () C:\ProgramData\GetDiscountApp
2014-08-25 21:27 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Provisioning
2014-08-25 21:22 - 2014-07-05 15:25 - 00000000 ____D () C:\ProgramData\RoyaalShopperApp
2014-08-25 21:22 - 2014-05-21 06:01 - 00000000 ____D () C:\ProgramData\LuucakySShoPppEr
2014-08-25 18:56 - 2014-03-17 12:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-25 18:53 - 2011-10-12 14:02 - 00000000 ____D () C:\Windows\Minidump
2014-08-25 18:53 - 2009-03-06 01:34 - 00000000 ____D () C:\Windows\panther
2014-08-25 18:47 - 2013-10-18 22:46 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-25 18:47 - 2013-10-18 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-25 17:11 - 2014-08-25 17:11 - 04814696 _____ (Piriform Ltd) C:\Users\raypahl\Downloads\ccsetup416pro.exe
2014-08-25 16:45 - 2014-08-25 16:45 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 16:45 - 2014-08-25 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:45 - 2013-10-18 22:47 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\Malwarebytes
2014-08-25 16:45 - 2013-10-18 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-25 16:30 - 2014-08-25 16:30 - 00020212 _____ () C:\Users\raypahl\Downloads\hijackthis.log
2014-08-25 16:30 - 2009-07-21 13:22 - 00000000 ____D () C:\Users\raypahl\AppData\Local\VirtualStore
2014-08-25 16:29 - 2014-08-25 16:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\raypahl\Desktop\HijackThis.exe
2014-08-23 08:01 - 2009-03-06 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-22 20:49 - 2012-08-15 05:39 - 00001985 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 20:48 - 2012-08-15 05:37 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-22 20:48 - 2012-08-15 05:37 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-22 20:05 - 2014-08-29 03:02 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:42 - 2014-08-29 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:38 - 2014-08-29 03:02 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 09:34 - 2009-07-21 13:29 - 00079888 _____ () C:\Users\raypahl\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-22 09:17 - 2014-08-22 09:09 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater
2014-08-22 09:02 - 2014-08-22 09:01 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe
2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe
2014-08-18 08:23 - 2014-08-18 08:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-08-18 08:15 - 2013-07-11 04:21 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-18 08:15 - 2011-10-07 07:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-18 08:14 - 2013-12-12 05:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-08-18 08:14 - 2011-10-07 07:08 - 00002174 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-08-16 04:24 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-08-16 04:08 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 03:59 - 2009-03-06 01:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-16 03:31 - 2013-08-14 03:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:22 - 2006-11-02 07:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-08 03:19 - 2013-08-24 14:09 - 00000000 ____D () C:\Users\raypahl\Documents\deb
2014-08-07 13:48 - 2014-08-07 13:48 - 00000000 ____D () C:\Users\raypahl\Documents\My Scans
2014-08-05 03:32 - 2014-08-05 03:32 - 00000000 ____D () C:\Users\raypahl\Downloads\ge
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-04 22:24
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by raypahl at 2014-09-04 22:39:02
Running from C:\Users\raypahl\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CallAtlanta (HKLM-x32\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.425.1 - Comcast)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2512 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
ENE CIR Receiver Driver (12/30/2008 2.7.2.0) (HKLM\...\703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91) (Version: 12/30/2008 2.7.2.0 - ENE)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2829 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.2.2829 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{0BC595C4-F736-4EB4-A1C0-32C7E81800F0}) (Version: 2.1.10 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1709 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.1.1709 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.2.1621 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.2.1621 - Hewlett-Packard) Hidden
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0135 (HKLM-x32\...\{372ED957-0FB5-487B-B51A-388B3D393F7A}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{462DED50-EC2E-4237-ABCF-B5C463C0EE51}) (Version: 3.50.3.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6146.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 12 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1312 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1312 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2512 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2512 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2512 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wiliper (x32 Version: 012.000.1498 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.31 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinTOTAL (HKLM-x32\...\{0A482964-EC0F-4E65-A51E-CC42CEBD2E58}) (Version:  - )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
22-06-2014 15:11:34 Scheduled Checkpoint
23-06-2014 20:48:58 Scheduled Checkpoint
05-07-2014 23:09:26 Scheduled Checkpoint
06-07-2014 14:54:48 Scheduled Checkpoint
09-07-2014 08:00:15 Windows Update
26-07-2014 08:00:47 Windows Update
13-08-2014 02:00:35 Scheduled Checkpoint
14-08-2014 05:00:02 Scheduled Checkpoint
16-08-2014 03:21:21 Scheduled Checkpoint
16-08-2014 08:00:29 Windows Update
16-08-2014 23:23:07 Scheduled Checkpoint
22-08-2014 16:22:09 Scheduled Checkpoint
23-08-2014 12:57:06 Installed HP Update.
26-08-2014 03:00:05 Removed Ask Toolbar
26-08-2014 03:02:21 Removed Ask Toolbar
26-08-2014 04:32:54 Removed Juno Preloader
26-08-2014 04:34:59 Removed NetZero Preloader
29-08-2014 08:00:18 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FFABCD4-278F-42C5-B6B8-107B8E0BD779} - \MySearchDial No Task File <==== ATTENTION
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1E47DECC-A445-437E-BA49-BF68A0FE709D} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2676CF9D-8246-4E69-9166-E93FAAEF4707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25] (Adobe Systems Incorporated)
Task: {26A14F59-C4B7-4635-B55E-D549FC37A5F6} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {29F9C852-B915-4224-BCE9-CDDE1720D11E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {53AE83B5-2779-48D8-9291-D9D25528EF92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E74CFCE-FF9D-417D-9884-56337FA84896} - System32\Tasks\HPCeeScheduleForraypahl => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {7270E50C-102D-4B33-907A-B441C7D003B6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {72735A21-F669-4478-AE2E-E5032437DA55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {7AE1E7BC-FB9F-4ECA-90D9-07B5675C3513} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7F356BA2-6175-4E85-B1AA-6A9A6529A56A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {9CCC667C-EEF3-4029-8EE4-EE411D4E7A07} - \Groovorio Updater No Task File <==== ATTENTION
Task: {C4A2780D-68B8-4F95-A118-6E5DD88047E0} - System32\Tasks\NetworkWizardHNW => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-12-17] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F1351889-C902-458D-940D-9EEB132FCC88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForraypahl.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\updaterex.job => C:\Users\raypahl\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2008-11-26 19:12 - 2008-11-26 19:12 - 00074536 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus64.dll
2009-03-06 02:02 - 2008-12-23 19:18 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2009-03-06 01:55 - 2008-11-25 18:29 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2008-11-26 19:13 - 2008-11-26 19:13 - 00296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2008-11-26 19:13 - 2008-11-26 19:13 - 00116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2014-04-14 14:41 - 2014-04-14 14:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-04-28 15:32 - 2014-04-28 15:32 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
2014-09-04 22:18 - 2014-09-04 22:18 - 00098816 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32api.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00110080 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\pywintypes27.dll
2014-09-04 22:18 - 2014-09-04 22:18 - 00364544 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\pythoncom27.dll
2014-09-04 22:18 - 2014-09-04 22:18 - 00044032 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\_socket.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 01157120 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\_ssl.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00320512 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32com.shell.shell.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00712192 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\_hashlib.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 01175040 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._core_.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00805888 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._gdi_.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00811008 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._windows_.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 01062400 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._controls_.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00735232 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._misc_.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00128512 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\_elementtree.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00127488 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\pyexpat.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00557056 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\pysqlite2._sqlite.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00087040 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\_ctypes.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00119808 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32file.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00108544 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32security.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00018432 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32event.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00038912 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32inet.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00122368 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._wizard.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00070656 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\wx._html2.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00026624 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\_multiprocessing.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00010240 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\select.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00024064 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32pipe.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00686080 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\unicodedata.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00025600 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32pdh.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00525640 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\windows._lib_cacheinvalidation.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00011264 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32crypt.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00035840 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32process.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00017408 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32profile.pyd
2014-09-04 22:18 - 2014-09-04 22:18 - 00022528 _____ () C:\Users\raypahl\AppData\Local\Temp\_MEI27802\win32ts.pyd
2008-11-26 19:13 - 2008-11-26 19:13 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2009-04-29 22:11 - 2009-04-29 22:11 - 00906536 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-03-06 02:02 - 2008-12-23 19:18 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-11-26 19:13 - 2008-11-26 19:13 - 00263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2008-11-26 19:13 - 2008-11-26 19:13 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-04 22:38:45.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:44.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:44.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:44.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:43.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:43.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:43.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:42.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:15.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 22:38:15.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 48%
Total physical RAM: 3998.02 MB
Available physical RAM: 2053.11 MB
Total Pagefile: 8215.32 MB
Available Pagefile: 5784.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.13 GB) (Free:165.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:2.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 636BBFB1)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Still have the Ad by WorldWideWebCoupon coming up with a close option.  In other places a word may be highlighted and there is a little green button by it and if you scroll over it a picture comes up with an ad.  
 
if I do a Google search, the first several items are all worldwebcoupon results.  I googled farmer's almanac for example, came up with the worldwidewebcoupon results, then I went to the page and in the middle of the farmers almanac page it displayed fine for a second and then an ad popped up.  I don't seem to have pages opening up any longer though, thank you.
 
After rebooting, I got a message that google chrome crashed, then chrome stopped working, looking for a solution.
 
 


#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 05 September 2014 - 01:46 AM

Hello Deb, 

 

Did you install, and do you use the following programmes?

  • DriverTuner 3.1.0.1
  • Google Toolbar for Internet Explorer
  • Microsoft Live Search Toolbar 
  • WinTOTAL
  • Yahoo! Messenger 
  • Yahoo! Software Update
     

Did you install, and do you use the following Chrome extensions?

  • CHR Extension: (ForMATsConnverte) 
  • CHR Extension: (Zoominto) 
     

STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {6463d860-7665-11de-9a1c-00235aa2c19d} - G:\autorun.exe
    HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {edf1cabe-19b1-11df-b12b-00235aa2c19d} - G:\laucher.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
    SearchScopes: HKLM - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF
    SearchScopes: HKLM - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
    SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://start.mysearc...r=875945969&ir=
    SearchScopes: HKLM-x32 - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
    SearchScopes: HKCU - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
    Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
    Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
    2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe
    2014-08-22 09:09 - 2014-08-22 09:17 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater
    2014-08-22 09:01 - 2014-08-22 09:02 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe
    2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe
    2014-08-11 05:46 - 2014-08-25 21:35 - 00000000 ____D () C:\ProgramData\GetDiscountApp
    2014-08-25 21:22 - 2014-07-05 15:25 - 00000000 ____D () C:\ProgramData\RoyaalShopperApp
    2014-08-25 21:22 - 2014-05-21 06:01 - 00000000 ____D () C:\ProgramData\LuucakySShoPppEr
    Task: {0FFABCD4-278F-42C5-B6B8-107B8E0BD779} - \MySearchDial No Task File <==== ATTENTION
    Task: {9CCC667C-EEF3-4029-8EE4-EE411D4E7A07} - \Groovorio Updater No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\updaterex.job => C:\Users\raypahl\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    C:\Windows\Tasks\updaterex.job
    C:\Users\raypahl\AppData\Roaming\UPDATE~1
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (2).eml:OECustomProperty
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (3).eml:OECustomProperty
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (4).eml:OECustomProperty
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (5).eml:OECustomProperty
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (6).eml:OECustomProperty
    AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message.eml:OECustomProperty
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
    Folder: C:\Users\raypahl\AppData\Local\ID Vault
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xnWhGEI3.png.pagespeed.ic.cDN7g2AqT7.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Users\raypahl\AppData\Roaming\appdataFr2.bin
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Answers to questions
  • Fixlog.txt
  • VirusTotal results
  • Update on computer?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 06 September 2014 - 08:42 PM

Adam,

 

Regarding the addition of programs, no I did not, but as this is a family computer, I can imagine someone else did, however, I can say that they are not used or needed, same goes for the extensions.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by raypahl at 2014-09-06 19:45:06 Run:1
Running from C:\Users\raypahl\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {6463d860-7665-11de-9a1c-00235aa2c19d} - G:\autorun.exe
HKU\S-1-5-21-513785977-584283709-202011636-1000\...\MountPoints2: {edf1cabe-19b1-11df-b12b-00235aa2c19d} - G:\laucher.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
SearchScopes: HKLM - {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://start.mysearc...r=875945969&ir=
SearchScopes: HKLM-x32 - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {B226DAE9-F4F6-41AA-9CD0-4000E7E09068} URL = http://www.ask.com/w...}&l=dis&o=ushpl
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
2014-08-25 21:54 - 2014-08-25 21:54 - 05572640 _____ (383 Media, Inc.) C:\Users\raypahl\Downloads\DriverRestore.exe
2014-08-22 09:09 - 2014-08-22 09:17 - 00000000 ____D () C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater
2014-08-22 09:01 - 2014-08-22 09:02 - 00376856 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe
2014-08-18 18:12 - 2014-08-18 18:12 - 00376824 _____ (Installer Technology Co) C:\Users\raypahl\Downloads\SoftwareUpdater.exe
2014-08-11 05:46 - 2014-08-25 21:35 - 00000000 ____D () C:\ProgramData\GetDiscountApp
2014-08-25 21:22 - 2014-07-05 15:25 - 00000000 ____D () C:\ProgramData\RoyaalShopperApp
2014-08-25 21:22 - 2014-05-21 06:01 - 00000000 ____D () C:\ProgramData\LuucakySShoPppEr
Task: {0FFABCD4-278F-42C5-B6B8-107B8E0BD779} - \MySearchDial No Task File <==== ATTENTION
Task: {9CCC667C-EEF3-4029-8EE4-EE411D4E7A07} - \Groovorio Updater No Task File <==== ATTENTION
Task: C:\Windows\Tasks\updaterex.job => C:\Users\raypahl\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Windows\Tasks\updaterex.job
C:\Users\raypahl\AppData\Roaming\UPDATE~1
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\raypahl\Downloads\0riginal_message.eml:OECustomProperty
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
Folder: C:\Users\raypahl\AppData\Local\ID Vault
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-513785977-584283709-202011636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6463d860-7665-11de-9a1c-00235aa2c19d}" => Key deleted successfully.
"HKCR\CLSID\{6463d860-7665-11de-9a1c-00235aa2c19d}" => Key not found.
"HKU\S-1-5-21-513785977-584283709-202011636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edf1cabe-19b1-11df-b12b-00235aa2c19d}" => Key deleted successfully.
"HKCR\CLSID\{edf1cabe-19b1-11df-b12b-00235aa2c19d}" => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}" => Key deleted successfully.
"HKCR\CLSID\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}" => Key deleted successfully.
"HKCR\CLSID\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
"HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}" => Key deleted successfully.
"HKCR\CLSID\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => Key deleted successfully.
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
C:\Users\raypahl\Downloads\DriverRestore.exe => Moved successfully.
C:\Users\raypahl\AppData\Roaming\OpenSoftwareUpdater => Moved successfully.
C:\Users\raypahl\Downloads\SoftwareUpdater (1).exe => Moved successfully.
C:\Users\raypahl\Downloads\SoftwareUpdater.exe => Moved successfully.
C:\ProgramData\GetDiscountApp => Moved successfully.
C:\ProgramData\RoyaalShopperApp => Moved successfully.
C:\ProgramData\LuucakySShoPppEr => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FFABCD4-278F-42C5-B6B8-107B8E0BD779}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FFABCD4-278F-42C5-B6B8-107B8E0BD779}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CCC667C-EEF3-4029-8EE4-EE411D4E7A07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CCC667C-EEF3-4029-8EE4-EE411D4E7A07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio Updater" => Key deleted successfully.
C:\Windows\Tasks\updaterex.job => Moved successfully.
"C:\Windows\Tasks\updaterex.job" => File/Directory not found.
"C:\Users\raypahl\AppData\Roaming\UPDATE~1" => File/Directory not found.
C:\Users\raypahl\Downloads\0riginal_message (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\raypahl\Downloads\0riginal_message (2).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\raypahl\Downloads\0riginal_message (3).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\raypahl\Downloads\0riginal_message (4).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\raypahl\Downloads\0riginal_message (5).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\raypahl\Downloads\0riginal_message (6).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\raypahl\Downloads\0riginal_message.eml => ":OECustomProperty" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\plsapp" => Key deleted successfully.
 
========================= Folder: C:\Users\raypahl\AppData\Local\ID Vault ========================
 
2013-08-24 13:57 - 2014-05-23 21:10 - 0000066 _____ () C:\Users\raypahl\AppData\Local\ID Vault\da.dat
2011-09-30 18:28 - 2011-10-23 21:47 - 0011486 _____ () C:\Users\raypahl\AppData\Local\ID Vault\djmnopqs.bak
2011-09-30 18:26 - 2011-10-23 21:47 - 0011486 _____ () C:\Users\raypahl\AppData\Local\ID Vault\djmnopqs.dat
2011-09-30 18:26 - 2011-09-30 18:26 - 0000038 _____ () C:\Users\raypahl\AppData\Local\ID Vault\djmnopqs.guid
2014-08-28 23:30 - 2014-08-28 23:31 - 0000000 ____D () C:\Users\raypahl\AppData\Local\ID Vault\IconCache
2014-08-28 23:30 - 2014-08-28 23:30 - 0001150 _____ () C:\Users\raypahl\AppData\Local\ID Vault\IconCache\25365.ico
2014-08-28 23:30 - 2014-08-28 23:30 - 0001150 _____ () C:\Users\raypahl\AppData\Local\ID Vault\IconCache\41749.ico
2014-08-28 23:31 - 2014-08-28 23:31 - 0011078 _____ () C:\Users\raypahl\AppData\Local\ID Vault\IconCache\8952.ico
2014-08-28 23:30 - 2014-08-28 23:30 - 0001150 _____ () C:\Users\raypahl\AppData\Local\ID Vault\IconCache\8981.ico
 
====== End of Folder: ======
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Echo Request, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 102.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

https://www.virustot...sis/1410050509/

 

Still have worldwidewebcoupon either opening pages, for example, when I click "post" or having highlighted areas on a page.

 

 

Deb



#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 September 2014 - 02:11 AM

Hi Deb,

Which browser(s) are you experiencing this issue with?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 08 September 2014 - 11:28 AM

Chrome.  I did go on IE Saturday and didn't have them there.  Well, I just checked again, and it seems I am not having the problem in Chrome.  Perhaps I checked before I rebooted.  Seems like it is fixed, Adam, thanks so much.



#10 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 08 September 2014 - 12:41 PM

Hello Deb, 
 

Well, I just checked again, and it seems I am not having the problem in Chrome.  Perhaps I checked before I rebooted.  Seems like it is fixed

Very good.

 

Lets tie up a few loose ends, and check for remnants. 
 
 
STEP 1
x6JO0hXH.png.pagespeed.ic.PEMzZKYEz_.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • DriverTuner 3.1.0.1
    • Google Toolbar for Internet Explorer
    • Microsoft Live Search Toolbar
    • WinTOTAL
    • Yahoo! Messenger
    • Yahoo! Software Update
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme will run. If prompted again click Yes.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.

STEP 2
U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Manually Removing Chrome Extension

  • Open Chrome.
  • Type chrome://extensions into the URL bar. 
  • Click the xcCN6rtf.png.pagespeed.ic.mc__q7bGu9.png button next to any extensions you do not use, or do not recognise. 

STEP 3
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update/Remove Java

  • Download the latest version of xj8JVMVP.jpg.pagespeed.ic.nXOrq5CtJG.jpg Java from here.
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for and uninstall the following programmes (if present):
    • Java 7 Update 51
    • Java™ 6 Update 12
    • JavaFX 2.1.1

STEP 4
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 5
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK in Revo? 
  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#11 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 10 September 2014 - 11:03 AM

Just wanted you to know I am working on it. The last one does take a long time. I went to bed with it still running and this morning my husband told me it completed but when I went to look at it, there was a screen asking me to purchase it. I asked my husband if he touched anything, he says he didn't. Hmm? I'm running it again. The last I looked at it last night it had found 16 potential threats. It took almost 15 hours. I will post everything when it's done. Thanks Adam.

#12 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 10 September 2014 - 11:09 AM

Hi Deb,

Log files for ESET Online Scan can be found here: C:\Program Files (x86)\ESET\Esetonlinescanner

If the scan completed, you should find a log here. Cancel the second scan if you manage to find the log. If not, continue with the secons scan, and retrieve the log once complete.

Did you have any issues with the other steps? Do you have the MBAM log ready?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#13 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 11 September 2014 - 01:48 AM

Yes, programs uninstalled ok in Revo and Java updated and removed.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/9/2014
Scan Time: 4:44:05 PM
Logfile: mbamlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.09.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: raypahl
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320491
Time Elapsed: 26 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper.exe.vir MSIL/FileTypeHelper.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper_assoc.exe.vir MSIL/FileTypeHelper.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll.vir Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\raypahl\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 a variant of Win32/SoftPulse.B potentially unwanted application
C:\Users\raypahl\Documents\TelevisionFanatic.exe Win32/AdInstaller potentially unwanted application
C:\Users\raypahl\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\raypahl\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\raypahl\Downloads\ccsetup416pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\raypahl\Downloads\CheatEngine63.exe Win32/OpenCandy potentially unsafe application
C:\Users\raypahl\Downloads\gimp-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\raypahl\Downloads\itunes_setup (1).exe a variant of Win32/InstallCore.BY potentially unwanted application
C:\Users\raypahl\Downloads\setup (2).exe a variant of Win32/KeyLogger.Refog.D application
C:\Users\raypahl\Downloads\ZipExtractorSetup.exe a variant of Win32/InstallCore.LJ potentially unwanted application
 


#14 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 11 September 2014 - 05:51 AM

Hi Deb,
 

C:\Users\raypahl\Downloads\setup (2).exe a variant of Win32/KeyLogger.Refog.D application

Unless you downloaded this file yourself, I suggest you change all passwords using a clean machine immediately.  
If you've used this machine for online banking, I would also check for any unusual bank transactions to be safe. 

STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
    C:\Users\raypahl\Documents\TelevisionFanatic.exe
    C:\Users\raypahl\Downloads\setup (2).exe
    C:\Users\raypahl\Downloads\ZipExtractorSetup.exe
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Remove Outdated Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Reader 9.5.5 
  • Follow the prompts and reboot if necessary.
     

STEP 4
xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button x29Fou9c.jpg.pagespeed.ic.BYzVp8c_Mk.jpg and type Java Control Panel (or javacpl) in the search bar. . 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#15 mommajayne

mommajayne

    Authentic Member

  • Authentic Member
  • PipPip
  • 43 posts

Posted 12 September 2014 - 06:22 AM

Adam,

 

Yes, I installed the keylogger, keeps my teen honest.  

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by raypahl at 2014-09-12 05:10:29 Run:2
Running from C:\Users\raypahl\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\raypahl\Documents\TelevisionFanatic.exe
C:\Users\raypahl\Downloads\setup (2).exe
C:\Users\raypahl\Downloads\ZipExtractorSetup.exe
EmptyTemp:
end
*****************
 
C:\Users\raypahl\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 => Moved successfully.
C:\Users\raypahl\Documents\TelevisionFanatic.exe => Moved successfully.
C:\Users\raypahl\Downloads\setup (2).exe => Moved successfully.
C:\Users\raypahl\Downloads\ZipExtractorSetup.exe => Moved successfully.
EmptyTemp: => Removed 692.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.87  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 37.0.2062.120  
 Google Chrome update.dll..  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
My computer appears to be all better!  Thanks so much.
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users