Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I got rootkited and have leftover damage... [Solved]


  • This topic is locked This topic is locked
33 replies to this topic

#1 Nare

Nare

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 02 November 2014 - 03:06 AM

I actually had problems cause I went without anti-virus for a while but in the end I looked around and learned up and managed to stabilize the infection and clean the computer and it's pretty much stable now. I did have to use ComboFix however, because it got really bad, like startup issues and fan going into hyper drive bad, and I know it doesn't completely remove everything hence why I am on assistance forums. But most of the problem was just that I was constantly infected due to having no firewall, which I fixed now.

 

So I got ComboFix logs, and I can also go into major detail on what happened and have screens of all sorts of errors, but almost all of them are gone now. My issue is that it may also have been a hacker so I want to root anything left, and to fix some damage left on Windows, namely:

 

1) Safe Mode doesn't work. ComboFix says SafeBootRegistry is damaged and needs fixing but it's better to ask first than to look it up myself.

 

2) Disk space on Windows vanished while I was infected. And I am pretty sure it was viruses, because as I was scanning whenever I got attacked again there'd be some disk space missing, and after the scan removed the virus space would clear up, especially true of startup viruses. I even did stuff like clear some space just in case, had 6 GB left, and on restart I only had 3 GB, like wtf.

 

I got something to view disk space better with and this looks a bit suspicious. I DO have most of my drive space taken up, but I am convinced I am a few GB short, and even though I calculated my folders and they add up almost exactly to my disk space...Windows folder is 25 GB ;/.

 

The Program Data folder I didn't calculate...because it's 181 GB...when my drive system is just 151 GB. Treesize says my total disk space on C is 331 GB, when I don't even reach 300 GB total disk space. I am confused by this display error or whatever it is. Microsoft takes up almost all of that with cached icons.

 

 

wtf_Program_Data_Size.png

 

That 1,9 GB file looks especially suspicious, because its nothing but unrecognized file types with long random character names. Can I just delete it?

 

Anyway here's the logs you asked me for. I couldn't run FRST because Windows canceled it even as it was downloading on the count of being suspicious or something. Got an error saying path to it couldn't be found. Might be part of the virus damage or maybe just my firewall, in any case, letting you know first.

 

 

aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
Run date: 2014-11-01 21:02:18
-----------------------------
21:02:18.223    OS Version: Windows x64 6.1.7601 Service Pack 1
21:02:18.223    Number of processors: 2 586 0x2A07
21:02:18.223    ComputerName: RAMONA-PC  UserName: Iuliu
21:02:23.331    Initialize success
21:02:23.613    VM: initialized successfully
21:02:23.613    VM: Intel CPU supported
21:02:38.453    VM: supported disk I/O iaStor.sys
21:04:59.604    AVAST engine defs: 14110100
21:06:45.397    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:06:45.407    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
21:06:45.547    VM: Disk 0 MBR read successfully
21:06:45.557    Disk 0 MBR scan
21:06:45.567    Disk 0 Windows 7 default MBR code
21:06:45.577    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:06:45.607    Disk 0 Boot: NTFS     code=2
21:06:45.657    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       155144 MB offset 206848
21:06:45.687    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       149999 MB offset 317941760
21:06:45.927    Disk 0 scanning C:\Windows\system32\drivers
21:07:07.342    Service scanning
21:08:29.854    Modules scanning
21:08:29.854    Disk 0 trace - called modules:
21:08:29.874    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:08:29.884    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006eff060]
21:08:29.884    3 CLASSPNP.SYS[fffff88001c5543f] -> nt!IofCallDriver -> [0xfffffa800460ec40]
21:08:29.894    5 ACPI.sys[fffff88000ef97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004611050]
21:08:33.420    AVAST engine scan C:\Windows
21:08:40.398    AVAST engine scan C:\Windows\system32
21:15:34.011    AVAST engine scan C:\Windows\system32\drivers
21:16:21.478    AVAST engine scan C:\Users\Iuliu
21:25:05.056    File: C:\Users\Iuliu\AppData\Local\YhPack\tmp515A.exe  **INFECTED** Win32:Reveton-ABW [Trj]
21:25:05.118    File: C:\Users\Iuliu\AppData\Local\YhPack\tmp5773.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
21:33:11.096    AVAST engine scan C:\ProgramData
21:35:50.876    Disk 0 MBR has been saved successfully to "D:\####### cleanup!\MBR.dat"
21:35:50.892    The log file has been saved successfully to "D:\####### cleanup!\aswMBR.txt"

 

That YhPack is the most constant name in all the infections I had btw and I could not delete it because I didn't know where it originated and I kept getting infected even if I kept scanning. It seems the two way Firewall is stopping it. Anyway, going to wait for a reply before I do anything else.
 


Edited by Nare, 02 November 2014 - 03:10 AM.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 November 2014 - 05:14 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 03 November 2014 - 06:18 AM

    It was all the protection I have now, which canceled/deleted the file even as it was downloading. Had to use a different browser and shut all the protection down.

     

    I always kind of sensed it was some hacker, but I wasn't really sure what he would have wanted or if it was some automatic infection. But now I know because I checked what some of those files in Secure Program Data were and it was a bunch of stupid movie files of around 800 MB, carp** I would never even watch. Well, here are the logs anyway...

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
    Ran by Iuliu (administrator) on RAMONA-PC on 03-11-2014 13:56:49
    Running from C:\Users\Iuliu\Desktop
    Loaded Profile: Iuliu (Available profiles: Ramona & Iuliu)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Română (România)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    () C:\Program Files (x86)\Join Air\UIExec.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
    (www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [139088 2011-02-14] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-10-30] (Filefacts.net)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3781310032-3316471014-4203319439-1001\...\Policies\Explorer: [Run] "C:\Users\Iuliu\AppData\Roaming\Microsoft\Windows\IEUpdate\verclsid.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    BootExecute: autocheck autochk * lsdeletePCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
    GroupPolicyUsers\S-1-5-21-3781310032-3316471014-4203319439-1001\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nyaa.se/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x75506ACFAEDBCF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://utw.me/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3781310032-3316471014-4203319439-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: 127.0.0.1 localhost

    FireFox:
    ========
    FF ProfilePath: C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Iuliu\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Iuliu\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Iuliu\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: Lavasoft Search Plugin - C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-10-21]
    FF Extension: Windows Photo Viewer Gallery Interface - C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\Extensions\{32603E18-7893-D30E-792A-801055CDA1F3} [2014-09-06]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-16]

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Profile: C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jombbjeacppmnbiehjpajljeohfkdlgi [2014-05-21]
    CHR Profile: C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Drive) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-05]
    CHR Extension: (YouTube) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-05]
    CHR Extension: (Google Search) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-05]
    CHR Extension: (Skype Click to Call) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-04]
    CHR Extension: (Google Wallet) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-05]
    CHR Extension: (Gmail) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-05]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
    CHR StartMenuInternet: Google Chrome - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
    S2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [261456 2011-02-14] ()
    S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-19] (GFI Software)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S3 MEMSWEEP2; C:\Windows\system32\6EF9.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
    S1 pumoymyv; No ImagePath
    S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc) [File not signed]
    S1 SBRE; No ImagePath
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
    S3 X6va008; No ImagePath
    S3 X6va009; No ImagePath
    S3 X6va010; No ImagePath
    S3 X6va011; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 slb; \??\D:\Aeria\ScarletBlade\avital\scarlb64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-03 13:56 - 2014-11-03 13:57 - 00023084 _____ () C:\Users\Iuliu\Desktop\FRST.txt
    2014-11-03 13:56 - 2014-11-03 13:56 - 00000000 ____D () C:\FRST
    2014-11-03 13:55 - 2014-11-03 13:55 - 02114560 _____ (Farbar) C:\Users\Iuliu\Desktop\FRST64.exe
    2014-11-02 09:26 - 2014-11-02 09:26 - 00456624 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-01 20:37 - 2014-11-01 20:37 - 05192704 _____ (AVAST Software) C:\Users\Iuliu\Desktop\aswMBR.exe
    2014-11-01 15:30 - 2014-11-01 15:30 - 00109672 _____ () C:\Users\Iuliu\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-01 09:46 - 2014-11-03 10:49 - 00000392 _____ () C:\Windows\setupact.log
    2014-11-01 09:46 - 2014-11-01 09:46 - 00000000 _____ () C:\Windows\setuperr.log
    2014-10-30 07:55 - 2014-03-25 15:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2014-10-29 20:00 - 2014-10-29 20:00 - 00021075 _____ () C:\ComboFix.txt
    2014-10-29 18:38 - 2014-10-29 18:39 - 00870336 _____ (Opera Software) C:\Users\Iuliu\Downloads\Opera_NI_stable.exe
    2014-10-29 18:36 - 2014-10-29 18:36 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\Opera Software
    2014-10-29 18:36 - 2014-10-29 18:36 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\Opera Software
    2014-10-29 18:35 - 2014-10-31 09:46 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414600540
    2014-10-29 18:35 - 2014-10-31 09:46 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 25.lnk
    2014-10-29 18:35 - 2014-10-29 18:35 - 00001139 _____ () C:\Users\Public\Desktop\Opera 25.lnk
    2014-10-29 16:16 - 2014-10-29 16:16 - 00001225 _____ () C:\Users\Iuliu\Desktop\TreeSize Free.lnk
    2014-10-29 16:16 - 2014-10-29 16:16 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\JAM Software
    2014-10-29 16:16 - 2014-10-29 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
    2014-10-29 16:16 - 2014-10-29 16:16 - 00000000 ____D () C:\Program Files (x86)\JAM Software
    2014-10-29 16:15 - 2014-10-29 16:15 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\ImgBurn
    2014-10-29 16:05 - 2014-10-29 16:05 - 00001881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    2014-10-29 16:05 - 2014-10-29 16:05 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
    2014-10-29 16:05 - 2014-10-29 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2014-10-29 16:05 - 2014-10-29 16:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
    2014-10-28 12:06 - 2014-10-28 15:01 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\Uzixso
    2014-10-26 15:21 - 2014-10-26 15:23 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
    2014-10-26 15:21 - 2014-10-26 15:21 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    2014-10-26 15:21 - 2014-10-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    2014-10-26 15:20 - 2014-10-26 15:21 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
    2014-10-26 15:19 - 2014-10-26 15:19 - 00000000 ____D () C:\ProgramData\CheckPoint
    2014-10-26 10:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-26 10:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-26 10:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-25 16:12 - 2014-10-25 16:13 - 05583977 ____R (Swearware) C:\Users\Iuliu\Desktop\ComboFix.exe
    2014-10-24 23:41 - 2014-10-24 23:41 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
    2014-10-24 14:31 - 2014-10-24 14:31 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2014-10-16 12:08 - 2014-10-16 12:08 - 00033568 _____ () C:\Users\Iuliu\AppData\Local\2ete64.vas
    2014-10-15 20:23 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 20:23 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 20:23 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 20:23 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 20:23 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 20:23 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 20:23 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 20:23 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 20:23 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 20:23 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 20:23 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 20:23 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 20:23 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 20:23 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 20:23 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 20:23 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 20:23 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 20:23 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 20:23 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 20:23 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 20:23 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 20:23 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 20:23 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 20:23 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 20:23 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 20:23 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 20:23 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 20:23 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 20:23 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 20:23 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 20:23 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 20:23 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 20:23 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 20:23 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 20:23 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 20:23 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 20:23 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 20:23 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 20:23 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 20:23 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 20:23 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 20:23 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 20:23 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 20:23 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 20:23 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 20:23 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 20:23 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 20:23 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 20:23 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 20:23 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 20:23 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 20:23 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 20:23 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 20:23 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 20:23 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 20:23 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 20:22 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 20:22 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-15 20:22 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-10-15 20:22 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-15 20:22 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-15 20:22 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-10-15 20:22 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-15 20:22 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-15 20:22 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-10-15 20:22 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-15 20:22 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-15 20:22 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-15 20:22 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-15 20:22 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-10-15 20:22 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 20:21 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 20:21 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 20:21 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-10-15 20:21 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-10-15 20:21 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-10-15 20:21 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2014-10-15 20:21 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2014-10-15 20:21 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2014-10-15 20:21 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2014-10-15 20:21 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-15 20:21 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-15 20:21 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-10-15 20:21 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-15 20:21 - 2014-07-17 04:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 20:21 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 20:21 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-15 20:21 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 20:21 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 20:21 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-15 20:21 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-10-15 20:21 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-10-15 20:21 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-10-15 20:21 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-10-15 20:21 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-15 20:21 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-10-15 20:21 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-15 20:21 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-15 20:21 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-15 20:21 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-15 20:21 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-15 20:21 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-10-15 20:20 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 20:20 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-14 10:17 - 2014-10-17 20:25 - 00003036 _____ () C:\Windows\SysWOW64\BroomData.bit
    2014-10-05 22:45 - 2014-10-05 22:45 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\GetRightToGo

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-03 13:55 - 2012-07-02 17:54 - 00000000 ____D () C:\Zerg
    2014-11-03 13:47 - 2013-09-14 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-03 13:36 - 2012-05-05 18:56 - 01844773 _____ () C:\Windows\WindowsUpdate.log
    2014-11-03 13:08 - 2014-09-25 17:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-03 13:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
    2014-11-03 13:03 - 2012-09-10 13:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-03 12:59 - 2012-07-06 01:56 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\vlc
    2014-11-03 12:39 - 2014-08-15 23:02 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\CrashDumps
    2014-11-03 12:39 - 2012-07-06 18:37 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\BitComet
    2014-11-03 11:22 - 2013-11-11 13:39 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-11-03 11:03 - 2012-09-10 13:42 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-03 08:32 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-03 08:32 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-03 08:26 - 2013-01-03 00:52 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-11-03 08:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-02 09:31 - 2009-07-14 07:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-01 19:45 - 2012-10-19 16:12 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\tigerplayer
    2014-10-31 09:46 - 2012-08-29 20:08 - 00000000 ____D () C:\Program Files (x86)\Opera
    2014-10-29 20:00 - 2014-09-25 18:02 - 00000000 ____D () C:\Qoobox
    2014-10-29 19:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-29 18:44 - 2012-10-21 21:52 - 00007669 _____ () C:\Users\Iuliu\AppData\Local\Resmon.ResmonCfg
    2014-10-29 17:03 - 2014-08-29 09:41 - 00000282 _____ () C:\Users\Iuliu\AppData\Roaming\burnaware.ini
    2014-10-29 12:12 - 2014-09-25 17:19 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\YhPack
    2014-10-28 12:58 - 2014-09-22 07:55 - 00000000 ____D () C:\Users\Iuliu\Desktop\####### cleanup!
    2014-10-27 13:17 - 2014-09-06 22:51 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\Efbtion
    2014-10-26 19:44 - 2014-02-05 12:08 - 00000000 ____D () C:\Users\Iuliu\Desktop\ST
    2014-10-25 21:13 - 2012-07-02 19:45 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-10-23 11:52 - 2014-10-02 11:14 - 00003134 _____ () C:\Windows\system32\.crusader
    2014-10-16 20:56 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-16 02:06 - 2012-05-05 15:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-08 08:10 - 2009-07-14 07:08 - 00032482 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-04 18:38 - 2012-07-30 02:33 - 00000000 ____D () C:\Down

    Some content of TEMP:
    ====================
    C:\Users\Iuliu\AppData\Local\Temp\Bit99BA.tmp.exe
    C:\Users\Iuliu\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-10-26 13:52

    ==================== End Of Log ============================

     

     

     

     

    And now the Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
    Ran by Iuliu at 2014-11-03 13:58:10
    Running from C:\Users\Iuliu\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
    FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    AC3Filter 1.62b (HKLM-x32\...\AC3Filter_is1) (Version: 1.62b - Alexander Vigovsky)
    AChat v0.150 (HKLM-x32\...\AChat_is1) (Version: 0.150 - SourceForge.NET)
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
    AML Free Registry Cleaner 4.22 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
    ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0034 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.23 - asus)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    BitComet 1.32 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.32 - CometNetwork)
    BurnAware Free 4.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
    CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
    CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
    Combined Community Codec Pack 2013-05-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
    Dawngate (HKLM-x32\...\{E20BD715-3CAF-4A6C-A7F5-8F2216710B90}) (Version: 174.83.27.0 - Electronic Arts, Inc.)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
    eMule (HKLM-x32\...\eMule) (Version:  - )
    ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
    Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3607.2246 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.21.135 - Google Inc.) Hidden
    Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version:  - )
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.1.5 - ASUS)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
    Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
    K-Lite Codec Pack 9.5.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.5 - )
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    Media Player Codec Pack 4.2.8 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.8 - Media Player Codec Pack)
    MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
    One Finger Death Punch 1.0 (HKLM-x32\...\One Finger Death Punch 1.0) (Version: 1.0 - Cat-A-Cat)
    Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
    Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
    Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.03 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.01.0000 - Panda Security)
    Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
    Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.0.10 - Panda Security)
    Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.1.4 - Panda Security)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
    Registration Code Creator (HKCU\...\Registration Code Creator) (Version:  - )
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    Smart File Advisor 1.1.3 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.3 - Filefacts.net)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
    Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Torchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 0.0.66.192 - )
    Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
    TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
    TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.0 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Wireless Console 3 (HKLM-x32\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.24 - ASUS)
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
    ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
    ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2014-11-03 13:36 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {072ACE0D-B143-4DB2-9F62-287AE2DB0AB7} - \Ad-Aware Antivirus Scheduled Scan No Task File <==== ATTENTION
    Task: {0EC40DE3-21CC-4EBE-83C0-0A57FB9CFB2C} - \{1ECF109E-52FB-45C5-BEC5-F0254EA032C2} No Task File <==== ATTENTION
    Task: {142661E6-D8ED-4C87-8B51-67DABB60E8AE} - \Security Center Update - 3825875842 No Task File <==== ATTENTION
    Task: {16B4404E-BA1E-4803-8948-05449465C888} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {19B7B516-C709-47B9-8E08-1E5C174B53A8} - \RunAsStdUser Task No Task File <==== ATTENTION
    Task: {1D7F515E-B26F-4ACC-A41E-563C837F97E2} - \GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001UA No Task File <==== ATTENTION
    Task: {2497FA7B-1DC2-4B3F-ADC7-D5C2BF2C6C70} - \Java Update Scheduler No Task File <==== ATTENTION
    Task: {29D47AB6-06EB-463B-A4F3-0CC7262C6B8A} - \ASUS P4G No Task File <==== ATTENTION
    Task: {3AF8454B-F2E2-4145-B5E7-EE497D0AD7A9} - \Google Updater and Installer No Task File <==== ATTENTION
    Task: {3CBF3A39-DE2F-4C54-91DF-436B0D137936} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
    Task: {45C4E656-679F-42A6-A7F8-49078CED8899} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
    Task: {48A4444D-D1D8-4C4F-967B-39F3E9A8C990} - \CreateChoiceProcessTask No Task File <==== ATTENTION
    Task: {4E1B4B2B-1C3D-42B3-B155-A1F1A71F05A1} - \{C93DB00C-0760-452B-8086-77EACFEF8C8A} No Task File <==== ATTENTION
    Task: {5A4D89D9-9222-4FD6-94E2-D330AAD0813E} - \Adobe Flash Player Updater No Task File <==== ATTENTION
    Task: {60CE4822-488F-4A2C-A9CD-26245FFD0C0F} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {610AB026-ABA4-4B69-8183-3CC7713AF425} - \Adobe online update program No Task File <==== ATTENTION
    Task: {6AEAE114-5775-4D45-A578-D248E54BA6AE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3781310032-3316471014-4203319439-1001
    Task: {7D42536D-B38C-40DA-B931-2639582F03EA} - \SidebarExecute No Task File <==== ATTENTION
    Task: {950C1C35-DAD5-4704-98AF-3F7B8B4658B8} - \{81761E4E-004B-4D46-9AAE-AD52E8F0E552} No Task File <==== ATTENTION
    Task: {95A5A710-13C4-49FF-86F4-E1DDA408B584} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
    Task: {A9E855EB-F896-4EDA-9059-B791FDEE51F8} - System32\Tasks\Opera scheduled Autoupdate 1414600540 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
    Task: {ACF60D16-BB7A-4377-AC6D-C62295C5B711} - \DivX online update program No Task File <==== ATTENTION
    Task: {BF548809-433A-4479-ACEC-97B89DE67308} - \CCleanerSkipUAC No Task File <==== ATTENTION
    Task: {C7E963F0-79CD-4557-9C4A-B6A233A8EA83} - \ACMON No Task File <==== ATTENTION
    Task: {E276E95F-51DA-42ED-8F34-F2D3DFFA0FA0} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
    Task: {E2915857-2348-4432-BE59-0AEC4D6F8B63} - \{B8141B8F-E823-4729-B571-6B7FE8702BFE} No Task File <==== ATTENTION
    Task: {E45514F2-B6AC-495D-ABCC-53C10457CB44} - \GoforFilesUpdate No Task File <==== ATTENTION
    Task: {E55B70FE-6DEA-4A5C-BED2-42E730498421} - \ATKOSD2 No Task File <==== ATTENTION
    Task: {E802850A-AC4F-4B15-A669-552C3ED278EF} - \GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001Core No Task File <==== ATTENTION
    Task: {EE3E6F0B-6C3B-40DE-93A9-765987572655} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001Core.job => C:\Users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001UA.job => C:\Users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
    2012-06-17 07:27 - 2011-02-14 16:17 - 00139088 _____ () C:\Program Files (x86)\Join Air\UIExec.exe
    2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00290304 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
    2011-11-11 00:10 - 2012-05-05 15:13 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00318464 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00294400 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00082944 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00200192 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00241152 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
    2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\Users\Iuliu\Downloads:Shareaza.GUID
    AlternateDataStreams: C:\Users\Iuliu\Downloads\eMule:Shareaza.GUID

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3781310032-3316471014-4203319439-500 - Administrator - Disabled)
    Guest (S-1-5-21-3781310032-3316471014-4203319439-501 - Limited - Disabled)
    Iuliu (S-1-5-21-3781310032-3316471014-4203319439-1001 - Administrator - Enabled) => C:\Users\Iuliu
    Ramona (S-1-5-21-3781310032-3316471014-4203319439-1000 - Administrator - Enabled) => C:\Users\Ramona

    ==================== Faulty Device Manager Devices =============

    Name: SBRE
    Description: SBRE
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SBRE
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:25 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 01:08:24 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error: (11/03/2014 00:45:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: Managerul de ferestre desktop a întâlnit o eroare fatală (0x8007000e)

    System errors:
    =============
    Error: (11/03/2014 11:04:33 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (11/03/2014 08:37:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 a întâmpinat o eroare la încercarea de actualizare a semnăturilor.

     Versiune nouă semnătură:

     Versiune anterioară semnătură: 1.187.842.0

     Sursă actualizare: %NT AUTHORITY59

     Stadiu actualizare: 4.6.0305.00

     Cale sursă: 4.6.0305.01

     Tip semnătură: %NT AUTHORITY602

     Tip actualizare: %NT AUTHORITY604

     Utilizator: NT AUTHORITY\SYSTEM

     Versiune curentă motor: %NT AUTHORITY605

     Versiune anterioară motor: %NT AUTHORITY606

     Cod eroare: %NT AUTHORITY607

     Descriere eroare: %NT AUTHORITY608

    Error: (11/03/2014 08:27:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Următoarele drivere boot-start sau system-start nu s-au încărcat:
    SAVRKBootTasks
    SBRE

    Error: (11/03/2014 08:27:34 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Serviciul 'WMPNetworkSvc' nu a pornit corect, deoarece CoCreateInstance(CLSID_UPnPDeviceFinder) a întâmpinat eroarea '0x80004005'. Verificați dacă serviciul UPnPHost se execută și componenta UPnPHost din Windows este corect instalată.

    Error: (11/03/2014 08:27:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Serviciul UI Assistant Service nu a pornit din cauza erorii următoare:
    %%1053

    Error: (11/03/2014 08:27:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: S-a atins o limită de expirare (30000 milisecunde) așteptând conectarea serviciului UI Assistant Service.

    Error: (11/03/2014 08:27:23 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: Apelarea ScRegSetValueExW nu a reușit pentru FailureActions, cu următoarea eroare:
    %%5

    Error: (11/02/2014 09:37:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 a întâmpinat o eroare la încercarea de actualizare a semnăturilor.

     Versiune nouă semnătură:

     Versiune anterioară semnătură: 1.187.842.0

     Sursă actualizare: %NT AUTHORITY59

     Stadiu actualizare: 4.6.0305.00

     Cale sursă: 4.6.0305.01

     Tip semnătură: %NT AUTHORITY602

     Tip actualizare: %NT AUTHORITY604

     Utilizator: NT AUTHORITY\SYSTEM

     Versiune curentă motor: %NT AUTHORITY605

     Versiune anterioară motor: %NT AUTHORITY606

     Cod eroare: %NT AUTHORITY607

     Descriere eroare: %NT AUTHORITY608

    Error: (11/02/2014 09:27:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Următoarele drivere boot-start sau system-start nu s-au încărcat:
    SAVRKBootTasks
    SBRE

    Error: (11/02/2014 09:27:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Serviciul UI Assistant Service nu a pornit din cauza erorii următoare:
    %%1053

    Microsoft Office Sessions:
    =========================
    Error: (11/28/2012 08:51:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2677 seconds with 1500 seconds of active time.  This session ended with a crash.

    CodeIntegrity Errors:
    ===================================
      Date: 2014-10-29 19:54:45.521
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-29 19:54:45.490
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-29 19:54:45.443
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-29 19:54:45.397
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.645
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.598
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.551
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.504
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-26 22:28:24.895
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-26 22:28:24.848
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Celeron® CPU B815 @ 1.60GHz
    Percentage of memory in use: 59%
    Total physical RAM: 4000.13 MB
    Available physical RAM: 1612.9 MB
    Total Pagefile: 4143.73 MB
    Available Pagefile: 2013.96 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:151.51 GB) (Free:1.56 GB) NTFS
    Drive d: () (Fixed) (Total:146.48 GB) (Free:0.02 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 November 2014 - 06:37 AM

    Lets clean you up some, just a heads up BitComet, downloading anything using the torrents is not wise, a lot of that stuff is infected. I am seeing some stuff on your system that needs to be removed

     

     


    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
  •  
     


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 03 November 2014 - 01:20 PM

    Derp, I forgot to mention I had a couple of antirootkit and antivirus installed as part of my cleanup, which helped me stabilize, it wasn't just ComboFix. I have Panda Antivirus which I found in the recommended list alongside Malwarebytes free. But after I installed the firewall, I only did a full scan, and forgot to use the Cloudcleaner which checks for PUPs and clears registry, idk why I thought full was enough.

     

    The reply reminded me I forgot registries, but I came here to learn about new tools to use, and it helped, so thanks a lot. AdwCleaner fixed a problem I had for weeks but kind of went when I had the comp more sanitized and then was still around lately: Windows startup gave some error saying it created a temporary paging file because there was an error with the first one, even though the limit was large, and this temp file always had some different size but enough to cut a large percentage of my available disk space.

     

    Also, after Malawarebytes finished scanning, I turned Panda back on and it apparently blocked a malaware that isn't in the log. Seems something corrupted Panda not to notice it. Q.Q

     

    Here are the logs...

     

    # AdwCleaner v3.311 - Report created 03/11/2014 at 16:16:27
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Iuliu - RAMONA-PC
    # Running from : C:\Zerg\The War!\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\GreuatSavee4U
    Folder Deleted : C:\ProgramData\SAverExtensiona
    Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
    Folder Deleted : C:\Program Files (x86)\GreuatSavee4U

    ***** [ Scheduled Tasks ] *****

    Task Deleted : GoforFilesUpdate

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateKozaka_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateKozaka_RASMANCS
    Key Deleted : HKCU\Software\OCS
    Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344

    -\\ Mozilla Firefox v

    [ File : C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\prefs.js ]

    -\\ Google Chrome v

    *************************

    AdwCleaner[R1].txt - [10485 octets] - [07/06/2014 19:16:22]
    AdwCleaner[R2].txt - [1755 octets] - [03/11/2014 16:12:37]
    AdwCleaner[S1].txt - [9582 octets] - [07/06/2014 19:18:01]
    AdwCleaner[S2].txt - [1655 octets] - [03/11/2014 16:16:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1715 octets] ##########

     

     

    -----------------------------------------------------------------------------------------------------------------------------------------------------

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.5 (10.31.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Iuliu on 03.11.2014 at 17:52:27,67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

     

    ~~~ Registry Keys

     

    ~~~ Files

     

    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Iuliu\AppData\Roaming\getrighttogo"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 03.11.2014 at 17:57:35,85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 03.11.2014
    Scan Time: 20:10:12
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.03.08
    Rootkit Database: v2014.11.01.02
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Iuliu

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 372309
    Time Elapsed: 28 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 1
    Trojan.Agent, HKU\S-1-5-21-3781310032-3316471014-4203319439-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\Iuliu\AppData\Roaming\Microsoft\Windows\IEUpdate\verclsid.exe", Quarantined, [68fccf6896e6da5cc946f03d15ee6e92]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    Trojan.MalPack, C:\Users\Iuliu\AppData\Local\YhPack\tmp515A.exe, Quarantined, [6ff5a5925d1f46f07a0241eb9570d32d],
    Trojan.Miuref, C:\Users\Iuliu\AppData\Local\YhPack\tmp5773.exe, Quarantined, [f074ee49e5972610a7bf9c3cbb4631cf],

    Physical Sectors: 0
    (No malicious items detected)

    (end)

     

     

     



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 November 2014 - 03:04 PM

     
    Please download TDSSKiller.zip
     
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 04 November 2014 - 10:54 AM

    No threats found. Also that paging file error is still here it seems, only when AdwCleaner restarted the comp for the final clean did it disappear. And this is something that got blocked just as I was typing this message. Svchost? O.o

     

    svchost.png
    jpg images

     

    And the log...

     

    16:54:36.0985 0x17fc  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
    16:55:05.0954 0x17fc  ============================================================
    16:55:05.0954 0x17fc  Current date / time: 2014/11/04 16:55:05.0954
    16:55:05.0954 0x17fc  SystemInfo:
    16:55:05.0954 0x17fc 
    16:55:05.0954 0x17fc  OS Version: 6.1.7601 ServicePack: 1.0
    16:55:05.0954 0x17fc  Product type: Workstation
    16:55:05.0954 0x17fc  ComputerName: RAMONA-PC
    16:55:05.0954 0x17fc  UserName: Iuliu
    16:55:05.0954 0x17fc  Windows directory: C:\Windows
    16:55:05.0954 0x17fc  System windows directory: C:\Windows
    16:55:05.0954 0x17fc  Running under WOW64
    16:55:05.0954 0x17fc  Processor architecture: Intel x64
    16:55:05.0954 0x17fc  Number of processors: 2
    16:55:05.0954 0x17fc  Page size: 0x1000
    16:55:05.0954 0x17fc  Boot type: Normal boot
    16:55:05.0954 0x17fc  ============================================================
    16:55:06.0344 0x17fc  KLMD registered as C:\Windows\system32\drivers\65936855.sys
    16:55:06.0874 0x17fc  System UUID: {45499FBB-C7F0-06FE-2F3C-AE54F18C161F}
    16:55:07.0764 0x17fc  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:55:07.0764 0x17fc  ============================================================
    16:55:07.0764 0x17fc  \Device\Harddisk0\DR0:
    16:55:07.0764 0x17fc  MBR partitions:
    16:55:07.0764 0x17fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:55:07.0764 0x17fc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x12F04000
    16:55:07.0764 0x17fc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x12F36800, BlocksNum 0x124F7800
    16:55:07.0764 0x17fc  ============================================================
    16:55:07.0795 0x17fc  C: <-> \Device\Harddisk0\DR0\Partition2
    16:55:07.0873 0x17fc  D: <-> \Device\Harddisk0\DR0\Partition3
    16:55:07.0873 0x17fc  ============================================================
    16:55:07.0873 0x17fc  Initialize success
    16:55:07.0873 0x17fc  ============================================================
    16:55:27.0498 0x13a8  ============================================================
    16:55:27.0498 0x13a8  Scan started
    16:55:27.0498 0x13a8  Mode: Manual;
    16:55:27.0498 0x13a8  ============================================================
    16:55:27.0498 0x13a8  KSN ping started
    16:56:33.0158 0x13a8  KSN ping finished: false
    16:56:34.0188 0x13a8  ================ Scan system memory ========================
    16:56:34.0188 0x13a8  System memory - ok
    16:56:34.0188 0x13a8  ================ Scan services =============================
    16:56:34.0328 0x13a8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
    16:56:34.0344 0x13a8  1394ohci - ok
    16:56:34.0422 0x13a8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
    16:56:34.0437 0x13a8  ACPI - ok
    16:56:34.0453 0x13a8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
    16:56:34.0453 0x13a8  AcpiPmi - ok
    16:56:34.0531 0x13a8  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:56:34.0546 0x13a8  AdobeARMservice - ok
    16:56:34.0687 0x13a8  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:56:34.0718 0x13a8  AdobeFlashPlayerUpdateSvc - ok
    16:56:34.0765 0x13a8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
    16:56:34.0780 0x13a8  adp94xx - ok
    16:56:34.0827 0x13a8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
    16:56:34.0827 0x13a8  adpahci - ok
    16:56:34.0890 0x13a8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
    16:56:34.0890 0x13a8  adpu320 - ok
    16:56:34.0936 0x13a8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
    16:56:34.0952 0x13a8  AeLookupSvc - ok
    16:56:34.0983 0x13a8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
    16:56:35.0014 0x13a8  AFD - ok
    16:56:35.0046 0x13a8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
    16:56:35.0046 0x13a8  agp440 - ok
    16:56:35.0092 0x13a8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
    16:56:35.0092 0x13a8  ALG - ok
    16:56:35.0139 0x13a8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
    16:56:35.0139 0x13a8  aliide - ok
    16:56:35.0170 0x13a8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
    16:56:35.0170 0x13a8  amdide - ok
    16:56:35.0217 0x13a8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
    16:56:35.0217 0x13a8  AmdK8 - ok
    16:56:35.0248 0x13a8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
    16:56:35.0264 0x13a8  AmdPPM - ok
    16:56:35.0295 0x13a8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
    16:56:35.0311 0x13a8  amdsata - ok
    16:56:35.0358 0x13a8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
    16:56:35.0358 0x13a8  amdsbs - ok
    16:56:35.0389 0x13a8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
    16:56:35.0389 0x13a8  amdxata - ok
    16:56:35.0420 0x13a8  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
    16:56:35.0420 0x13a8  AppID - ok
    16:56:35.0451 0x13a8  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
    16:56:35.0451 0x13a8  AppIDSvc - ok
    16:56:35.0482 0x13a8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
    16:56:35.0482 0x13a8  Appinfo - ok
    16:56:35.0514 0x13a8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
    16:56:35.0529 0x13a8  AppMgmt - ok
    16:56:35.0576 0x13a8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
    16:56:35.0592 0x13a8  arc - ok
    16:56:35.0623 0x13a8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
    16:56:35.0623 0x13a8  arcsas - ok
    16:56:35.0685 0x13a8  [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    16:56:35.0685 0x13a8  ASLDRService - ok
    16:56:35.0701 0x13a8  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    16:56:35.0716 0x13a8  ASMMAP64 - ok
    16:56:35.0732 0x13a8  [ 0AA7A996792FB0287B33A57A8093AE44, 41894F055F3CDA05794FC46E1F2C59979D1DAF7602F44E4ADF6347E199B8137C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
    16:56:35.0748 0x13a8  asmthub3 - ok
    16:56:35.0794 0x13a8  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC, FEFF8C37CD688F39C8E341F8BF7A712AA8C0F431B064E07C3EA66A96250D855B ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
    16:56:35.0810 0x13a8  asmtxhci - ok
    16:56:35.0919 0x13a8  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:56:35.0935 0x13a8  aspnet_state - ok
    16:56:35.0966 0x13a8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
    16:56:35.0966 0x13a8  AsyncMac - ok
    16:56:35.0997 0x13a8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
    16:56:35.0997 0x13a8  atapi - ok
    16:56:36.0153 0x13a8  [ 0A780D84FC9C82E16E2037BE1896C022, 3CA4C3C339D853CACD699A439AC3628D068E73A0172D7E9C6BE9C1F649C1B567 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
    16:56:36.0247 0x13a8  athr - ok
    16:56:36.0262 0x13a8  [ 7910158929571214A959D5A6D16DD9C0, 9B4F8A3AF9E09B2F772EEF1CB8F7EAB8A226068784837F375AE97B89B0B3A383 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    16:56:36.0278 0x13a8  ATKGFNEXSrv - ok
    16:56:36.0309 0x13a8  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    16:56:36.0309 0x13a8  ATKWMIACPIIO - ok
    16:56:36.0372 0x13a8  [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:56:36.0403 0x13a8  AudioEndpointBuilder - ok
    16:56:36.0434 0x13a8  [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
    16:56:36.0465 0x13a8  AudioSrv - ok
    16:56:36.0543 0x13a8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
    16:56:36.0559 0x13a8  AxInstSV - ok
    16:56:36.0621 0x13a8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
    16:56:36.0652 0x13a8  b06bdrv - ok
    16:56:36.0684 0x13a8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:56:36.0715 0x13a8  b57nd60a - ok
    16:56:36.0746 0x13a8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
    16:56:36.0746 0x13a8  BDESVC - ok
    16:56:36.0777 0x13a8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
    16:56:36.0777 0x13a8  Beep - ok
    16:56:36.0840 0x13a8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
    16:56:36.0855 0x13a8  BFE - ok
    16:56:36.0933 0x13a8  BITCOMET_HELPER_SERVICE - ok
    16:56:37.0011 0x13a8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
    16:56:37.0152 0x13a8  BITS - ok
    16:56:37.0167 0x13a8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
    16:56:37.0183 0x13a8  blbdrive - ok
    16:56:37.0214 0x13a8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
    16:56:37.0214 0x13a8  bowser - ok
    16:56:37.0245 0x13a8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:56:37.0245 0x13a8  BrFiltLo - ok
    16:56:37.0276 0x13a8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:56:37.0276 0x13a8  BrFiltUp - ok
    16:56:37.0292 0x13a8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
    16:56:37.0292 0x13a8  BridgeMP - ok
    16:56:37.0354 0x13a8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
    16:56:37.0370 0x13a8  Browser - ok
    16:56:37.0401 0x13a8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
    16:56:37.0417 0x13a8  Brserid - ok
    16:56:37.0464 0x13a8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
    16:56:37.0464 0x13a8  BrSerWdm - ok
    16:56:37.0479 0x13a8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:56:37.0479 0x13a8  BrUsbMdm - ok
    16:56:37.0510 0x13a8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
    16:56:37.0510 0x13a8  BrUsbSer - ok
    16:56:37.0557 0x13a8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
    16:56:37.0573 0x13a8  BTHMODEM - ok
    16:56:37.0604 0x13a8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
    16:56:37.0620 0x13a8  bthserv - ok
    16:56:37.0776 0x13a8  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    16:56:37.0822 0x13a8  c2cautoupdatesvc - ok
    16:56:37.0947 0x13a8  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    16:56:38.0010 0x13a8  c2cpnrsvc - ok
    16:56:38.0010 0x13a8  catchme - ok
    16:56:38.0041 0x13a8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
    16:56:38.0041 0x13a8  cdfs - ok
    16:56:38.0072 0x13a8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
    16:56:38.0088 0x13a8  cdrom - ok
    16:56:38.0103 0x13a8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
    16:56:38.0103 0x13a8  CertPropSvc - ok
    16:56:38.0134 0x13a8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
    16:56:38.0134 0x13a8  circlass - ok
    16:56:38.0197 0x13a8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
    16:56:38.0212 0x13a8  CLFS - ok
    16:56:38.0290 0x13a8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:56:38.0290 0x13a8  clr_optimization_v2.0.50727_32 - ok
    16:56:38.0353 0x13a8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:56:38.0368 0x13a8  clr_optimization_v2.0.50727_64 - ok
    16:56:38.0446 0x13a8  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:56:38.0524 0x13a8  clr_optimization_v4.0.30319_32 - ok
    16:56:38.0556 0x13a8  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:56:38.0556 0x13a8  clr_optimization_v4.0.30319_64 - ok
    16:56:38.0602 0x13a8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
    16:56:38.0602 0x13a8  CmBatt - ok
    16:56:38.0649 0x13a8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
    16:56:38.0649 0x13a8  cmdide - ok
    16:56:38.0712 0x13a8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
    16:56:38.0743 0x13a8  CNG - ok
    16:56:38.0758 0x13a8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
    16:56:38.0758 0x13a8  Compbatt - ok
    16:56:38.0790 0x13a8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
    16:56:38.0790 0x13a8  CompositeBus - ok
    16:56:38.0790 0x13a8  COMSysApp - ok
    16:56:38.0805 0x13a8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
    16:56:38.0821 0x13a8  crcdisk - ok
    16:56:38.0852 0x13a8  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
    16:56:38.0852 0x13a8  CryptSvc - ok
    16:56:38.0914 0x13a8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
    16:56:38.0946 0x13a8  CSC - ok
    16:56:38.0977 0x13a8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
    16:56:39.0008 0x13a8  CscService - ok
    16:56:39.0055 0x13a8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
    16:56:39.0070 0x13a8  DcomLaunch - ok
    16:56:39.0148 0x13a8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
    16:56:39.0164 0x13a8  defragsvc - ok
    16:56:39.0195 0x13a8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
    16:56:39.0195 0x13a8  DfsC - ok
    16:56:39.0242 0x13a8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
    16:56:39.0258 0x13a8  Dhcp - ok
    16:56:39.0273 0x13a8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
    16:56:39.0289 0x13a8  discache - ok
    16:56:39.0304 0x13a8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
    16:56:39.0304 0x13a8  Disk - ok
    16:56:39.0336 0x13a8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
    16:56:39.0351 0x13a8  Dnscache - ok
    16:56:39.0398 0x13a8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
    16:56:39.0414 0x13a8  dot3svc - ok
    16:56:39.0445 0x13a8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
    16:56:39.0460 0x13a8  DPS - ok
    16:56:39.0523 0x13a8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
    16:56:39.0523 0x13a8  drmkaud - ok
    16:56:39.0616 0x13a8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
    16:56:39.0663 0x13a8  DXGKrnl - ok
    16:56:39.0663 0x13a8  EagleX64 - ok
    16:56:39.0694 0x13a8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
    16:56:39.0694 0x13a8  EapHost - ok
    16:56:39.0897 0x13a8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
    16:56:40.0069 0x13a8  ebdrv - ok
    16:56:40.0116 0x13a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
    16:56:40.0116 0x13a8  EFS - ok
    16:56:40.0194 0x13a8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
    16:56:40.0225 0x13a8  ehRecvr - ok
    16:56:40.0256 0x13a8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
    16:56:40.0256 0x13a8  ehSched - ok
    16:56:40.0303 0x13a8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
    16:56:40.0334 0x13a8  elxstor - ok
    16:56:40.0365 0x13a8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
    16:56:40.0365 0x13a8  ErrDev - ok
    16:56:40.0412 0x13a8  [ 4C120D2B2EA269EAE7A5744794EB6DB1, 11CD724908CB6327E4E8CFBC908B090AFC33B929FF0DBDC08D8368771E4AA0C9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
    16:56:40.0412 0x13a8  ETD - ok
    16:56:40.0474 0x13a8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
    16:56:40.0474 0x13a8  EventSystem - ok
    16:56:40.0521 0x13a8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
    16:56:40.0537 0x13a8  exfat - ok
    16:56:40.0568 0x13a8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
    16:56:40.0584 0x13a8  fastfat - ok
    16:56:40.0630 0x13a8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
    16:56:40.0662 0x13a8  Fax - ok
    16:56:40.0693 0x13a8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
    16:56:40.0693 0x13a8  fdc - ok
    16:56:40.0740 0x13a8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
    16:56:40.0740 0x13a8  fdPHost - ok
    16:56:40.0755 0x13a8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
    16:56:40.0771 0x13a8  FDResPub - ok
    16:56:40.0786 0x13a8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
    16:56:40.0786 0x13a8  FileInfo - ok
    16:56:40.0802 0x13a8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
    16:56:40.0818 0x13a8  Filetrace - ok
    16:56:40.0849 0x13a8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
    16:56:40.0849 0x13a8  flpydisk - ok
    16:56:40.0896 0x13a8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
    16:56:40.0896 0x13a8  FltMgr - ok
    16:56:40.0989 0x13a8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
    16:56:41.0036 0x13a8  FontCache - ok
    16:56:41.0083 0x13a8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:56:41.0083 0x13a8  FontCache3.0.0.0 - ok
    16:56:41.0130 0x13a8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
    16:56:41.0130 0x13a8  FsDepends - ok
    16:56:41.0161 0x13a8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
    16:56:41.0161 0x13a8  Fs_Rec - ok
    16:56:41.0208 0x13a8  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
    16:56:41.0208 0x13a8  fvevol - ok
    16:56:41.0239 0x13a8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:56:41.0239 0x13a8  gagp30kx - ok
    16:56:41.0270 0x13a8  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
    16:56:41.0270 0x13a8  gfibto - ok
    16:56:41.0332 0x13a8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
    16:56:41.0364 0x13a8  gpsvc - ok
    16:56:41.0457 0x13a8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:56:41.0473 0x13a8  gupdate - ok
    16:56:41.0488 0x13a8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:56:41.0488 0x13a8  gupdatem - ok
    16:56:41.0551 0x13a8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:56:41.0598 0x13a8  gusvc - ok
    16:56:41.0629 0x13a8  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
    16:56:41.0629 0x13a8  hamachi - ok
    16:56:41.0676 0x13a8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
    16:56:41.0676 0x13a8  hcw85cir - ok
    16:56:41.0738 0x13a8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:56:41.0754 0x13a8  HdAudAddService - ok
    16:56:41.0785 0x13a8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
    16:56:41.0785 0x13a8  HDAudBus - ok
    16:56:41.0816 0x13a8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
    16:56:41.0816 0x13a8  HidBatt - ok
    16:56:41.0863 0x13a8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
    16:56:41.0878 0x13a8  HidBth - ok
    16:56:41.0894 0x13a8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
    16:56:41.0894 0x13a8  HidIr - ok
    16:56:41.0941 0x13a8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
    16:56:41.0956 0x13a8  hidserv - ok
    16:56:41.0972 0x13a8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
    16:56:41.0988 0x13a8  HidUsb - ok
    16:56:42.0034 0x13a8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
    16:56:42.0034 0x13a8  hkmsvc - ok
    16:56:42.0097 0x13a8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:56:42.0112 0x13a8  HomeGroupListener - ok
    16:56:42.0144 0x13a8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:56:42.0159 0x13a8  HomeGroupProvider - ok
    16:56:42.0206 0x13a8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
    16:56:42.0206 0x13a8  HpSAMD - ok
    16:56:42.0284 0x13a8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
    16:56:42.0315 0x13a8  HTTP - ok
    16:56:42.0331 0x13a8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
    16:56:42.0331 0x13a8  hwpolicy - ok
    16:56:42.0362 0x13a8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
    16:56:42.0378 0x13a8  i8042prt - ok
    16:56:42.0409 0x13a8  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
    16:56:42.0424 0x13a8  iaStor - ok
    16:56:42.0456 0x13a8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
    16:56:42.0471 0x13a8  iaStorV - ok
    16:56:42.0565 0x13a8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:56:42.0596 0x13a8  idsvc - ok
    16:56:42.0627 0x13a8  IEEtwCollectorService - ok
    16:56:43.0173 0x13a8  [ 33FAA40B288002C89529DBD14F3AB72C, 670BA536796322122EBD93F256331899DD2E1834471B017A58F74132EE8DFDB7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:56:43.0719 0x13a8  igfx - ok
    16:56:43.0797 0x13a8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
    16:56:43.0797 0x13a8  iirsp - ok
    16:56:43.0906 0x13a8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
    16:56:43.0938 0x13a8  IKEEXT - ok
    16:56:44.0109 0x13a8  [ 651972B4061F940DC154C6F7B948B76A, CF171B7A9AD3B906754E87E3A1EFB8B5ACD7E58E284797F0C90A9AB2ACFEA9CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:56:44.0203 0x13a8  IntcAzAudAddService - ok
    16:56:44.0250 0x13a8  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
    16:56:44.0250 0x13a8  IntcDAud - ok
    16:56:44.0265 0x13a8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
    16:56:44.0265 0x13a8  intelide - ok
    16:56:44.0296 0x13a8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
    16:56:44.0296 0x13a8  intelppm - ok
    16:56:44.0343 0x13a8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
    16:56:44.0343 0x13a8  IPBusEnum - ok
    16:56:44.0374 0x13a8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:56:44.0390 0x13a8  IpFilterDriver - ok
    16:56:44.0437 0x13a8  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
    16:56:44.0452 0x13a8  iphlpsvc - ok
    16:56:44.0484 0x13a8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
    16:56:44.0484 0x13a8  IPMIDRV - ok
    16:56:44.0515 0x13a8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
    16:56:44.0530 0x13a8  IPNAT - ok
    16:56:44.0562 0x13a8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
    16:56:44.0562 0x13a8  IRENUM - ok
    16:56:44.0609 0x13a8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
    16:56:44.0609 0x13a8  isapnp - ok
    16:56:44.0655 0x13a8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
    16:56:44.0671 0x13a8  iScsiPrt - ok
    16:56:44.0718 0x13a8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
    16:56:44.0718 0x13a8  kbdclass - ok
    16:56:44.0749 0x13a8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
    16:56:44.0749 0x13a8  kbdhid - ok
    16:56:44.0780 0x13a8  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
    16:56:44.0780 0x13a8  kbfiltr - ok
    16:56:44.0796 0x13a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
    16:56:44.0796 0x13a8  KeyIso - ok
    16:56:44.0827 0x13a8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
    16:56:44.0843 0x13a8  KSecDD - ok
    16:56:44.0858 0x13a8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
    16:56:44.0858 0x13a8  KSecPkg - ok
    16:56:44.0889 0x13a8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
    16:56:44.0905 0x13a8  ksthunk - ok
    16:56:44.0936 0x13a8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
    16:56:44.0952 0x13a8  KtmRm - ok
    16:56:44.0983 0x13a8  [ A4A9CA24E54E81C6C3E469EAEB4B3F42, FB6B72BF973EC2EE2D81AAAF47B030C0A5E7E7B079DAB257C52FEFC3F222CDC8 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
    16:56:44.0983 0x13a8  L1C - ok
    16:56:45.0030 0x13a8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
    16:56:45.0045 0x13a8  LanmanServer - ok
    16:56:45.0077 0x13a8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:56:45.0077 0x13a8  LanmanWorkstation - ok
    16:56:45.0123 0x13a8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
    16:56:45.0123 0x13a8  lltdio - ok
    16:56:45.0170 0x13a8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
    16:56:45.0201 0x13a8  lltdsvc - ok
    16:56:45.0233 0x13a8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
    16:56:45.0233 0x13a8  lmhosts - ok
    16:56:45.0311 0x13a8  [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    16:56:45.0342 0x13a8  LMS - ok
    16:56:45.0357 0x13a8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:56:45.0357 0x13a8  LSI_FC - ok
    16:56:45.0420 0x13a8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:56:45.0420 0x13a8  LSI_SAS - ok
    16:56:45.0435 0x13a8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:56:45.0435 0x13a8  LSI_SAS2 - ok
    16:56:45.0467 0x13a8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:56:45.0467 0x13a8  LSI_SCSI - ok
    16:56:45.0498 0x13a8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
    16:56:45.0498 0x13a8  luafv - ok
    16:56:45.0529 0x13a8  [ 23488767CB18FC3FF39E3AF1DB3FB02C, F526B80EDA5309162239741CF1C77957E2F9EDEB223AB3DB6FF0DEA3D473590B ] massfilter      C:\Windows\system32\drivers\massfilter.sys
    16:56:45.0529 0x13a8  massfilter - ok
    16:56:45.0591 0x13a8  [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
    16:56:45.0591 0x13a8  MBAMProtector - ok
    16:56:45.0732 0x13a8  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    16:56:45.0794 0x13a8  MBAMScheduler - ok
    16:56:45.0888 0x13a8  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    16:56:45.0935 0x13a8  MBAMService - ok
    16:56:45.0981 0x13a8  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
    16:56:45.0997 0x13a8  MBAMSwissArmy - ok
    16:56:46.0028 0x13a8  [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    16:56:46.0028 0x13a8  MBAMWebAccessControl - ok
    16:56:46.0075 0x13a8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
    16:56:46.0091 0x13a8  Mcx2Svc - ok
    16:56:46.0122 0x13a8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
    16:56:46.0137 0x13a8  megasas - ok
    16:56:46.0169 0x13a8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
    16:56:46.0184 0x13a8  MegaSR - ok
    16:56:46.0231 0x13a8  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
    16:56:46.0231 0x13a8  MEIx64 - ok
    16:56:46.0309 0x13a8  [ D70476AD02D6FD75282B196D3B58831D, F93565261EC57F43445C082DBCE5CE0D4B121A5C34B818A09AB5B311457588FD ] MEMSWEEP2       C:\Windows\system32\6EF9.tmp
    16:56:46.0309 0x13a8  MEMSWEEP2 - ok
    16:56:46.0387 0x13a8  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    16:56:46.0403 0x13a8  Microsoft Office Groove Audit Service - ok
    16:56:46.0449 0x13a8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
    16:56:46.0449 0x13a8  MMCSS - ok
    16:56:46.0496 0x13a8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
    16:56:46.0496 0x13a8  Modem - ok
    16:56:46.0527 0x13a8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
    16:56:46.0527 0x13a8  monitor - ok
    16:56:46.0574 0x13a8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
    16:56:46.0590 0x13a8  mouclass - ok
    16:56:46.0621 0x13a8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
    16:56:46.0621 0x13a8  mouhid - ok
    16:56:46.0668 0x13a8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
    16:56:46.0668 0x13a8  mountmgr - ok
    16:56:46.0715 0x13a8  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
    16:56:46.0730 0x13a8  MpFilter - ok
    16:56:46.0777 0x13a8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
    16:56:46.0777 0x13a8  mpio - ok
    16:56:46.0824 0x13a8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
    16:56:46.0824 0x13a8  mpsdrv - ok
    16:56:46.0917 0x13a8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
    16:56:46.0949 0x13a8  MpsSvc - ok
    16:56:46.0995 0x13a8  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
    16:56:46.0995 0x13a8  MRxDAV - ok
    16:56:47.0042 0x13a8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:56:47.0058 0x13a8  mrxsmb - ok
    16:56:47.0073 0x13a8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:56:47.0089 0x13a8  mrxsmb10 - ok
    16:56:47.0105 0x13a8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:56:47.0120 0x13a8  mrxsmb20 - ok
    16:56:47.0136 0x13a8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
    16:56:47.0136 0x13a8  msahci - ok
    16:56:47.0167 0x13a8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
    16:56:47.0167 0x13a8  msdsm - ok
    16:56:47.0198 0x13a8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
    16:56:47.0198 0x13a8  MSDTC - ok
    16:56:47.0245 0x13a8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
    16:56:47.0245 0x13a8  Msfs - ok
    16:56:47.0261 0x13a8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
    16:56:47.0276 0x13a8  mshidkmdf - ok
    16:56:47.0276 0x13a8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
    16:56:47.0292 0x13a8  msisadrv - ok
    16:56:47.0323 0x13a8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
    16:56:47.0323 0x13a8  MSiSCSI - ok
    16:56:47.0323 0x13a8  msiserver - ok
    16:56:47.0354 0x13a8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
    16:56:47.0354 0x13a8  MSKSSRV - ok
    16:56:47.0432 0x13a8  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
    16:56:47.0432 0x13a8  MsMpSvc - ok
    16:56:47.0448 0x13a8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
    16:56:47.0463 0x13a8  MSPCLOCK - ok
    16:56:47.0495 0x13a8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
    16:56:47.0495 0x13a8  MSPQM - ok
    16:56:47.0541 0x13a8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
    16:56:47.0557 0x13a8  MsRPC - ok
    16:56:47.0588 0x13a8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
    16:56:47.0588 0x13a8  mssmbios - ok
    16:56:47.0619 0x13a8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
    16:56:47.0635 0x13a8  MSTEE - ok
    16:56:47.0651 0x13a8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
    16:56:47.0651 0x13a8  MTConfig - ok
    16:56:47.0666 0x13a8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
    16:56:47.0682 0x13a8  Mup - ok
    16:56:47.0775 0x13a8  [ 0FC64133A8FB5342C6876982B01FA37F, FCF8CE0D3095ECB25242E1A18F16A70BA1D0BC64C6525D4497672AF1F0043C9E ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    16:56:47.0791 0x13a8  NanoServiceMain - ok
    16:56:47.0900 0x13a8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
    16:56:47.0916 0x13a8  napagent - ok
    16:56:47.0947 0x13a8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
    16:56:47.0947 0x13a8  NativeWifiP - ok
    16:56:48.0025 0x13a8  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
    16:56:48.0056 0x13a8  NDIS - ok
    16:56:48.0103 0x13a8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
    16:56:48.0103 0x13a8  NdisCap - ok
    16:56:48.0119 0x13a8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
    16:56:48.0134 0x13a8  NdisTapi - ok
    16:56:48.0165 0x13a8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
    16:56:48.0181 0x13a8  Ndisuio - ok
    16:56:48.0212 0x13a8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
    16:56:48.0228 0x13a8  NdisWan - ok
    16:56:48.0259 0x13a8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
    16:56:48.0259 0x13a8  NDProxy - ok
    16:56:48.0290 0x13a8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
    16:56:48.0290 0x13a8  NetBIOS - ok
    16:56:48.0337 0x13a8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
    16:56:48.0337 0x13a8  NetBT - ok
    16:56:48.0353 0x13a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
    16:56:48.0353 0x13a8  Netlogon - ok
    16:56:48.0415 0x13a8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
    16:56:48.0431 0x13a8  Netman - ok
    16:56:48.0477 0x13a8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:48.0477 0x13a8  NetMsmqActivator - ok
    16:56:48.0493 0x13a8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:48.0493 0x13a8  NetPipeActivator - ok
    16:56:48.0618 0x13a8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
    16:56:48.0633 0x13a8  netprofm - ok
    16:56:48.0680 0x13a8  [ 81B8D0C1CE44A7FDBD596B693783950C, 9F47ACECFE32E935FE03D0134018A9C03698D9E25E6FC9B8A525A4FE4A880642 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
    16:56:48.0711 0x13a8  netr7364 - ok
    16:56:48.0727 0x13a8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:48.0743 0x13a8  NetTcpActivator - ok
    16:56:48.0743 0x13a8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:48.0758 0x13a8  NetTcpPortSharing - ok
    16:56:48.0805 0x13a8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
    16:56:48.0805 0x13a8  nfrd960 - ok
    16:56:48.0867 0x13a8  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:56:48.0867 0x13a8  NisDrv - ok
    16:56:48.0899 0x13a8  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
    16:56:48.0914 0x13a8  NisSrv - ok
    16:56:48.0961 0x13a8  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
    16:56:48.0977 0x13a8  NlaSvc - ok
    16:56:49.0023 0x13a8  [ ACC47D60E202EBA0A8A80768EC5D3C97, 3A26BA0A97201B55151D649DBCF048E0D72A933D4DDBE5FD415AB772C7C6C250 ] NNSALPC         C:\Windows\system32\DRIVERS\NNSAlpc.sys
    16:56:49.0023 0x13a8  NNSALPC - ok
    16:56:49.0055 0x13a8  [ 4C7EAD79B914ADE44D68171AFEEF2AB3, 78D805FFC0DF4EB3D36B43CFD05CF7F5AFCC81B196224A09834EB17FA4D29838 ] NNSHTTP         C:\Windows\system32\DRIVERS\NNSHttp.sys
    16:56:49.0070 0x13a8  NNSHTTP - ok
    16:56:49.0117 0x13a8  [ B40C57451477334E8A66F4823BE04AE3, B3E52FA1570D569F2C40716ED925E3D588489DF37D9639E3BA5B5C0AAFE91543 ] NNSHTTPS        C:\Windows\system32\DRIVERS\NNSHttps.sys
    16:56:49.0133 0x13a8  NNSHTTPS - ok
    16:56:49.0148 0x13a8  [ 222CF23D6FCEB616CA48BBA55FC4D5C0, DB61FEA4126005A226E88FD6590BC57B440047DFAC6531B3C91AFFEFB0AD6F6C ] NNSIDS          C:\Windows\system32\DRIVERS\NNSIds.sys
    16:56:49.0164 0x13a8  NNSIDS - ok
    16:56:49.0195 0x13a8  [ 735143727C4438A72490A2432E7D5CEA, 23FE6DCAFCD7E2B63FA0F14BCBBEC0BCEA220D2BAAAA57FB6E9810C2758A93A7 ] NNSNAHSL        C:\Windows\system32\DRIVERS\NNSNAHSL.sys
    16:56:49.0195 0x13a8  NNSNAHSL - ok
    16:56:49.0242 0x13a8  [ C5332A1FB751B8D5FD9D424D330BC91B, B2FEBEA06252457FF87B74D693E75B29CCF6839EA6FFD60007996B23A6D80154 ] NNSPICC         C:\Windows\system32\DRIVERS\NNSPicc.sys
    16:56:49.0257 0x13a8  NNSPICC - ok
    16:56:49.0304 0x13a8  [ AA1A311C019288FFCCF3661B5EA27A99, BC91048E82C820CECBBDEDD9D9F7EDDBF6CBC88CE1D9C83A12C4A0E59CFAAC76 ] NNSPIHSW        C:\Windows\system32\DRIVERS\NNSPihsw.sys
    16:56:49.0320 0x13a8  NNSPIHSW - ok
    16:56:49.0335 0x13a8  [ EB153B4FA5200D1D3352D6C3FB7C9C38, 306805080F8FDB5D9299E93C7074F3B46F8E4B6623A3A75A83E98E6EB0E5BDC5 ] NNSPOP3         C:\Windows\system32\DRIVERS\NNSPop3.sys
    16:56:49.0351 0x13a8  NNSPOP3 - ok
    16:56:49.0382 0x13a8  [ 425356A7A3657174C206AA3FDB3DDD35, 9634D9A2271C57051BBEC58020082B4CCF2A6583B8FB3C6AC22E9C81728E10F8 ] NNSPROT         C:\Windows\system32\DRIVERS\NNSProt.sys
    16:56:49.0398 0x13a8  NNSPROT - ok
    16:56:49.0429 0x13a8  [ FFDF3257F83A094941005EE607B8A905, D3E676A13175D329E2F3677D9B56ED7B4DCDCE6794C96025171B24140B543EDC ] NNSPRV          C:\Windows\system32\DRIVERS\NNSPrv.sys
    16:56:49.0429 0x13a8  NNSPRV - ok
    16:56:49.0460 0x13a8  [ DE87A11CB1767ABDDE223D4CC0F7C221, 3D24BC83E4D88174CA08281C0B3E3E7BC44218F4C6950D28D37029AE39F68E50 ] NNSSMTP         C:\Windows\system32\DRIVERS\NNSSmtp.sys
    16:56:49.0476 0x13a8  NNSSMTP - ok
    16:56:49.0507 0x13a8  [ 537FB2F711E65475562FE29877F108E1, D2B486CBF3D4CF4AB5D6CCF34CAA57725C3027A2C3E0A1CF628D33546ACBF072 ] NNSSTRM         C:\Windows\system32\DRIVERS\NNSStrm.sys
    16:56:49.0523 0x13a8  NNSSTRM - ok
    16:56:49.0601 0x13a8  [ 4F37DC4420A00BC6E9D22E3590806BFC, C65CEE11AFA68F9B870FB256AB53A04C32C1F73F6F4F209944815CC96F8FEB17 ] NNSTLSC         C:\Windows\system32\DRIVERS\NNSTlsc.sys
    16:56:49.0601 0x13a8  NNSTLSC - ok
    16:56:49.0632 0x13a8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
    16:56:49.0632 0x13a8  Npfs - ok
    16:56:49.0663 0x13a8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
    16:56:49.0663 0x13a8  nsi - ok
    16:56:49.0694 0x13a8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
    16:56:49.0694 0x13a8  nsiproxy - ok
    16:56:49.0866 0x13a8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
    16:56:49.0928 0x13a8  Ntfs - ok
    16:56:49.0959 0x13a8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
    16:56:49.0975 0x13a8  Null - ok
    16:56:49.0991 0x13a8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
    16:56:49.0991 0x13a8  nvraid - ok
    16:56:50.0037 0x13a8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
    16:56:50.0037 0x13a8  nvstor - ok
    16:56:50.0069 0x13a8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
    16:56:50.0084 0x13a8  nv_agp - ok
    16:56:50.0178 0x13a8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:56:50.0240 0x13a8  odserv - ok
    16:56:50.0271 0x13a8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
    16:56:50.0287 0x13a8  ohci1394 - ok
    16:56:50.0303 0x13a8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:56:50.0318 0x13a8  ose - ok
    16:56:50.0365 0x13a8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
    16:56:50.0381 0x13a8  p2pimsvc - ok
    16:56:50.0412 0x13a8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
    16:56:50.0427 0x13a8  p2psvc - ok
    16:56:50.0490 0x13a8  [ A6B78F395F57E927A0F981D51A00CC5D, D06BFDCF435F80F64F97D225159AFCD3BD77D7D0D9FD6C90E7B89FF47BAC47F0 ] PandaAgent      C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    16:56:50.0490 0x13a8  PandaAgent - ok
    16:56:50.0537 0x13a8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
    16:56:50.0537 0x13a8  Parport - ok
    16:56:50.0583 0x13a8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
    16:56:50.0583 0x13a8  partmgr - ok
    16:56:50.0630 0x13a8  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
    16:56:50.0646 0x13a8  PcaSvc - ok
    16:56:50.0677 0x13a8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
    16:56:50.0693 0x13a8  pci - ok
    16:56:50.0724 0x13a8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
    16:56:50.0724 0x13a8  pciide - ok
    16:56:50.0771 0x13a8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
    16:56:50.0786 0x13a8  pcmcia - ok
    16:56:50.0817 0x13a8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
    16:56:50.0817 0x13a8  pcw - ok
    16:56:50.0864 0x13a8  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
    16:56:50.0895 0x13a8  PEAUTH - ok
    16:56:50.0973 0x13a8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
    16:56:51.0020 0x13a8  PeerDistSvc - ok
    16:56:51.0114 0x13a8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
    16:56:51.0114 0x13a8  PerfHost - ok
    16:56:51.0254 0x13a8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
    16:56:51.0301 0x13a8  pla - ok
    16:56:51.0379 0x13a8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
    16:56:51.0410 0x13a8  PlugPlay - ok
    16:56:51.0426 0x13a8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
    16:56:51.0426 0x13a8  PNRPAutoReg - ok
    16:56:51.0457 0x13a8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
    16:56:51.0473 0x13a8  PNRPsvc - ok
    16:56:51.0535 0x13a8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
    16:56:51.0551 0x13a8  PolicyAgent - ok
    16:56:51.0597 0x13a8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
    16:56:51.0613 0x13a8  Power - ok
    16:56:51.0644 0x13a8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
    16:56:51.0644 0x13a8  PptpMiniport - ok
    16:56:51.0691 0x13a8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
    16:56:51.0691 0x13a8  Processor - ok
    16:56:51.0785 0x13a8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
    16:56:51.0800 0x13a8  ProfSvc - ok
    16:56:51.0831 0x13a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:56:51.0831 0x13a8  ProtectedStorage - ok
    16:56:51.0878 0x13a8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
    16:56:51.0878 0x13a8  Psched - ok
    16:56:51.0925 0x13a8  [ C6FBFC8B41D51A80433D97337515DA39, 10B0DF9E476FE5DED6ABD42372A9F38288207AB11606C03C814FCEF457D4F9BC ] PSINAflt        C:\Windows\system32\DRIVERS\PSINAflt.sys
    16:56:51.0925 0x13a8  PSINAflt - ok
    16:56:51.0956 0x13a8  [ 65D5DB4FA4C17795860DC736B1054EA2, 422B6FF6588355D1774803293EF77F2B8BF22F769244DD575675430C7116EAA7 ] PSINFile        C:\Windows\system32\DRIVERS\PSINFile.sys
    16:56:51.0956 0x13a8  PSINFile - ok
    16:56:51.0972 0x13a8  [ 305FCF2F725B806BC5E69AC95340A271, FCA0EF28DE5F4DAF8E3E4BB70C7668A0E1990CC080D52BA711DFB9CC5C369230 ] PSINKNC         C:\Windows\system32\DRIVERS\psinknc.sys
    16:56:51.0987 0x13a8  PSINKNC - ok
    16:56:52.0019 0x13a8  [ ED6B1CDE5B178B057F64B2AF682EB45A, BDD46380BF51A48982E81F1D5EDAC2D9B16D2C03E886144279F4505ADA247EE2 ] PSINProc        C:\Windows\system32\DRIVERS\PSINProc.sys
    16:56:52.0019 0x13a8  PSINProc - ok
    16:56:52.0050 0x13a8  [ 171F1C6F49142F2D1C174B817F46EC0F, 96F6B021CBEA2F0787A01E323EED626B380DAD13FC91EE4552F4DEEEC95DBD2C ] PSINProt        C:\Windows\system32\DRIVERS\PSINProt.sys
    16:56:52.0050 0x13a8  PSINProt - ok
    16:56:52.0097 0x13a8  [ E962316E38ABC537821C3651AAC0B7CC, 80821A37A035F662CC20C5E8EA8D06E1106F24EA0B6DB35995C6174601E21AFD ] PSINReg         C:\Windows\system32\DRIVERS\PSINReg.sys
    16:56:52.0112 0x13a8  PSINReg - ok
    16:56:52.0143 0x13a8  [ 105ACC469DF34C8BD0D5E68A70C774E5, 983A759339E058AAE779EB9476EC2AEE8B379F0C60E5E2FD73826155827F5518 ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
    16:56:52.0159 0x13a8  PSKMAD - ok
    16:56:52.0190 0x13a8  [ 586823A8CF9F975CE994EA5E05569156, B4AFA337417001CCE867EB809D3F766B2C6B14C53D1C59DE649068557702F88E ] PSUAService     C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    16:56:52.0190 0x13a8  PSUAService - ok
    16:56:52.0206 0x13a8  pumoymyv - ok
    16:56:52.0315 0x13a8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
    16:56:52.0377 0x13a8  ql2300 - ok
    16:56:52.0424 0x13a8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
    16:56:52.0440 0x13a8  ql40xx - ok
    16:56:52.0518 0x13a8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
    16:56:52.0533 0x13a8  QWAVE - ok
    16:56:52.0565 0x13a8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
    16:56:52.0565 0x13a8  QWAVEdrv - ok
    16:56:52.0596 0x13a8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
    16:56:52.0596 0x13a8  RasAcd - ok
    16:56:52.0627 0x13a8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:56:52.0627 0x13a8  RasAgileVpn - ok
    16:56:52.0658 0x13a8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
    16:56:52.0674 0x13a8  RasAuto - ok
    16:56:52.0705 0x13a8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:56:52.0705 0x13a8  Rasl2tp - ok
    16:56:52.0752 0x13a8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
    16:56:52.0767 0x13a8  RasMan - ok
    16:56:52.0799 0x13a8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
    16:56:52.0799 0x13a8  RasPppoe - ok
    16:56:52.0814 0x13a8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
    16:56:52.0814 0x13a8  RasSstp - ok
    16:56:52.0861 0x13a8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
    16:56:52.0861 0x13a8  rdbss - ok
    16:56:52.0908 0x13a8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
    16:56:52.0908 0x13a8  rdpbus - ok
    16:56:52.0923 0x13a8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:56:52.0923 0x13a8  RDPCDD - ok
    16:56:52.0970 0x13a8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
    16:56:52.0986 0x13a8  RDPDR - ok
    16:56:53.0017 0x13a8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
    16:56:53.0017 0x13a8  RDPENCDD - ok
    16:56:53.0033 0x13a8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
    16:56:53.0033 0x13a8  RDPREFMP - ok
    16:56:53.0111 0x13a8  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    16:56:53.0142 0x13a8  RdpVideoMiniport - ok
    16:56:53.0204 0x13a8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
    16:56:53.0220 0x13a8  RDPWD - ok
    16:56:53.0251 0x13a8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
    16:56:53.0267 0x13a8  rdyboost - ok
    16:56:53.0313 0x13a8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
    16:56:53.0313 0x13a8  RemoteAccess - ok
    16:56:53.0376 0x13a8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
    16:56:53.0391 0x13a8  RemoteRegistry - ok
    16:56:53.0407 0x13a8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
    16:56:53.0423 0x13a8  RpcEptMapper - ok
    16:56:53.0438 0x13a8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
    16:56:53.0454 0x13a8  RpcLocator - ok
    16:56:53.0501 0x13a8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
    16:56:53.0516 0x13a8  RpcSs - ok
    16:56:53.0547 0x13a8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
    16:56:53.0563 0x13a8  rspndr - ok
    16:56:53.0625 0x13a8  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
    16:56:53.0641 0x13a8  s3cap - ok
    16:56:53.0672 0x13a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
    16:56:53.0672 0x13a8  SamSs - ok
    16:56:53.0688 0x13a8  SAVRKBootTasks - ok
    16:56:53.0735 0x13a8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
    16:56:53.0735 0x13a8  sbp2port - ok
    16:56:53.0735 0x13a8  SBRE - ok
    16:56:53.0813 0x13a8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
    16:56:53.0828 0x13a8  SCardSvr - ok
    16:56:53.0875 0x13a8  [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D, 64A07303E538A1EE439D4AAD0DEBBD6037219D37B884026701A06E59A729E9C9 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
    16:56:53.0891 0x13a8  SCDEmu - ok
    16:56:53.0922 0x13a8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
    16:56:53.0922 0x13a8  scfilter - ok
    16:56:54.0047 0x13a8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
    16:56:54.0093 0x13a8  Schedule - ok
    16:56:54.0109 0x13a8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
    16:56:54.0125 0x13a8  SCPolicySvc - ok
    16:56:54.0171 0x13a8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
    16:56:54.0187 0x13a8  SDRSVC - ok
    16:56:54.0218 0x13a8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
    16:56:54.0234 0x13a8  secdrv - ok
    16:56:54.0249 0x13a8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
    16:56:54.0265 0x13a8  seclogon - ok
    16:56:54.0281 0x13a8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
    16:56:54.0296 0x13a8  SENS - ok
    16:56:54.0312 0x13a8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
    16:56:54.0312 0x13a8  SensrSvc - ok
    16:56:54.0327 0x13a8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
    16:56:54.0327 0x13a8  Serenum - ok
    16:56:54.0390 0x13a8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
    16:56:54.0390 0x13a8  Serial - ok
    16:56:54.0421 0x13a8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
    16:56:54.0421 0x13a8  sermouse - ok
    16:56:54.0483 0x13a8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
    16:56:54.0499 0x13a8  SessionEnv - ok
    16:56:54.0530 0x13a8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
    16:56:54.0546 0x13a8  sffdisk - ok
    16:56:54.0561 0x13a8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
    16:56:54.0561 0x13a8  sffp_mmc - ok
    16:56:54.0577 0x13a8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
    16:56:54.0577 0x13a8  sffp_sd - ok
    16:56:54.0624 0x13a8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
    16:56:54.0639 0x13a8  sfloppy - ok
    16:56:54.0702 0x13a8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
    16:56:54.0717 0x13a8  SharedAccess - ok
    16:56:54.0764 0x13a8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:56:54.0780 0x13a8  ShellHWDetection - ok
    16:56:54.0827 0x13a8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:56:54.0827 0x13a8  SiSRaid2 - ok
    16:56:54.0858 0x13a8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
    16:56:54.0873 0x13a8  SiSRaid4 - ok
    16:56:54.0983 0x13a8  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:56:54.0998 0x13a8  SkypeUpdate - ok
    16:56:55.0029 0x13a8  slb - ok
    16:56:55.0076 0x13a8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
    16:56:55.0092 0x13a8  Smb - ok
    16:56:55.0139 0x13a8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
    16:56:55.0154 0x13a8  SNMPTRAP - ok
    16:56:55.0185 0x13a8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
    16:56:55.0185 0x13a8  spldr - ok
    16:56:55.0248 0x13a8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
    16:56:55.0263 0x13a8  Spooler - ok
    16:56:55.0451 0x13a8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
    16:56:55.0622 0x13a8  sppsvc - ok
    16:56:55.0685 0x13a8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
    16:56:55.0700 0x13a8  sppuinotify - ok
    16:56:55.0747 0x13a8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
    16:56:55.0763 0x13a8  srv - ok
    16:56:55.0809 0x13a8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
    16:56:55.0825 0x13a8  srv2 - ok
    16:56:55.0856 0x13a8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
    16:56:55.0872 0x13a8  srvnet - ok
    16:56:55.0934 0x13a8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
    16:56:55.0950 0x13a8  SSDPSRV - ok
    16:56:55.0997 0x13a8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
    16:56:55.0997 0x13a8  SstpSvc - ok
    16:56:56.0043 0x13a8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
    16:56:56.0043 0x13a8  stexstor - ok
    16:56:56.0121 0x13a8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
    16:56:56.0137 0x13a8  stisvc - ok
    16:56:56.0184 0x13a8  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
    16:56:56.0184 0x13a8  storflt - ok
    16:56:56.0215 0x13a8  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
    16:56:56.0215 0x13a8  storvsc - ok
    16:56:56.0246 0x13a8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
    16:56:56.0246 0x13a8  swenum - ok
    16:56:56.0293 0x13a8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
    16:56:56.0309 0x13a8  swprv - ok
    16:56:56.0324 0x13a8  Synth3dVsc - ok
    16:56:56.0465 0x13a8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
    16:56:56.0527 0x13a8  SysMain - ok
    16:56:56.0589 0x13a8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:56:56.0589 0x13a8  TabletInputService - ok
    16:56:56.0636 0x13a8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
    16:56:56.0652 0x13a8  TapiSrv - ok
    16:56:56.0714 0x13a8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
    16:56:56.0714 0x13a8  TBS - ok
    16:56:56.0839 0x13a8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
    16:56:56.0901 0x13a8  Tcpip - ok
    16:56:56.0979 0x13a8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
    16:56:57.0042 0x13a8  TCPIP6 - ok
    16:56:57.0089 0x13a8  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
    16:56:57.0089 0x13a8  tcpipreg - ok
    16:56:57.0135 0x13a8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
    16:56:57.0135 0x13a8  TDPIPE - ok
    16:56:57.0167 0x13a8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
    16:56:57.0182 0x13a8  TDTCP - ok
    16:56:57.0213 0x13a8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
    16:56:57.0229 0x13a8  tdx - ok
    16:56:57.0260 0x13a8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
    16:56:57.0260 0x13a8  TermDD - ok
    16:56:57.0354 0x13a8  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
    16:56:57.0369 0x13a8  TermService - ok
    16:56:57.0401 0x13a8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
    16:56:57.0416 0x13a8  Themes - ok
    16:56:57.0447 0x13a8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
    16:56:57.0463 0x13a8  THREADORDER - ok
    16:56:57.0479 0x13a8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
    16:56:57.0479 0x13a8  TrkWks - ok
    16:56:57.0557 0x13a8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:56:57.0557 0x13a8  TrustedInstaller - ok
    16:56:57.0619 0x13a8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:56:57.0619 0x13a8  tssecsrv - ok
    16:56:57.0650 0x13a8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
    16:56:57.0666 0x13a8  TsUsbFlt - ok
    16:56:57.0666 0x13a8  tsusbhub - ok
    16:56:57.0853 0x13a8  [ 258C050D197D923668B36C8D3F6A2353, 9A8CDC8FDCF24986FE963566591E2B535653837A8A63EE462126D336E6F94E97 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
    16:56:57.0931 0x13a8  TuneUp.UtilitiesSvc - ok
    16:56:57.0993 0x13a8  [ 45427C4B8CAC6B241478F149B935CD80, 7F772D6D00D1ADD394F5907804661C75780EE9F8DF21EF0719D3E4ABA00092B7 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
    16:56:58.0009 0x13a8  TuneUpUtilitiesDrv - ok
    16:56:58.0056 0x13a8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
    16:56:58.0071 0x13a8  tunnel - ok
    16:56:58.0103 0x13a8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
    16:56:58.0118 0x13a8  uagp35 - ok
    16:56:58.0181 0x13a8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
    16:56:58.0181 0x13a8  udfs - ok
    16:56:58.0259 0x13a8  [ 5FFB3DBF534A94BC452222B720E8B98A, CABDF03D89201B068BF0683E641D750BBD03F9A918D35E87DC2C364D752C2A10 ] UI Assistant Service C:\Program Files (x86)\Join Air\AssistantServices.exe
    16:56:58.0274 0x13a8  UI Assistant Service - ok
    16:56:58.0337 0x13a8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
    16:56:58.0337 0x13a8  UI0Detect - ok
    16:56:58.0383 0x13a8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
    16:56:58.0399 0x13a8  uliagpkx - ok
    16:56:58.0430 0x13a8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
    16:56:58.0446 0x13a8  umbus - ok
    16:56:58.0477 0x13a8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
    16:56:58.0493 0x13a8  UmPass - ok
    16:56:58.0539 0x13a8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
    16:56:58.0555 0x13a8  UmRdpService - ok
    16:56:58.0758 0x13a8  [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    16:56:58.0851 0x13a8  UNS - ok
    16:56:58.0898 0x13a8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
    16:56:58.0914 0x13a8  upnphost - ok
    16:56:58.0929 0x13a8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
    16:56:58.0945 0x13a8  usbaudio - ok
    16:56:58.0961 0x13a8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
    16:56:58.0976 0x13a8  usbccgp - ok
    16:56:59.0007 0x13a8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
    16:56:59.0023 0x13a8  usbcir - ok
    16:56:59.0070 0x13a8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
    16:56:59.0070 0x13a8  usbehci - ok
    16:56:59.0117 0x13a8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
    16:56:59.0132 0x13a8  usbhub - ok
    16:56:59.0179 0x13a8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
    16:56:59.0179 0x13a8  usbohci - ok
    16:56:59.0226 0x13a8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
    16:56:59.0226 0x13a8  usbprint - ok
    16:56:59.0273 0x13a8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
    16:56:59.0273 0x13a8  usbscan - ok
    16:56:59.0335 0x13a8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:56:59.0351 0x13a8  USBSTOR - ok
    16:56:59.0382 0x13a8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
    16:56:59.0397 0x13a8  usbuhci - ok
    16:56:59.0429 0x13a8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
    16:56:59.0444 0x13a8  usbvideo - ok
    16:56:59.0475 0x13a8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
    16:56:59.0491 0x13a8  UxSms - ok
    16:56:59.0538 0x13a8  [ 97BCD40E27C46B398524DF9B4DC88A6F, D1466C414B6044B65D63138B3C42B54B3B6E54AD40613E171F980D0E0D9627B5 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
    16:56:59.0553 0x13a8  UxTuneUp - ok
    16:56:59.0585 0x13a8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
    16:56:59.0585 0x13a8  VaultSvc - ok
    16:56:59.0631 0x13a8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
    16:56:59.0631 0x13a8  vdrvroot - ok
    16:56:59.0725 0x13a8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
    16:56:59.0741 0x13a8  vds - ok
    16:56:59.0803 0x13a8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
    16:56:59.0819 0x13a8  vga - ok
    16:56:59.0850 0x13a8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
    16:56:59.0850 0x13a8  VgaSave - ok
    16:56:59.0865 0x13a8  VGPU - ok
    16:56:59.0928 0x13a8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
    16:56:59.0943 0x13a8  vhdmp - ok
    16:56:59.0990 0x13a8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
    16:56:59.0990 0x13a8  viaide - ok
    16:57:00.0037 0x13a8  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
    16:57:00.0037 0x13a8  vmbus - ok
    16:57:00.0068 0x13a8  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
    16:57:00.0084 0x13a8  VMBusHID - ok
    16:57:00.0115 0x13a8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
    16:57:00.0115 0x13a8  volmgr - ok
    16:57:00.0146 0x13a8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
    16:57:00.0162 0x13a8  volmgrx - ok
    16:57:00.0193 0x13a8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
    16:57:00.0193 0x13a8  volsnap - ok
    16:57:00.0287 0x13a8  [ 8F1E531D36D95B0586DA00D546AB8B9A, 206C568E3698096D2C2C2E5BAB53382B74DEF2B354E6029E7C34912A55A0897C ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
    16:57:00.0318 0x13a8  Vsdatant - ok
    16:57:00.0583 0x13a8  [ 21D22AC9B8B33AF6EEEBDB10D1661C37, 56C7A8E5C3084163342A433FD20DE8E9931C1C293B49C0F9CD9C8F45A56D135B ] vsmon           C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    16:57:00.0677 0x13a8  vsmon - ok
    16:57:00.0739 0x13a8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
    16:57:00.0755 0x13a8  vsmraid - ok
    16:57:00.0879 0x13a8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
    16:57:00.0942 0x13a8  VSS - ok
    16:57:00.0957 0x13a8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
    16:57:00.0957 0x13a8  vwifibus - ok
    16:57:00.0989 0x13a8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
    16:57:00.0989 0x13a8  vwififlt - ok
    16:57:01.0051 0x13a8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
    16:57:01.0067 0x13a8  W32Time - ok
    16:57:01.0113 0x13a8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
    16:57:01.0113 0x13a8  WacomPen - ok
    16:57:01.0160 0x13a8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
    16:57:01.0176 0x13a8  WANARP - ok
    16:57:01.0191 0x13a8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
    16:57:01.0207 0x13a8  Wanarpv6 - ok
    16:57:01.0316 0x13a8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
    16:57:01.0363 0x13a8  WatAdminSvc - ok
    16:57:01.0472 0x13a8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
    16:57:01.0519 0x13a8  wbengine - ok
    16:57:01.0566 0x13a8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
    16:57:01.0581 0x13a8  WbioSrvc - ok
    16:57:01.0644 0x13a8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
    16:57:01.0675 0x13a8  wcncsvc - ok
    16:57:01.0722 0x13a8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:57:01.0722 0x13a8  WcsPlugInService - ok
    16:57:01.0769 0x13a8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
    16:57:01.0769 0x13a8  Wd - ok
    16:57:01.0847 0x13a8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
    16:57:01.0862 0x13a8  Wdf01000 - ok
    16:57:01.0893 0x13a8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
    16:57:01.0893 0x13a8  WdiServiceHost - ok
    16:57:01.0909 0x13a8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
    16:57:01.0909 0x13a8  WdiSystemHost - ok
    16:57:01.0956 0x13a8  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
    16:57:01.0956 0x13a8  WebClient - ok
    16:57:02.0018 0x13a8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
    16:57:02.0034 0x13a8  Wecsvc - ok
    16:57:02.0065 0x13a8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
    16:57:02.0065 0x13a8  wercplsupport - ok
    16:57:02.0096 0x13a8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
    16:57:02.0096 0x13a8  WerSvc - ok
    16:57:02.0127 0x13a8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
    16:57:02.0127 0x13a8  WfpLwf - ok
    16:57:02.0174 0x13a8  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
    16:57:02.0190 0x13a8  WimFltr - ok
    16:57:02.0221 0x13a8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
    16:57:02.0221 0x13a8  WIMMount - ok
    16:57:02.0252 0x13a8  WinDefend - ok
    16:57:02.0268 0x13a8  WinHttpAutoProxySvc - ok
    16:57:02.0361 0x13a8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
    16:57:02.0377 0x13a8  Winmgmt - ok
    16:57:02.0486 0x13a8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
    16:57:02.0564 0x13a8  WinRM - ok
    16:57:02.0627 0x13a8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
    16:57:02.0627 0x13a8  WinUsb - ok
    16:57:02.0720 0x13a8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
    16:57:02.0751 0x13a8  Wlansvc - ok
    16:57:02.0783 0x13a8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
    16:57:02.0798 0x13a8  WmiAcpi - ok
    16:57:02.0845 0x13a8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
    16:57:02.0861 0x13a8  wmiApSrv - ok
    16:57:02.0892 0x13a8  WMPNetworkSvc - ok
    16:57:02.0923 0x13a8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
    16:57:02.0923 0x13a8  WPCSvc - ok
    16:57:02.0954 0x13a8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
    16:57:02.0970 0x13a8  WPDBusEnum - ok
    16:57:03.0001 0x13a8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
    16:57:03.0001 0x13a8  ws2ifsl - ok
    16:57:03.0048 0x13a8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
    16:57:03.0063 0x13a8  wscsvc - ok
    16:57:03.0079 0x13a8  WSearch - ok
    16:57:03.0251 0x13a8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
    16:57:03.0329 0x13a8  wuauserv - ok
    16:57:03.0375 0x13a8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
    16:57:03.0375 0x13a8  WudfPf - ok
    16:57:03.0438 0x13a8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:57:03.0453 0x13a8  WUDFRd - ok
    16:57:03.0500 0x13a8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
    16:57:03.0500 0x13a8  wudfsvc - ok
    16:57:03.0547 0x13a8  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
    16:57:03.0609 0x13a8  WwanSvc - ok
    16:57:03.0625 0x13a8  X6va008 - ok
    16:57:03.0641 0x13a8  X6va009 - ok
    16:57:03.0641 0x13a8  X6va010 - ok
    16:57:03.0656 0x13a8  X6va011 - ok
    16:57:03.0719 0x13a8  X6va012 - ok
    16:57:03.0843 0x13a8  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    16:57:03.0875 0x13a8  YahooAUService - ok
    16:57:03.0953 0x13a8  [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
    16:57:03.0953 0x13a8  ZAPrivacyService - ok
    16:57:04.0015 0x13a8  [ F98415E5B83742C901D0A336972509A0, 12AA44AC32404744B0F19F1F01DA29F66436860E47257A2BF63F2293E0B9FE14 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    16:57:04.0015 0x13a8  ZTEusbmdm6k - ok
    16:57:04.0031 0x13a8  [ F98415E5B83742C901D0A336972509A0, 12AA44AC32404744B0F19F1F01DA29F66436860E47257A2BF63F2293E0B9FE14 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    16:57:04.0046 0x13a8  ZTEusbnmea - ok
    16:57:04.0077 0x13a8  [ F98415E5B83742C901D0A336972509A0, 12AA44AC32404744B0F19F1F01DA29F66436860E47257A2BF63F2293E0B9FE14 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    16:57:04.0077 0x13a8  ZTEusbser6k - ok
    16:57:04.0093 0x13a8  ================ Scan global ===============================
    16:57:04.0171 0x13a8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    16:57:04.0218 0x13a8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    16:57:04.0249 0x13a8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    16:57:04.0296 0x13a8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    16:57:04.0327 0x13a8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    16:57:04.0327 0x13a8  [ Global ] - ok
    16:57:04.0327 0x13a8  ================ Scan MBR ==================================
    16:57:04.0343 0x13a8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    16:57:05.0076 0x13a8  \Device\Harddisk0\DR0 - ok
    16:57:05.0076 0x13a8  ================ Scan VBR ==================================
    16:57:05.0091 0x13a8  [ 4A7FCD48906E0266193D0D06684B5746 ] \Device\Harddisk0\DR0\Partition1
    16:57:05.0091 0x13a8  \Device\Harddisk0\DR0\Partition1 - ok
    16:57:05.0107 0x13a8  [ 468E6996FD83B916D5983749C7924B19 ] \Device\Harddisk0\DR0\Partition2
    16:57:05.0107 0x13a8  \Device\Harddisk0\DR0\Partition2 - ok
    16:57:05.0138 0x13a8  [ 89D22A73C6F9634C0AB2EF42241A4BF9 ] \Device\Harddisk0\DR0\Partition3
    16:57:05.0138 0x13a8  \Device\Harddisk0\DR0\Partition3 - ok
    16:57:05.0138 0x13a8  ================ Scan generic autorun ======================
    16:57:05.0185 0x13a8  [ C67DF16A1E07EA4776E6CBD6CA862110, 66D2D0CBA70476225FABA5C7BFF9EAB3C5AF0DA1841A4078FD3066A310C9A658 ] C:\Windows\system32\igfxtray.exe
    16:57:05.0185 0x13a8  IgfxTray - ok
    16:57:05.0232 0x13a8  [ E92B6F3A5950E2F12230E1924CCE2238, F5FD40E34AE98D34D8BA6AE5ABB11214D4B091B9AB44C999D7E6C8C56975AC41 ] C:\Windows\system32\hkcmd.exe
    16:57:05.0247 0x13a8  HotKeysCmds - ok
    16:57:05.0263 0x13a8  ETDCtrl - ok
    16:57:05.0325 0x13a8  [ 4490896F4491FD5F1BE601BA9C8245BD, 53709493AFDDE795A08F5E54FCF210479304B998522A06054AA9FAF514C8F1C6 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    16:57:05.0357 0x13a8  AmIcoSinglun64 - ok
    16:57:05.0481 0x13a8  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    16:57:05.0544 0x13a8  RtHDVBg - ok
    16:57:05.0591 0x13a8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
    16:57:05.0591 0x13a8  B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll - ok
    16:57:05.0591 0x13a8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
    16:57:05.0606 0x13a8  B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll - ok
    16:57:05.0606 0x13a8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
    16:57:05.0606 0x13a8  B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll - ok
    16:57:05.0622 0x13a8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
    16:57:05.0622 0x13a8  B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll - ok
    16:57:05.0934 0x13a8  [ 6CB991E0323CE1901C0DD5857418E0F2, 70A52109C9A5DB932F0AEA60CBF7F5AF7747F5433446CBE133B236F9F0AB7A4D ] C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe
    16:57:06.0246 0x13a8  Messenger (Yahoo!) - ok
    16:57:06.0355 0x13a8  [ C8BC9A2DC599F1A52DC6B42FDD47B01E, F32F869EFA1E8ACECC9BDE7D0C9460EF3C85482629A22C4C7BEABE644B9C7E97 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
    16:57:06.0386 0x13a8  FlashPlayerUpdate - ok
    16:57:06.0417 0x13a8  AV detected via SS2: Panda Free Antivirus, C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x71000 ( enabled : updated )
    16:57:06.0433 0x13a8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x60000 ( disabled : updated )
    16:57:06.0464 0x13a8  FW detected via SS2: ZoneAlarm Free Firewall Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.3.209.0 ), 0x40010 ( disabled )
    16:57:06.0464 0x13a8  FW detected via SS2: Panda Firewall, C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x70010 ( disabled )
    16:57:06.0480 0x13a8  Win FW state via NFP2: enabled
    16:57:06.0480 0x13a8  ============================================================
    16:57:06.0480 0x13a8  Scan finished
    16:57:06.0480 0x13a8  ============================================================
    16:57:06.0495 0x0ea0  Detected object count: 0
    16:57:06.0495 0x0ea0  Actual detected object count: 0

     

     



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 November 2014 - 11:09 AM

    Go ahead and run a new scan with FRST, be sure to checkmark Additions and post both logs



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 04 November 2014 - 11:42 AM

    Here they are...Also I forgot about it, but I assume translation is not a problem?

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
    Ran by Iuliu (administrator) on RAMONA-PC on 04-11-2014 19:32:46
    Running from C:\Users\Iuliu\Desktop
    Loaded Profile: Iuliu (Available profiles: Ramona & Iuliu)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Română (România)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    () C:\Program Files (x86)\Join Air\UIExec.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Join Air\UIExec.exe [139088 2011-02-14] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283712 2013-10-30] (Filefacts.net)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
    HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3781310032-3316471014-4203319439-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632 2014-07-09] (Adobe Systems Incorporated)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    BootExecute: autocheck autochk * lsdeletePCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
    GroupPolicyUsers\S-1-5-21-3781310032-3316471014-4203319439-1001\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nyaa.se/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro-RO
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x75506ACFAEDBCF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://utw.me/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3781310032-3316471014-4203319439-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Hosts: 127.0.0.1 localhost

    FireFox:
    ========
    FF ProfilePath: C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Iuliu\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Iuliu\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Iuliu\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: Lavasoft Search Plugin - C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-10-21]
    FF Extension: Windows Photo Viewer Gallery Interface - C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\Extensions\{32603E18-7893-D30E-792A-801055CDA1F3} [2014-09-06]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-16]

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Profile: C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jombbjeacppmnbiehjpajljeohfkdlgi [2014-05-21]
    CHR Profile: C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Drive) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-05]
    CHR Extension: (YouTube) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-05]
    CHR Extension: (Google Search) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-05]
    CHR Extension: (Skype Click to Call) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-04]
    CHR Extension: (Google Wallet) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-05]
    CHR Extension: (Gmail) - C:\Users\Iuliu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-05]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
    CHR StartMenuInternet: Google Chrome - C:\Users\Iuliu\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
    S2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [261456 2011-02-14] ()
    S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-19] (GFI Software)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    S3 MEMSWEEP2; C:\Windows\system32\6EF9.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
    S1 pumoymyv; No ImagePath
    S1 SAVRKBootTasks; C:\Windows\SysWOW64\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc) [File not signed]
    S1 SBRE; No ImagePath
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
    S3 X6va008; No ImagePath
    S3 X6va009; No ImagePath
    S3 X6va010; No ImagePath
    S3 X6va011; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 slb; \??\D:\Aeria\ScarletBlade\avital\scarlb64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-04 19:32 - 2014-11-04 19:34 - 00023229 _____ () C:\Users\Iuliu\Desktop\FRST.txt
    2014-11-04 16:53 - 2014-10-28 18:00 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Iuliu\Desktop\TDSSKiller.exe
    2014-11-03 20:07 - 2014-11-04 18:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-03 20:06 - 2014-11-03 20:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-03 20:06 - 2014-11-03 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-03 20:06 - 2014-11-03 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-03 20:06 - 2014-11-03 20:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-03 20:06 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-03 20:06 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-03 20:06 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-03 17:57 - 2014-11-03 17:57 - 00000903 _____ () C:\Users\Iuliu\Desktop\JRT.txt
    2014-11-03 16:45 - 2014-11-03 16:45 - 01706359 _____ (Thisisu) C:\Users\Iuliu\Desktop\JRT.exe
    2014-11-03 16:17 - 2014-11-04 09:36 - 00001508 _____ () C:\Windows\PFRO.log
    2014-11-03 13:56 - 2014-11-04 19:32 - 00000000 ____D () C:\FRST
    2014-11-03 13:55 - 2014-11-03 13:55 - 02114560 _____ (Farbar) C:\Users\Iuliu\Desktop\FRST64.exe
    2014-11-02 09:26 - 2014-11-02 09:26 - 00456624 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-01 20:37 - 2014-11-01 20:37 - 05192704 _____ (AVAST Software) C:\Users\Iuliu\Desktop\aswMBR.exe
    2014-11-01 15:30 - 2014-11-01 15:30 - 00109672 _____ () C:\Users\Iuliu\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-01 09:46 - 2014-11-04 19:27 - 00000728 _____ () C:\Windows\setupact.log
    2014-11-01 09:46 - 2014-11-01 09:46 - 00000000 _____ () C:\Windows\setuperr.log
    2014-10-30 07:55 - 2014-03-25 15:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2014-10-29 20:00 - 2014-10-29 20:00 - 00021075 _____ () C:\ComboFix.txt
    2014-10-29 18:38 - 2014-10-29 18:39 - 00870336 _____ (Opera Software) C:\Users\Iuliu\Downloads\Opera_NI_stable.exe
    2014-10-29 18:36 - 2014-10-29 18:36 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\Opera Software
    2014-10-29 18:36 - 2014-10-29 18:36 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\Opera Software
    2014-10-29 18:35 - 2014-10-31 09:46 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414600540
    2014-10-29 18:35 - 2014-10-31 09:46 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 25.lnk
    2014-10-29 18:35 - 2014-10-29 18:35 - 00001139 _____ () C:\Users\Public\Desktop\Opera 25.lnk
    2014-10-29 16:16 - 2014-10-29 16:16 - 00001225 _____ () C:\Users\Iuliu\Desktop\TreeSize Free.lnk
    2014-10-29 16:16 - 2014-10-29 16:16 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\JAM Software
    2014-10-29 16:16 - 2014-10-29 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
    2014-10-29 16:16 - 2014-10-29 16:16 - 00000000 ____D () C:\Program Files (x86)\JAM Software
    2014-10-29 16:15 - 2014-10-29 16:15 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\ImgBurn
    2014-10-29 16:05 - 2014-10-29 16:05 - 00001881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    2014-10-29 16:05 - 2014-10-29 16:05 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
    2014-10-29 16:05 - 2014-10-29 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2014-10-29 16:05 - 2014-10-29 16:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
    2014-10-28 12:06 - 2014-10-28 15:01 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\Uzixso
    2014-10-26 15:21 - 2014-10-26 15:23 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
    2014-10-26 15:21 - 2014-10-26 15:21 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    2014-10-26 15:21 - 2014-10-26 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    2014-10-26 15:20 - 2014-10-26 15:21 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
    2014-10-26 15:19 - 2014-10-26 15:19 - 00000000 ____D () C:\ProgramData\CheckPoint
    2014-10-26 10:27 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-26 10:27 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-26 10:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-26 10:27 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-25 16:12 - 2014-10-25 16:13 - 05583977 ____R (Swearware) C:\Users\Iuliu\Desktop\ComboFix.exe
    2014-10-24 23:41 - 2014-10-24 23:41 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
    2014-10-24 14:31 - 2014-10-24 14:31 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2014-10-16 12:08 - 2014-10-16 12:08 - 00033568 _____ () C:\Users\Iuliu\AppData\Local\2ete64.vas
    2014-10-15 20:23 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 20:23 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 20:23 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 20:23 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 20:23 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 20:23 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 20:23 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 20:23 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 20:23 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 20:23 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 20:23 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 20:23 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 20:23 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 20:23 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 20:23 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 20:23 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 20:23 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 20:23 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 20:23 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 20:23 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 20:23 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 20:23 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 20:23 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 20:23 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 20:23 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 20:23 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 20:23 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 20:23 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 20:23 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 20:23 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 20:23 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 20:23 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 20:23 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 20:23 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 20:23 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 20:23 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 20:23 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 20:23 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 20:23 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 20:23 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 20:23 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 20:23 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 20:23 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 20:23 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 20:23 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 20:23 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 20:23 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 20:23 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 20:23 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 20:23 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 20:23 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 20:23 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 20:23 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 20:23 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 20:23 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 20:23 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 20:22 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 20:22 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-15 20:22 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-10-15 20:22 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-15 20:22 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-15 20:22 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-10-15 20:22 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-15 20:22 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2014-10-15 20:22 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-15 20:22 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-10-15 20:22 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-15 20:22 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-15 20:22 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-15 20:22 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-15 20:22 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-15 20:22 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-10-15 20:22 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 20:22 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 20:21 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 20:21 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 20:21 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-10-15 20:21 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-10-15 20:21 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-10-15 20:21 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2014-10-15 20:21 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2014-10-15 20:21 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2014-10-15 20:21 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2014-10-15 20:21 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-15 20:21 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-15 20:21 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-10-15 20:21 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-15 20:21 - 2014-07-17 04:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 20:21 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 20:21 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 20:21 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-15 20:21 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 20:21 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 20:21 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 20:21 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-15 20:21 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-10-15 20:21 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-10-15 20:21 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-10-15 20:21 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-10-15 20:21 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-10-15 20:21 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-15 20:21 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-10-15 20:21 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-15 20:21 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-15 20:21 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-15 20:21 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-15 20:21 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-15 20:21 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-15 20:21 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-10-15 20:21 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-10-15 20:21 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-10-15 20:20 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 20:20 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-14 10:17 - 2014-10-17 20:25 - 00003036 _____ () C:\Windows\SysWOW64\BroomData.bit

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-04 19:33 - 2013-11-11 13:39 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-11-04 19:31 - 2012-07-06 18:37 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\BitComet
    2014-11-04 19:03 - 2012-09-10 13:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-04 18:47 - 2013-09-14 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-04 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
    2014-11-04 15:08 - 2012-05-05 18:56 - 02006769 _____ () C:\Windows\WindowsUpdate.log
    2014-11-04 14:56 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 14:56 - 2009-07-14 06:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 11:03 - 2012-09-10 13:42 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-04 09:36 - 2013-01-03 00:52 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-11-04 09:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-03 21:04 - 2014-09-25 17:19 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\YhPack
    2014-11-03 16:16 - 2014-06-07 19:16 - 00000000 ____D () C:\AdwCleaner
    2014-11-03 16:09 - 2012-07-02 17:54 - 00000000 ____D () C:\Zerg
    2014-11-03 13:08 - 2014-09-25 17:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-03 12:59 - 2012-07-06 01:56 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\vlc
    2014-11-03 12:39 - 2014-08-15 23:02 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\CrashDumps
    2014-11-02 09:31 - 2009-07-14 07:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-01 19:45 - 2012-10-19 16:12 - 00000000 ____D () C:\Users\Iuliu\AppData\Roaming\tigerplayer
    2014-10-31 09:46 - 2012-08-29 20:08 - 00000000 ____D () C:\Program Files (x86)\Opera
    2014-10-30 13:25 - 2012-05-05 14:42 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-29 20:00 - 2014-09-25 18:02 - 00000000 ____D () C:\Qoobox
    2014-10-29 19:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-29 18:44 - 2012-10-21 21:52 - 00007669 _____ () C:\Users\Iuliu\AppData\Local\Resmon.ResmonCfg
    2014-10-29 17:03 - 2014-08-29 09:41 - 00000282 _____ () C:\Users\Iuliu\AppData\Roaming\burnaware.ini
    2014-10-28 12:58 - 2014-09-22 07:55 - 00000000 ____D () C:\Users\Iuliu\Desktop\####### cleanup!
    2014-10-27 13:17 - 2014-09-06 22:51 - 00000000 ____D () C:\Users\Iuliu\AppData\Local\Efbtion
    2014-10-26 19:44 - 2014-02-05 12:08 - 00000000 ____D () C:\Users\Iuliu\Desktop\ST
    2014-10-25 21:13 - 2012-07-02 19:45 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-10-23 11:52 - 2014-10-02 11:14 - 00003134 _____ () C:\Windows\system32\.crusader
    2014-10-16 20:56 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
    2014-10-16 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-16 02:06 - 2012-05-05 15:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-08 08:10 - 2009-07-14 07:08 - 00032482 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    Some content of TEMP:
    ====================
    C:\Users\Iuliu\AppData\Local\Temp\Bit99BA.tmp.exe
    C:\Users\Iuliu\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Iuliu\AppData\Local\Temp\Quarantine.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-10-26 13:52

    ==================== End Of Log ============================

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
    Ran by Iuliu at 2014-11-04 19:34:52
    Running from C:\Users\Iuliu\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
    FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    AC3Filter 1.62b (HKLM-x32\...\AC3Filter_is1) (Version: 1.62b - Alexander Vigovsky)
    AChat v0.150 (HKLM-x32\...\AChat_is1) (Version: 0.150 - SourceForge.NET)
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
    AML Free Registry Cleaner 4.22 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
    ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{33B98264-A889-4913-A0CA-C364A75032B3}) (Version: 1.1.45 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0034 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.23 - asus)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    BitComet 1.32 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.32 - CometNetwork)
    BurnAware Free 4.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
    CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
    CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
    Combined Community Codec Pack 2013-05-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
    Dawngate (HKLM-x32\...\{E20BD715-3CAF-4A6C-A7F5-8F2216710B90}) (Version: 174.83.27.0 - Electronic Arts, Inc.)
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
    eMule (HKLM-x32\...\eMule) (Version:  - )
    ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
    Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.4.3607.2246 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.21.135 - Google Inc.) Hidden
    Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version:  - )
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.1.5 - ASUS)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
    Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
    K-Lite Codec Pack 9.5.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.5.5 - )
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Media Player Codec Pack 4.2.8 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.8 - Media Player Codec Pack)
    MediaInfo 0.7.61 (HKLM\...\MediaInfo) (Version: 0.7.61 - MediaArea.net)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
    One Finger Death Punch 1.0 (HKLM-x32\...\One Finger Death Punch 1.0) (Version: 1.0 - Cat-A-Cat)
    Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
    Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
    Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.03 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.01.0000 - Panda Security)
    Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
    Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.0.10 - Panda Security)
    Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.1.4 - Panda Security)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
    Registration Code Creator (HKCU\...\Registration Code Creator) (Version:  - )
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    Smart File Advisor 1.1.3 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.3 - Filefacts.net)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
    Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Torchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 0.0.66.192 - )
    Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
    TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
    TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.0 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Wireless Console 3 (HKLM-x32\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.24 - ASUS)
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
    ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
    ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2014-11-03 13:36 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {072ACE0D-B143-4DB2-9F62-287AE2DB0AB7} - \Ad-Aware Antivirus Scheduled Scan No Task File <==== ATTENTION
    Task: {0EC40DE3-21CC-4EBE-83C0-0A57FB9CFB2C} - \{1ECF109E-52FB-45C5-BEC5-F0254EA032C2} No Task File <==== ATTENTION
    Task: {142661E6-D8ED-4C87-8B51-67DABB60E8AE} - \Security Center Update - 3825875842 No Task File <==== ATTENTION
    Task: {16B4404E-BA1E-4803-8948-05449465C888} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {19B7B516-C709-47B9-8E08-1E5C174B53A8} - \RunAsStdUser Task No Task File <==== ATTENTION
    Task: {1D7F515E-B26F-4ACC-A41E-563C837F97E2} - \GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001UA No Task File <==== ATTENTION
    Task: {2497FA7B-1DC2-4B3F-ADC7-D5C2BF2C6C70} - \Java Update Scheduler No Task File <==== ATTENTION
    Task: {29D47AB6-06EB-463B-A4F3-0CC7262C6B8A} - \ASUS P4G No Task File <==== ATTENTION
    Task: {3AF8454B-F2E2-4145-B5E7-EE497D0AD7A9} - \Google Updater and Installer No Task File <==== ATTENTION
    Task: {3CBF3A39-DE2F-4C54-91DF-436B0D137936} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
    Task: {45C4E656-679F-42A6-A7F8-49078CED8899} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
    Task: {48A4444D-D1D8-4C4F-967B-39F3E9A8C990} - \CreateChoiceProcessTask No Task File <==== ATTENTION
    Task: {4E1B4B2B-1C3D-42B3-B155-A1F1A71F05A1} - \{C93DB00C-0760-452B-8086-77EACFEF8C8A} No Task File <==== ATTENTION
    Task: {5A4D89D9-9222-4FD6-94E2-D330AAD0813E} - \Adobe Flash Player Updater No Task File <==== ATTENTION
    Task: {60CE4822-488F-4A2C-A9CD-26245FFD0C0F} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {610AB026-ABA4-4B69-8183-3CC7713AF425} - \Adobe online update program No Task File <==== ATTENTION
    Task: {6AEAE114-5775-4D45-A578-D248E54BA6AE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3781310032-3316471014-4203319439-1001
    Task: {7D42536D-B38C-40DA-B931-2639582F03EA} - \SidebarExecute No Task File <==== ATTENTION
    Task: {950C1C35-DAD5-4704-98AF-3F7B8B4658B8} - \{81761E4E-004B-4D46-9AAE-AD52E8F0E552} No Task File <==== ATTENTION
    Task: {95A5A710-13C4-49FF-86F4-E1DDA408B584} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
    Task: {A9E855EB-F896-4EDA-9059-B791FDEE51F8} - System32\Tasks\Opera scheduled Autoupdate 1414600540 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
    Task: {ACF60D16-BB7A-4377-AC6D-C62295C5B711} - \DivX online update program No Task File <==== ATTENTION
    Task: {BF548809-433A-4479-ACEC-97B89DE67308} - \CCleanerSkipUAC No Task File <==== ATTENTION
    Task: {C7E963F0-79CD-4557-9C4A-B6A233A8EA83} - \ACMON No Task File <==== ATTENTION
    Task: {E276E95F-51DA-42ED-8F34-F2D3DFFA0FA0} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
    Task: {E2915857-2348-4432-BE59-0AEC4D6F8B63} - \{B8141B8F-E823-4729-B571-6B7FE8702BFE} No Task File <==== ATTENTION
    Task: {E55B70FE-6DEA-4A5C-BED2-42E730498421} - \ATKOSD2 No Task File <==== ATTENTION
    Task: {E802850A-AC4F-4B15-A669-552C3ED278EF} - \GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001Core No Task File <==== ATTENTION
    Task: {EE3E6F0B-6C3B-40DE-93A9-765987572655} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001Core.job => C:\Users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001UA.job => C:\Users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
    2012-06-17 07:27 - 2011-02-14 16:17 - 00139088 _____ () C:\Program Files (x86)\Join Air\UIExec.exe
    2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
    2011-12-09 19:23 - 2012-05-05 15:13 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00290304 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
    2011-11-11 00:10 - 2012-05-05 15:13 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00318464 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00294400 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00082944 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00200192 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00241152 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
    2011-12-09 19:23 - 2012-05-05 15:13 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
    2013-09-23 01:18 - 2013-09-23 01:18 - 00113664 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
    2013-09-23 01:19 - 2013-09-23 01:19 - 02341888 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
    2013-09-23 01:18 - 2013-09-23 01:18 - 00246784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
    2013-09-23 01:19 - 2013-09-23 01:19 - 00047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
    2013-09-23 01:19 - 2013-09-23 01:19 - 00050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
    2013-09-23 01:18 - 2013-09-23 01:18 - 00079360 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\Users\Iuliu\Downloads:Shareaza.GUID
    AlternateDataStreams: C:\Users\Iuliu\Downloads\eMule:Shareaza.GUID

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3781310032-3316471014-4203319439-500 - Administrator - Disabled)
    Guest (S-1-5-21-3781310032-3316471014-4203319439-501 - Limited - Disabled)
    Iuliu (S-1-5-21-3781310032-3316471014-4203319439-1001 - Administrator - Enabled) => C:\Users\Iuliu
    Ramona (S-1-5-21-3781310032-3316471014-4203319439-1000 - Administrator - Enabled) => C:\Users\Ramona

    ==================== Faulty Device Manager Devices =============

    Name: SBRE
    Description: SBRE
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SBRE
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/04/2014 09:39:21 AM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={03513C09-626F-4CEA-A74F-6D43FB73DEED}: The user Ramona-PC\Iuliu dialed a connection named RDS which has failed. The error code returned on failure is 0.

    Error: (11/03/2014 11:25:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nume aplicație cu defecte: AssistantServices.exe, versiune: 0.0.0.0, marcaj temporal: 0x4d58ebb5
    Nume modul cu defecte: AssistantServices.exe, versiune: 0.0.0.0, marcaj temporal: 0x4d58ebb5
    Cod excepție: 0xc0000417
    Deplasare defect: 0x0000ef7a
    ID proces defect: 0xbbc
    Oră de început aplicație cu defecte: 0xAssistantServices.exe0
    Cale aplicație cu defecte: AssistantServices.exe1
    Cale modul cu defecte: AssistantServices.exe2
    ID raport: AssistantServices.exe3

    System errors:
    =============
    Error: (11/04/2014 02:51:40 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (11/04/2014 10:50:53 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (11/04/2014 09:37:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Următoarele drivere boot-start sau system-start nu s-au încărcat:
    SAVRKBootTasks
    SBRE

    Error: (11/04/2014 09:37:28 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Serviciul 'WMPNetworkSvc' nu a pornit corect, deoarece CoCreateInstance(CLSID_UPnPDeviceFinder) a întâmpinat eroarea '0x80004005'. Verificați dacă serviciul UPnPHost se execută și componenta UPnPHost din Windows este corect instalată.

    Error: (11/04/2014 09:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Serviciul UI Assistant Service nu a pornit din cauza erorii următoare:
    %%1053

    Error: (11/04/2014 09:37:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: S-a atins o limită de expirare (30000 milisecunde) așteptând conectarea serviciului UI Assistant Service.

    Error: (11/04/2014 09:36:58 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: Apelarea ScRegSetValueExW nu a reușit pentru FailureActions, cu următoarea eroare:
    %%5

    Error: (11/03/2014 11:25:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Următoarele drivere boot-start sau system-start nu s-au încărcat:
    SAVRKBootTasks
    SBRE

    Error: (11/03/2014 11:25:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Serviciul 'WMPNetworkSvc' nu a pornit corect, deoarece CoCreateInstance(CLSID_UPnPDeviceFinder) a întâmpinat eroarea '0x80004005'. Verificați dacă serviciul UPnPHost se execută și componenta UPnPHost din Windows este corect instalată.

    Error: (11/03/2014 11:25:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Serviciul UI Assistant Service nu a pornit din cauza erorii următoare:
    %%1053

    Microsoft Office Sessions:
    =========================
    Error: (11/28/2012 08:51:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2677 seconds with 1500 seconds of active time.  This session ended with a crash.

    CodeIntegrity Errors:
    ===================================
      Date: 2014-10-29 19:54:45.521
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-29 19:54:45.490
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-29 19:54:45.443
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-29 19:54:45.397
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.645
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.598
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.551
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-28 14:57:54.504
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-26 22:28:24.895
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2014-10-26 22:28:24.848
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Celeron® CPU B815 @ 1.60GHz
    Percentage of memory in use: 49%
    Total physical RAM: 4000.13 MB
    Available physical RAM: 2021.07 MB
    Total Pagefile: 4284.86 MB
    Available Pagefile: 1823.47 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:151.51 GB) (Free:0.35 GB) NTFS
    Drive d: () (Fixed) (Total:146.48 GB) (Free:0.02 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=151.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 November 2014 - 12:36 PM

    Lets run a new copy of Combofix, delete the old one from your desktop

     

     

     
    Download ComboFix from here:
     
    Place ComboFix.exe on your Desktop <--Important
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  • * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
     
     
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply
  •  
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 05 November 2014 - 09:55 AM

    Heh, back to that...

     

    ComboFix 14-10-29.01 - Iuliu 05.11.2014  14:41:34.23.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1250.40.1048.18.4000.2834 [GMT 2:00]
    Running from: c:\users\Iuliu\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msdownld.tmp
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-10-05 to 2014-11-05  )))))))))))))))))))))))))))))))
    .
    .
    2014-11-05 12:51 . 2014-11-05 12:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2014-11-05 12:51 . 2014-11-05 12:51 -------- d-----w- c:\users\Ramona\AppData\Local\temp
    2014-11-05 12:51 . 2014-11-05 12:51 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-11-05 12:51 . 2014-11-05 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-05 07:46 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E72ED7-A665-4333-ADC5-90F4F30535B3}\mpengine.dll
    2014-11-03 21:38 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-11-03 18:07 . 2014-11-05 11:48 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-03 18:06 . 2014-11-03 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-11-03 18:06 . 2014-11-03 18:06 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-03 18:06 . 2014-10-01 09:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-03 18:06 . 2014-10-01 09:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-03 18:06 . 2014-10-01 09:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-03 11:56 . 2014-11-04 17:35 -------- d-----w- C:\FRST
    2014-10-30 05:55 . 2014-03-25 13:15 60400 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
    2014-10-29 16:36 . 2014-10-29 16:36 -------- d-----w- c:\users\Iuliu\AppData\Local\Opera Software
    2014-10-29 16:36 . 2014-10-29 16:36 -------- d-----w- c:\users\Iuliu\AppData\Roaming\Opera Software
    2014-10-29 14:16 . 2014-10-29 14:16 -------- d-----w- c:\users\Iuliu\AppData\Roaming\JAM Software
    2014-10-29 14:16 . 2014-10-29 14:16 -------- d-----w- c:\program files (x86)\JAM Software
    2014-10-29 14:15 . 2014-10-29 14:15 -------- d-----w- c:\users\Iuliu\AppData\Roaming\ImgBurn
    2014-10-29 14:05 . 2014-10-29 14:05 -------- d-----w- c:\program files (x86)\ImgBurn
    2014-10-28 10:06 . 2014-10-28 13:01 -------- d-----w- c:\users\Iuliu\AppData\Roaming\Uzixso
    2014-10-26 13:20 . 2014-10-26 13:21 -------- d-----w- c:\program files (x86)\CheckPoint
    2014-10-26 13:19 . 2014-10-26 13:19 -------- d-----w- c:\programdata\CheckPoint
    2014-10-25 15:27 . 2014-10-25 15:27 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\77a3436640f37a4ad87e2c4f2e44a6f6\RailWorks Train Simulator Woodhead Route Add.exe
    2014-10-25 15:27 . 2014-10-25 15:27 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\20e9818d18cdb7f79cd13b21fcd10be7\Space Hack.exe
    2014-10-24 12:31 . 2014-10-24 12:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ffde7a0b2c4e4f881e783af1afdceeb5\WMP x264 Codec Pack.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\cfde938fea1880b618b2bc1493e20d42\Message Smuggler.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\7e9203d1f20444d18e5563ee563605db\DeskSpace.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\62d5adeaf0dac40a8712be97281be74c\Docklight RS232 Terminal - RS232 Monitor.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\5977cf8059a06656058d0b478986800c\IObit Malware Fighter.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\063d4c133bba775881200c9e55aa576b\Search and Recover.exe
    2014-10-15 18:23 . 2014-09-19 01:47 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
    2014-10-15 18:22 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-15 18:21 . 2014-07-07 02:06 82432 ----a-w- c:\windows\system32\cryptsp.dll
    2014-10-15 18:20 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
    2014-10-15 18:20 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-04 17:38 . 2014-09-12 14:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2014-11-03 17:25 . 2014-09-10 07:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2014-11-03 11:08 . 2014-09-25 15:48 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-30 11:25 . 2012-05-05 12:42 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-17 09:20 . 2014-09-25 15:46 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89173C8B-6433-4397-88A9-6D3580628416}\gapaengine.dll
    2014-09-17 09:20 . 2012-06-17 13:25 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-09-11 07:58 . 2013-02-21 01:04 101694776 ----a-w- c:\windows\system32\MRT.exe
    2014-09-06 20:50 . 2014-09-06 20:50 2498560 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-09-06 20:50 . 2014-09-06 20:50 3140096 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
    2014-08-23 02:07 . 2014-08-28 12:54 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-28 12:54 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-13 08:16 . 2014-08-13 08:16 450456 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2014-07-13 16:05 . 2014-08-03 21:50 1737728 ----a-w- c:\program files\FilelistCreator.exe
    2013-12-09 01:27 . 2013-12-09 01:27 49940480 ----a-w- c:\program files (x86)\GUTCC36.tmp
    2013-07-05 12:41 . 2013-07-05 12:41 4249600 ----a-w- c:\program files (x86)\GUTF23F.tmp
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2014-05-05 14:12 114752 ----a-w- c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2014-05-05 114752]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2011-02-14 139088]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
    "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2013-10-30 283712]
    "PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-07-24 37624]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2012-5-5 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ    autocheck autochk *\0lsdelete\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
    .
    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
    @="Driver Group"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R1 pumoymyv;pumoymyv; [x]
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
    R1 SBRE;SBRE; [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6EF9.tmp;c:\windows\SYSNATIVE\6EF9.tmp [x]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspectare re?ea Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 slb;slb;d:\aeria\ScarletBlade\avital\scarlb64.sys;d:\aeria\ScarletBlade\avital\scarlb64.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Serviciul tehnologii de activare Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X6va008;X6va008; [x]
    R3 X6va009;X6va009; [x]
    R3 X6va010;X6va010; [x]
    R3 X6va011;X6va011; [x]
    R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
    S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
    S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
    S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
    S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
    S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
    S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
    S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
    S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
    S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
    S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
    S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
    S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 NanoServiceMain;Panda Free Antivirus Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
    S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
    S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
    S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
    S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Audio afişaj Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 06:47]
    .
    2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 11:42]
    .
    2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 11:42]
    .
    2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001Core.job
    - c:\users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 16:22]
    .
    2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001UA.job
    - c:\users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 16:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-16 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-16 392472]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.nyaa.se/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mSearch Bar = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    IE: &Descarcă cu BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: Descarcă &Tot cu BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\6EF9.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
    .
    Completion time: 2014-11-05  14:57:11
    ComboFix-quarantined-files.txt  2014-11-05 12:57
    ComboFix2.txt  2014-10-29 18:00
    ComboFix3.txt  2014-10-28 13:10
    ComboFix4.txt  2014-10-28 06:53
    ComboFix5.txt  2014-11-05 12:39
    .
    Pre-Run: 289.931.264 bytes free
    Post-Run: 368.087.040 bytes free
    .
    - - End Of File - - 2F84A02C5571AE956F864E138A8E49B0
     



    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 November 2014 - 12:27 PM

    I was concerned that ransomeware was present

     

    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above Driver::
     
     
    Driver::
    pumoymyv
    X6va008
    X6va009
    X6va010
    X6va011
    X6va012
     
    File::
    c:\windows\SysWOW64\Drivers\X6va012
    
     
    Save this as CFScript to your desktop.
     
    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
     
    CFScriptB-4.gif
     
     
    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 05 November 2014 - 02:45 PM

    Woah, that's sweet. I understand now why it's called "Combo". Anyway I've also continued having disk space disappear for the past few days, taking me bellow 1 GB and that just cleared up some space.  Also before the reboot I did a TreeSize scan again, and that Microsoft Secure Folder in Program Data is now almost 20 GB instead of freaking 180. It still has the same folders, but they are all individually smaller now, including all those corrupted .avi files.

     

    ComboFix 14-10-29.01 - Iuliu 05.11.2014  22:17:13.25.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1250.40.1048.18.4000.2430 [GMT 2:00]
    Running from: c:\users\Iuliu\Desktop\ComboFix.exe
    Command switches used :: c:\users\Iuliu\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
     * Created a new restore point
    .
    FILE ::
    "c:\windows\SysWOW64\Drivers\X6va012"
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_X6VA008
    -------\Legacy_X6VA009
    -------\Legacy_X6VA010
    -------\Legacy_X6VA011
    -------\Legacy_X6VA012
    -------\Service_pumoymyv
    -------\Service_X6va008
    -------\Service_X6va009
    -------\Service_X6va010
    -------\Service_X6va011
    -------\Service_X6va012
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-10-05 to 2014-11-05  )))))))))))))))))))))))))))))))
    .
    .
    2014-11-05 20:26 . 2014-03-25 13:15 60400 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
    2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\users\Ramona\AppData\Local\temp
    2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-05 07:46 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E72ED7-A665-4333-ADC5-90F4F30535B3}\mpengine.dll
    2014-11-03 21:38 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-11-03 18:07 . 2014-11-05 20:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-03 18:06 . 2014-11-03 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-11-03 18:06 . 2014-11-03 18:06 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-03 18:06 . 2014-10-01 09:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-03 18:06 . 2014-10-01 09:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-03 18:06 . 2014-10-01 09:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-03 11:56 . 2014-11-04 17:35 -------- d-----w- C:\FRST
    2014-10-29 16:36 . 2014-10-29 16:36 -------- d-----w- c:\users\Iuliu\AppData\Local\Opera Software
    2014-10-29 16:36 . 2014-10-29 16:36 -------- d-----w- c:\users\Iuliu\AppData\Roaming\Opera Software
    2014-10-29 14:16 . 2014-10-29 14:16 -------- d-----w- c:\users\Iuliu\AppData\Roaming\JAM Software
    2014-10-29 14:16 . 2014-10-29 14:16 -------- d-----w- c:\program files (x86)\JAM Software
    2014-10-29 14:15 . 2014-10-29 14:15 -------- d-----w- c:\users\Iuliu\AppData\Roaming\ImgBurn
    2014-10-29 14:05 . 2014-10-29 14:05 -------- d-----w- c:\program files (x86)\ImgBurn
    2014-10-28 10:06 . 2014-10-28 13:01 -------- d-----w- c:\users\Iuliu\AppData\Roaming\Uzixso
    2014-10-26 13:20 . 2014-10-26 13:21 -------- d-----w- c:\program files (x86)\CheckPoint
    2014-10-26 13:19 . 2014-10-26 13:19 -------- d-----w- c:\programdata\CheckPoint
    2014-10-25 15:27 . 2014-10-25 15:27 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\20e9818d18cdb7f79cd13b21fcd10be7\Space Hack.exe
    2014-10-24 12:31 . 2014-10-24 12:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\733de671df78c103c98f6a1e903eb2a2\WMP x264 Codec Pack.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\62d5adeaf0dac40a8712be97281be74c\Docklight RS232 Terminal - RS232 Monitor.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\5977cf8059a06656058d0b478986800c\IObit Malware Fighter.exe
    2014-10-18 20:06 . 2014-10-18 20:06 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\063d4c133bba775881200c9e55aa576b\Search and Recover.exe
    2014-10-15 18:23 . 2014-09-19 01:47 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
    2014-10-15 18:22 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-15 18:21 . 2014-07-07 02:06 82432 ----a-w- c:\windows\system32\cryptsp.dll
    2014-10-15 18:20 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
    2014-10-15 18:20 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-05 15:53 . 2014-09-10 07:06 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2014-11-04 17:38 . 2014-09-12 14:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2014-11-03 11:08 . 2014-09-25 15:48 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-30 11:25 . 2012-05-05 12:42 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-25 15:27 . 2014-10-25 15:27 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\77a3436640f37a4ad87e2c4f2e44a6f6\RailWorks Train Simulator Woodhead Route Add.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ffc2e506ddb9006112e9cc7fe29c436d\Passware Password Recovery Kit Enterprise.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f6b9644b011ec3fd6f588f90e19c017f\MixMeister Fusion.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f59a32082e7bf540c53c8fd4bd720683\Aurora 3D Animation Maker.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\efc8a1a197675822ef3b8e65ac9df8c2\Silver Efex Pro.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e0a40edf6f9810eeb8c37f01bc841fc7\ConvertXtoDVD.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\d8e35a71aeb6b31dcc63e440a48ff14c\Bunkspeed Shot (formerly HyperShot).exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\bfa2769be90f5a3e2a95c26b1a556e01\NiceLabel PRO.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\bee531e761da8cbdec7626cf7ea50e4e\Audials Tunebite.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\bb95b7e1dc48d885ed774f6c976e59c1\Dg Foto Art Gold.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ab0bb2fe40090c72f357b98d9fbe9030\ESET NOD32 Antivirus.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\a4eeebd9ad07f67f634a63fbaf5566d2\WinToFlash.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\a4ca0d353881fb39a348f274c5c55f6e\jetAudio.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9b3c8aeab2536695e01d2200f1523143\GFI WebMonitor for ISA Server.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9a5135fef51acdcfd69e382fc8c549d4\Portable CoolNovo.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\96ab45b578bc860e933cae310d2363ce\Expressivo.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9104367d815fb9a508184ed6a507ea37\GameEx.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\90fe45e18b9c5006580dbcc615370c94\Snappy Fax.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\8c35a1ff9c17e58156664c0dfc3bdbeb\ComiPo!.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\84dd73050782775f08bb3a0e6351e88c\Easy Card Creator Express Edition.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\8121bb898c1381151afeef5775156929\KMPlayer.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\7c998312b0c712d7c75586fe29031154\TARGET 3001.exe
    2014-10-18 21:25 . 2014-10-18 21:25 54525952 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ffde7a0b2c4e4f881e783af1afdceeb5\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fae7aeadc5811fe3b90095c0e7130df1\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fa0312874982058f2a37031f943de8af\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f8dbf687e3ffa7686625b299fbd73dd6\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f79950bfc116defcf813826c3faa1da5\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f4d31b276fc469bd0359fe979f9cb869\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f2a1cbf2a2362efa2ef657332b901ab0\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\f0595379ee6c59530ea833f7df452a22\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\efb98e99eedf98634aa58e0d9270816e\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\eedde5d970380d07ed4fef84a87138ff\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ed1e549321726c2b2fb1b4c6278543a0\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ed172e4c29152d314be41b4c1022cf86\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e994fd39697acf0fae065238a1e92274\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e87232558e406b3f4fa55d303760b4e4\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e6d6952a666f977ad46199fbdf21591e\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e551267818dbfd84c0072d1880bca5a3\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e43a71bca640ee65e36575e8c5f2237a\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\e329aadffb093f88647031080a7c3190\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\dfed625062fde49822c96578e94a18b2\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\df804a2c26c08d35b1fb4d31586add3a\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\dee312c62457fe61887e9c02ae26a02f\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\de6438912b487800702430003184dcf3\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\dcc1a19168db8c623a5105599cdc0efa\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\dbdbfa65cada7d019fb1a461fcb80bf4\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\d98630f02676adea5dd7ede9be7d48c1\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\d6f2b3b2ec680fa24764fa02972402d7\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\d672c7bfd78fbb179d86cafe49836650\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\d447908840bf527518af74efb430f333\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\d2ad123bf71e8952dd4140e9acbf18cc\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\cd8f70976e0a2c59b3822dc259835978\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\cd1efc332a1f98da5d411b4f043b9d0b\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ccb261b0be8780fe6faa6ca7169f6815\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\cc3345146a227449591c880e60fb3290\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c853b51fb80de757b41df60db3601d00\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c8030376d5b0fdf19cd205f5463c07fe\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c779e2049037a2a01c610050e961edeb\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c4bbf82b92248df7108745c3686fe205\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c48d33e89ee1e8e3f2beac45bb63cb29\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c3f47c7ef9b4827cd9e195c550357d27\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c184c99b5815e68f6d7a353dabc6d2dd\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c102fa1a7e2c918d557058e252fde326\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c0c3b69047687e69763355ca60a6c5f0\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c0bb625adef60989ab8c9d434d760dc9\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\be811fe80229ecc33c67beacc9837797\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\b8117b2604925d9471da096ba9d4ed87\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\b710c16489d1540436189d57f7facbc3\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\b4dba0128b260c700dc85036060473c4\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\b4c197c913f9f3645d35f5561cc7fba0\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\b350308d48d07b3b8d031e2d33876d61\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ae2d8e3b5ad90b9f8f7367ccd0eab0f3\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ae11e9d1f13066e0dc037219a6b33a30\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\add994670bb0fcd2d2357e0b8fd60059\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ad64a26fa5584f94a074282cf46f7db7\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\ac352afcc608b2eb13cde40fc0f17812\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\a91b7fce61d5f06eaabe7ec450a30c6a\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\a6dcba440d79ff106155e8854af7053c\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\a6a876a551dee6361ac6b6740319cf3d\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\a64fd52f8e7e5bbdebe6d2e773f25641\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9f376fd52a4b6922c363fbb95bb44c28\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9db8b762e4acf2628c554b7ccd0a0afa\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9cefdd16f5c6482bda72607076944634\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9989dbf2440eddfbb8954ae1f628441c\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\996ec65f62eabfa0fcb8e3555f6aa601\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\9625e26f4dd058c348d493c6bf730e50\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\945f9467102f150a456fed6ccf2e228f\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\8e2f00fbd62e6f9068a1a408ca7934db\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\8db3f439d76ddce19b4d676a105e7a63\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\8d145807cff429ae46d4b7928f38a4f0\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\8b08b396ecd9cdc4b9ef51640b77729d\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\89d93d51f278176e767ef548cb4c990a\WMP x264 Codec Pack.exe
    2014-10-18 21:10 . 2014-10-18 21:10 12582912 ----a-w- c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\88df06b3e81a5dd27d7a6763f6261fa4\WMP x264 Codec Pack.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
    2014-05-05 14:12 114752 ----a-w- c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\pandasecuritytb\pandasecurityDx.dll" [2014-05-05 114752]
    .
    [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2011-02-14 139088]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
    "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2013-10-30 283712]
    "PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-07-24 37624]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2012-5-5 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ    autocheck autochk *\0lsdelete\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
    .
    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
    @="Driver Group"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys;c:\windows\SYSNATIVE\SAVRKBootTasks.sys [x]
    R1 SBRE;SBRE; [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6EF9.tmp;c:\windows\SYSNATIVE\6EF9.tmp [x]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspectare re?ea Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 slb;slb;d:\aeria\ScarletBlade\avital\scarlb64.sys;d:\aeria\ScarletBlade\avital\scarlb64.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Serviciul tehnologii de activare Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
    S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
    S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
    S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
    S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
    S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
    S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
    S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
    S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
    S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
    S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
    S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
    S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NanoServiceMain;Panda Free Antivirus Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
    S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
    S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
    S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
    S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 IntcDAud;Audio afişaj Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 06:47]
    .
    2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 11:42]
    .
    2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 11:42]
    .
    2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001Core.job
    - c:\users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 16:22]
    .
    2014-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3781310032-3316471014-4203319439-1001UA.job
    - c:\users\Iuliu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 16:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-16 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-16 392472]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.nyaa.se/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mSearch Bar = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    IE: &Descarcă cu BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: Descarcă &Tot cu BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\6EF9.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-05  22:36:09 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-11-05 20:36
    ComboFix2.txt  2014-11-05 14:29
    ComboFix3.txt  2014-10-29 18:00
    ComboFix4.txt  2014-10-28 13:10
    ComboFix5.txt  2014-11-05 19:44
    .
    Pre-Run: 498.282.496 bytes free
    Post-Run: 1.017.479.168 bytes free
    .
    - - End Of File - - 719D480CF6B099A62AA6AE3A4A25BF35
     



    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 November 2014 - 03:26 PM

    Good

     

     
    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
  • scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as
  • ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 Nare

    Nare

      Authentic Member

    • Authentic Member
    • PipPip
    • 50 posts

    Posted 06 November 2014 - 06:38 AM

    A bunch of these are stuff quarantined in programs I uninstalled, I've been meaning to delete them lately but forgot. And I also selected "check for potentially unwanted applications" at first cause I thought it was some different step, but I kept it anyway for my own interest in what those might be, to get more value out of a long scan. Here it is...

     

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sk-Enhancer\uninstall.exe.vir a variant of Win32/SProtector.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss helper\uninstall.exe.vir a variant of Win32/SProtector.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
    C:\AdwCleaner\Quarantine\C\ProgramData\UtubeAdRemovval\B.x64.dll.vir a variant of Win64/Adware.MultiPlug.A application
    C:\AdwCleaner\Quarantine\C\ProgramData\Win sys filter\Winsysfilter_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
    C:\AdwCleaner\Quarantine\C\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\Extensions\zaj6r2k@ezmb.com\content\bg.js.vir Win32/Adware.MultiPlug.H application
    C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
    C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application
    C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\Program Files (x86)\pandasecuritytb\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
    C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
    C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\Program Files (x86)\Smart File Advisor\sfa.exe Win32/SmartFileAdvisor.A potentially unwanted application
    C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe Win32/SmartFileAdvisor.A potentially unwanted application
    C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe Win32/SmartFileAdvisor.A potentially unwanted application
    C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojan
    C:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\Qoobox\Quarantine\C\Users\Iuliu\AppData\Roaming\i931q93.exe.vir Win32/Simda.B trojan
    C:\Qoobox\Quarantine\C\Users\Iuliu\AppData\Roaming\yW1793w.exe.vir Win32/Simda.B trojan
    C:\Qoobox\Quarantine\C\Users\Iuliu\AppData\Roaming\Ormyedo\osezu.exe.vir Win32/Spy.Zbot.ABA trojan
    C:\Qoobox\Quarantine\C\Users\Iuliu\AppData\Roaming\Uzixso\aqipywx.exe.vir a variant of Win32/Kryptik.CPLL trojan
    C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojan
    C:\Users\All Users\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
    C:\Users\Iuliu\AppData\Local\Efbtion\siftDLL.dll Win32/Boaxxe.BE trojan
    C:\Users\Iuliu\AppData\Local\YhPack\EP0NM40G.DLL a variant of Win32/Packed.Themida.AAJ trojan
    C:\Users\Iuliu\AppData\Local\YhPack\siftDLL.dll Win32/Boaxxe.BE trojan
    C:\Users\Iuliu\AppData\Local\YhPack\siftDLL.dll.old Win32/Boaxxe.BE trojan
    C:\Users\Iuliu\AppData\Local\YhPack\ssv.dll a variant of Win32/Packed.Themida.AAJ trojan
    C:\Users\Iuliu\AppData\Roaming\Mozilla\Firefox\Profiles\ii47zk5e.default\extensions\{32603E18-7893-D30E-792A-801055CDA1F3}\components\WindowsPhotoViewer.js Win32/Boaxxe.BU trojan
    C:\Zerg\Zha Kit\cbsidlm-tr1_6-DivX_Plus_Software-10062728.exe Win32/DownloadAdmin.G potentially unwanted application
    C:\Zerg\Zha Kit\poweriso-4-7.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
    C:\Zerg\Zha Kit\sfa_inst.exe Win32/SmartFileAdvisor.A potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_ad-aware-total-security.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_aml-free-registry-cleaner.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_bearflix.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_bearflix[0].exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_bearshare.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_hamachi.exe Win32/SoftonicDownloader.D potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_hydrairc.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_mpcstar.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_shareaza.exe Win32/SoftonicDownloader.E potentially unwanted application
    C:\Zerg\Zha Kit\SoftonicDownloader_for_vlc-media-player.exe Win32/SoftonicDownloader.E potentially unwanted application
    D:\Zerg II\Game Files\dffsetup-d3dx9_35.exe a variant of Win32/Systweak potentially unwanted application
     


    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users