Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Getting Strange Popups in my google chrome browser [Solved]

Started by ONewbieO , Dec 18 2014 02:34 AM

  • This topic is locked This topic is locked
22 replies to this topic

#1 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 18 December 2014 - 02:34 AM

Not sure if there's any malware but i'll need someone to check it out for me please . Thanks . 


    Advertisements

Register to Remove

#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 18 December 2014 - 03:32 AM

Hello ONewbieO, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#3 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 18 December 2014 - 11:48 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by KengLing at 2014-12-19 13:33:33
Running from C:\Users\KengLing\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
BlockIt Ad remover (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - BlockIt Ad remover) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GS-Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1}) (Version:  - Verified Publisher) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.203 - Huawei Technologies Co.,Ltd)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SW-Booster (HKLM-x32\...\S-792098896) (Version: 2.3.0.1480 - PremiumSoft) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SW-Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}) (Version:  - Certified Publisher) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Unity Web Player (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{D6803D14-7510-4B15-ADE9-661DDCB3C467}) (Version: 15.0.1576 - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-12-2014 03:18:41 Scheduled Checkpoint
13-12-2014 03:16:17 Scheduled Checkpoint
18-12-2014 15:48:22 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2014-01-31 17:25 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07D138E3-3B00-47A3-BB9F-EE706F70C6FC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-19] (Synaptics Incorporated)
Task: {189C3646-0F5C-4346-9027-8A924CEA451A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2041D61F-EA9B-490C-904D-491107FE9736} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {220F6D28-94CC-4FB9-B7CA-165DD7C38A5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {33674A10-3841-41A7-B6BA-BF920AC1AF7E} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {65092C41-B5AB-491D-ACB2-0C8E98929C82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {70CEBE38-B50B-4260-8E6E-12960BDD3433} - \KwRunAsStdUser Task1622 No Task File <==== ATTENTION
Task: {91D61CAE-E8B1-4F3B-BA1D-916E87B11A71} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A491CB6E-8201-43CD-8CCE-1FE02986FDBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {B02BB574-F3D1-404D-A72D-86D8027F4CDE} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2014-12-18] (System Speedup)
Task: {C37D08A7-6787-4BB3-BA94-686BE6EE3BA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {CA900987-F717-4571-87AF-51A37B2EA578} - \KwRunAsStdUser Task21221 No Task File <==== ATTENTION
Task: {D977BE1E-42F8-425C-8422-4540F661717E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {F153D15D-BF67-4DC8-91FC-82F3A6F4778A} - \KwRunAsStdUser Task21012 No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SW-Booster-S-792098896.job => c:\programdata\trusted publisher\sw-booster\SW-Booster.exe <==== ATTENTION
Task: C:\windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-04 15:21 - 2012-12-06 07:13 - 00044032 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-01-05 17:45 - 2014-12-18 16:15 - 02759168 _____ () C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll
2014-09-12 21:39 - 2014-12-18 16:15 - 04210176 _____ () C:\Program Files (x86)\SW-Booster\Assistant_x64.dll
2012-08-17 14:13 - 2012-07-30 19:26 - 00029056 _____ () C:\windows\system32\DptfParticipantProcessorService.exe
2012-08-17 14:13 - 2012-07-30 19:27 - 00030592 _____ () C:\windows\system32\DptfPolicyConfigTDPService.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-08 22:38 - 2012-06-28 10:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyLpmDll.dll
2013-02-04 15:19 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-08-27 12:29 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2014-09-12 21:39 - 2014-12-18 16:14 - 04296192 _____ () c:\Program Files (x86)\SW-Booster\Assistant.dll
2014-09-12 21:39 - 2014-12-18 16:16 - 00174928 _____ () c:\Program Files (x86)\SW-Booster\AssistantSvc.dll
2013-10-08 22:38 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-08 22:38 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-08 22:38 - 2010-07-23 12:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-08 22:38 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-08 22:38 - 2012-06-28 10:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-08 22:38 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-01-31 17:09 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-31 17:09 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-31 17:09 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-31 17:09 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-31 17:09 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-04 15:18 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-29 18:16 - 2014-10-22 12:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 18:16 - 2014-10-22 12:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 18:16 - 2014-10-22 12:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 18:16 - 2014-10-22 12:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 01623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-10-29 18:16 - 2014-10-22 12:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-19 13:30 - 2014-12-19 13:30 - 00043008 _____ () c:\users\kengling\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhfeex.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "FlashGet 3"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-336608445-27866453-704810108-500 - Administrator - Disabled)
Guest (S-1-5-21-336608445-27866453-704810108-501 - Limited - Disabled)
KengLing (S-1-5-21-336608445-27866453-704810108-1001 - Administrator - Enabled) => C:\Users\KengLing
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/19/2014 01:33:00 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/19/2014 01:32:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5504) {B90CA70C-2D61-411C-9D3C-AA4240B16772}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
System errors:
=============
Error: (12/18/2014 04:35:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053
 
Error: (12/18/2014 04:35:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
 
Error: (12/18/2014 04:35:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%2
 
Error: (12/18/2014 04:35:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter service to connect.
 
Error: (12/18/2014 04:35:12 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Avira Web Protection service depends on the following service: AntiVirService. This service might not be installed.
 
Error: (12/18/2014 04:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053
 
Error: (12/18/2014 04:19:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
 
Error: (12/18/2014 04:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%2
 
Error: (12/18/2014 04:19:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter service to connect.
 
Error: (12/18/2014 04:18:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Avira Web Protection service depends on the following service: AntiVirService. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (10/16/2013 06:32:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39619 seconds with 4440 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 3975.27 MB
Available physical RAM: 1775.66 MB
Total Pagefile: 5575.27 MB
Available Pagefile: 3083.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:100.96 GB) (Free:7.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4B236BD6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by KengLing (administrator) on PEANUT on 19-12-2014 13:32:24
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Dropbox, Inc.) C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [892664 2012-12-18] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-30] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-19] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-04] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [209488 2013-02-04] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-07] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-26] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {0a8bc460-30c1-11e3-bed5-2cd05a10fb35} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {40339722-5963-11e3-beef-2cd05a10fb35} - "E:\AUTORUN_BANDLUXE.EXE" /EjectCDROM
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f0689-8a42-11e2-be73-2cd05a10fb35} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f06b5-8a42-11e2-be73-2cd05a10fb35} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f0718-8a42-11e2-be73-2cd05a10fb35} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {63851795-3a0a-11e3-bede-2cd05a10fb35} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d1d7-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d201-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d23d-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfbfc-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfcb4-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfd58-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe" 
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {dadf6686-a2a2-11e2-be84-001e101f0b99} - "F:\LGAutoRun.exe" 
AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll [2759168 2014-12-18] ()
AppInit_DLLs:  C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-12-18] ()
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => c:\Program Files (x86)\SW-Booster\Assistant.dll [4296192 2014-12-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\KengLing\vbvds\76469.vbs (No File)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Lucifer.dll (Funshion)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Users\KengLing\AppData\Local\Giraffe\FunSambar.dll (Funshion)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fix...&cc=SG&unqvl=61
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fix...&cc=SG&unqvl=61
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {119CD317-C309-419C-9642-ACC45439850A} URL = http://websearch.ask...66-D98EFD1A3192
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL = 
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
BHO: GoSaVe -> {8f7e6959-8579-43ce-a9fb-a197faead952} -> C:\Program Files (x86)\GoSaVe\slYtCdM7ytVne7.x64.dll No File
BHO: GoSaevE -> {a2d0d05a-2688-42aa-a89b-044c5a5bc82c} -> C:\Program Files (x86)\GoSaevE\IngeI1qVcxPImW.x64.dll No File
BHO: No Name -> {E1F592C9-D4CB-6EE0-1289-DC7134D4D845} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: GoSaVe -> {8f7e6959-8579-43ce-a9fb-a197faead952} -> C:\Program Files (x86)\GoSaVe\slYtCdM7ytVne7.dll No File
BHO-x32: GoSaevE -> {a2d0d05a-2688-42aa-a89b-044c5a5bc82c} -> C:\Program Files (x86)\GoSaevE\IngeI1qVcxPImW.dll No File
Toolbar: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{317D32CC-4697-4026-961E-D223C0272349}: [NameServer]  
Tcpip\..\Interfaces\{E64DD415-98C6-408C-A60E-B95D12826413}: [NameServer]  
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\KengLing\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KengLing\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha268.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta10446.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (50Coupons) - C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn\ [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [44032 2012-12-06] () [File not signed]
R2 D0E87C27; c:\Program Files (x86)\SW-Booster\AssistantSvc.dll [174928 2014-12-18] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-08-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-04] (Lenovo)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 br3gmdm; C:\Windows\system32\DRIVERS\br3gmdm.sys [122880 2009-09-23] (BandRich Inc.) [File not signed]
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-02-04] (Lenovo)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696976 2012-09-06] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1579232 2013-01-04] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 13:32 - 2014-12-19 13:32 - 00000000 ____D () C:\FRST
2014-12-18 16:16 - 2014-12-18 16:16 - 00001041 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-12-18 16:15 - 2014-12-18 16:15 - 00003036 _____ () C:\windows\System32\Tasks\System Speedup_UPDATES
2014-12-18 16:15 - 2014-12-18 16:15 - 00002734 _____ () C:\windows\System32\Tasks\SW-Booster-S-792098896
2014-12-18 16:15 - 2014-12-18 16:15 - 00000496 _____ () C:\windows\Tasks\SW-Booster-S-792098896.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000312 _____ () C:\windows\Tasks\System Speedup_UPDATES.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000304 _____ () C:\windows\Tasks\System Speedup_DEFAULT.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-12-18 16:14 - 2014-12-18 16:15 - 00000000 ____D () C:\Users\KengLing\AppData\Local\SwvUpdater
2014-12-18 16:14 - 2014-12-18 16:14 - 00002880 _____ () C:\windows\System32\Tasks\System Speedup_DEFAULT
2014-12-18 16:13 - 2014-12-18 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
2014-12-18 16:13 - 2014-12-18 16:16 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-12-18 16:13 - 2014-12-18 16:13 - 00000944 ____H () C:\Users\KengLing\funshion.ini
2014-12-18 16:13 - 2014-12-18 16:13 - 00000000 ____D () C:\ProgramData\GoSaevE
2014-12-18 15:53 - 2014-10-09 12:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-18 15:53 - 2014-10-09 12:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-18 15:53 - 2014-10-09 12:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-18 15:21 - 2014-10-11 15:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-18 15:21 - 2014-10-11 13:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-18 15:21 - 2014-10-09 11:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-18 15:21 - 2014-09-22 13:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-18 15:21 - 2014-09-22 11:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-18 15:20 - 2014-11-06 14:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 15:20 - 2014-11-06 13:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 15:19 - 2014-11-21 15:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 15:19 - 2014-11-21 15:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 15:18 - 2014-11-21 16:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 15:18 - 2014-11-21 16:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 15:18 - 2014-11-21 15:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 14:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 12:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-15 13:12 - 2014-12-15 13:12 - 00001144 _____ () C:\Users\KengLing\Desktop\Live PC Help.lnk
2014-12-15 12:48 - 2014-12-18 16:15 - 00000000 ____D () C:\ProgramData\BlockIt Ad remover
2014-12-10 23:03 - 2014-12-10 23:03 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\ASP
2014-12-09 02:09 - 2014-12-09 02:09 - 00000000 ____D () C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn
2014-11-27 22:52 - 2014-11-19 15:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-27 22:52 - 2014-11-19 15:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-11-26 09:35 - 2014-12-18 16:15 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\FunTV
2014-11-24 21:10 - 2014-11-24 21:10 - 00429752 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-22 20:51 - 2014-11-24 21:08 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-11-22 17:24 - 2014-11-05 14:40 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-22 17:24 - 2014-11-05 14:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-22 17:24 - 2014-11-05 11:16 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-22 17:24 - 2014-10-11 15:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-11-22 17:24 - 2014-10-11 15:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-22 17:24 - 2014-10-11 15:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-11-22 17:24 - 2014-10-11 13:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-11-22 17:24 - 2014-09-22 13:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-11-22 17:24 - 2014-08-27 06:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-11-22 17:23 - 2014-10-11 15:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-11-22 17:23 - 2014-10-11 13:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-22 17:23 - 2014-10-11 13:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-11-22 17:23 - 2014-10-11 13:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-11-22 17:22 - 2014-10-22 11:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-11-22 17:22 - 2014-10-22 09:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-11-22 17:22 - 2014-10-22 09:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-22 17:22 - 2014-10-22 09:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-11-22 17:22 - 2014-10-22 09:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-11-22 17:22 - 2014-10-22 09:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-22 17:22 - 2014-10-22 09:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-11-21 21:23 - 2014-09-25 07:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-21 21:23 - 2014-09-25 07:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-11-21 21:23 - 2014-09-25 07:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-21 21:23 - 2014-09-25 07:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-11-21 21:23 - 2014-08-22 07:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-21 21:23 - 2014-08-22 07:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-21 21:22 - 2014-11-08 19:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-21 21:22 - 2014-11-08 19:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-21 21:22 - 2014-11-08 14:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-21 21:22 - 2014-11-08 14:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-21 21:22 - 2014-10-23 20:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-21 21:22 - 2014-10-23 19:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-21 21:22 - 2014-10-18 16:44 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-21 21:22 - 2014-10-18 15:05 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-21 21:22 - 2014-10-11 16:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-21 21:22 - 2014-10-11 15:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-11-21 21:22 - 2014-10-11 15:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-11-21 21:22 - 2014-10-11 15:43 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-21 21:22 - 2014-10-11 13:57 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-11-21 21:22 - 2014-10-11 13:41 - 00713728 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-21 21:22 - 2014-10-11 13:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-21 21:22 - 2014-10-11 13:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-21 21:22 - 2014-10-11 13:04 - 00713728 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-21 21:22 - 2014-10-03 09:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-21 21:22 - 2014-10-03 06:29 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-21 21:22 - 2014-10-03 06:29 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-21 21:22 - 2014-10-03 06:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-11-21 21:22 - 2014-10-02 07:05 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-21 21:22 - 2014-09-06 08:46 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-11-21 21:21 - 2014-09-13 14:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-11-21 21:21 - 2014-09-03 10:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-11-21 21:21 - 2014-09-03 10:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-11-21 21:21 - 2014-08-29 12:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-11-21 21:21 - 2014-08-29 12:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-11-21 21:21 - 2014-08-29 12:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-11-21 21:21 - 2014-08-29 12:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-11-21 21:21 - 2014-08-28 14:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll
2014-11-21 21:21 - 2014-08-28 14:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll
2014-11-21 21:21 - 2014-07-24 21:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-11-21 21:21 - 2014-07-12 12:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-11-21 21:21 - 2014-07-12 12:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-11-21 21:21 - 2014-07-12 08:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-11-21 21:21 - 2014-07-12 08:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-11-21 21:21 - 2014-07-09 06:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-11-21 21:21 - 2014-07-09 06:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-11-21 21:21 - 2014-07-09 06:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-11-21 21:21 - 2014-07-09 06:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-11-21 21:21 - 2014-07-07 13:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-11-21 21:21 - 2014-07-07 13:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-11-21 21:21 - 2014-07-04 18:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-11-21 21:21 - 2014-07-03 09:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-11-21 21:21 - 2014-07-03 08:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-11-21 21:21 - 2014-06-28 15:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-11-21 21:21 - 2014-06-28 14:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-11-21 21:21 - 2014-06-28 14:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-11-21 21:21 - 2014-06-25 15:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-11-21 21:21 - 2014-06-25 15:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-11-21 21:21 - 2014-06-18 07:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-11-21 21:21 - 2014-06-18 07:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-11-21 21:21 - 2014-06-11 22:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-11-21 21:21 - 2014-06-11 12:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-11-21 21:21 - 2014-06-11 06:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-11-21 21:21 - 2014-02-04 18:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-11-21 21:19 - 2014-07-24 21:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-11-21 21:19 - 2014-07-17 07:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-11-21 21:19 - 2014-07-17 06:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-11-21 21:19 - 2014-07-17 06:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-11-21 21:19 - 2014-07-12 14:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-11-21 21:19 - 2014-07-12 12:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-11-21 21:19 - 2014-07-12 12:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-11-21 21:19 - 2014-07-12 12:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-11-21 21:19 - 2014-07-12 12:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-11-21 21:19 - 2014-06-28 14:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-11-21 21:19 - 2014-06-28 10:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-11-21 21:18 - 2014-07-07 13:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-11-21 21:18 - 2014-07-07 13:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-21 21:18 - 2014-07-07 13:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-11-21 21:18 - 2014-07-07 13:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-21 21:18 - 2014-07-07 12:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-11-21 21:18 - 2014-07-07 12:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-11-21 21:18 - 2014-07-07 12:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-21 21:18 - 2014-07-07 11:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-11-21 21:18 - 2014-06-13 07:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-11-21 21:18 - 2014-06-13 07:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-11-21 21:17 - 2014-09-03 10:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-11-21 21:17 - 2014-09-03 10:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-11-20 13:14 - 2014-12-18 16:34 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Zoo
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 13:32 - 2013-10-14 17:35 - 00000000 ___HD () C:\Users\Public\Fundata
2014-12-19 13:32 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-19 13:31 - 2013-11-28 20:33 - 00000000 ___RD () C:\Users\KengLing\Dropbox
2014-12-19 13:31 - 2013-11-28 20:31 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Dropbox
2014-12-19 13:31 - 2013-02-04 15:17 - 02037020 _____ () C:\windows\WindowsUpdate.log
2014-12-19 13:30 - 2013-11-28 20:33 - 00000999 _____ () C:\Users\KengLing\Desktop\Dropbox.lnk
2014-12-19 13:30 - 2013-11-28 20:32 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-19 13:30 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-19 13:28 - 2014-10-29 18:11 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 13:28 - 2013-03-11 18:41 - 00031588 _____ () C:\Users\KengLing\AppData\Local\BTServer.log
2014-12-18 16:37 - 2013-03-11 19:12 - 17039044 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-18 16:35 - 2013-02-04 15:21 - 00000000 ____D () C:\ProgramData\Realtek
2014-12-18 16:35 - 2012-07-26 15:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-18 16:27 - 2013-02-04 16:11 - 00444878 _____ () C:\windows\system32\prfh0804.dat
2014-12-18 16:27 - 2013-02-04 16:11 - 00140712 _____ () C:\windows\system32\prfc0804.dat
2014-12-18 16:27 - 2012-07-26 15:28 - 01403652 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-18 16:24 - 2013-03-11 18:49 - 00003590 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-336608445-27866453-704810108-1001
2014-12-18 16:18 - 2012-07-26 13:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-12-18 16:16 - 2014-10-29 18:11 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-18 16:15 - 2014-09-26 10:18 - 00000000 ____D () C:\ProgramData\Mini - Adblocker
2014-12-18 16:15 - 2014-07-28 02:00 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Funshion
2014-12-18 16:15 - 2014-07-04 02:05 - 00000000 ___HD () C:\Users\Public\FunAcce
2014-12-18 16:15 - 2014-01-04 17:50 - 00000000 ____D () C:\Users\KengLing\AppData\Local\genienext
2014-12-18 16:15 - 2013-11-14 11:27 - 00000000 ____D () C:\ProgramData\mcache
2014-12-18 16:13 - 2014-10-24 22:40 - 00000000 ____D () C:\ProgramData\Yellow AdBlocker
2014-12-18 16:13 - 2013-03-11 18:41 - 00000000 ____D () C:\Users\KengLing
2014-12-18 16:10 - 2014-09-26 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 16:04 - 2012-07-26 16:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-18 16:02 - 2013-11-01 01:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 15:55 - 2012-07-26 15:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2013-11-01 01:35 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 15:21 - 2014-10-25 18:06 - 00000004 _____ () C:\Users\KengLing\AppData\Roaming\appdataFr2.bin
2014-12-15 15:01 - 2014-05-10 23:20 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\System Speedup
2014-12-15 13:12 - 2014-05-10 23:21 - 00000000 ____D () C:\ProgramData\Systweak
2014-12-15 13:12 - 2014-05-10 23:20 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\systweak
2014-12-14 21:36 - 2014-05-10 23:20 - 00003132 _____ () C:\windows\System32\Tasks\System Speedup
2014-12-13 02:23 - 2013-07-27 19:34 - 00000000 ____D () C:\Users\KengLing\Desktop\MEMORY STORAGE
2014-12-13 02:14 - 2013-11-28 12:10 - 00000000 ____D () C:\Users\KengLing\Desktop\32 GB MICRO SD
2014-12-13 02:10 - 2012-07-26 15:21 - 00114363 _____ () C:\windows\setupact.log
2014-12-10 20:03 - 2013-11-01 01:57 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 20:02 - 2014-09-10 02:07 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 02:12 - 2014-01-05 17:42 - 00000000 ____D () C:\ProgramData\365559d05cf6c3a4
2014-12-06 21:39 - 2014-07-15 21:06 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Giraffe
2014-11-27 05:11 - 2012-07-26 16:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 21:36 - 2014-09-22 23:26 - 00000000 ____D () C:\windows\rescache
2014-11-24 21:10 - 2012-10-10 07:08 - 00196912 _____ () C:\windows\PFRO.log
2014-11-22 20:51 - 2014-10-14 20:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\WinStore
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-22 17:55 - 2013-08-07 21:02 - 00000000 ____D () C:\windows\system32\MRT
2014-11-22 17:24 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-11-21 20:47 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\NDF
2014-11-21 06:14 - 2014-09-26 22:33 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-26 22:33 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-11-01 01:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-20 13:24 - 2014-10-15 00:42 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\iy
 
Some content of TEMP:
====================
C:\Users\KengLing\AppData\Local\Temp\089709F389a.exe
C:\Users\KengLing\AppData\Local\Temp\0f049aE2.exe
C:\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe
C:\Users\KengLing\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\KengLing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhfeex.dll
C:\Users\KengLing\AppData\Local\Temp\drvprosetup.exe
C:\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe
C:\Users\KengLing\AppData\Local\Temp\kwuninsthelper.exe
C:\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\KengLing\AppData\Local\Temp\optprosetup.exe
C:\Users\KengLing\AppData\Local\Temp\ResetDevice.exe
C:\Users\KengLing\AppData\Local\Temp\Tmp1400843114_Greenil.dll
C:\Users\KengLing\AppData\Local\Temp\Tmp1406484046_Greenil.dll
C:\Users\KengLing\AppData\Local\Temp\Tmp1416965757_greenil.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-18 15:48
 
==================== End Of Log ============================
 
TDSSKiller log 
 
13:43:50.0236 0x131c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
13:43:50.0251 0x131c  UEFI system
13:43:55.0183 0x131c  ============================================================
13:43:55.0183 0x131c  Current date / time: 2014/12/19 13:43:55.0183
13:43:55.0183 0x131c  SystemInfo:
13:43:55.0183 0x131c  
13:43:55.0183 0x131c  OS Version: 6.2.9200 ServicePack: 0.0
13:43:55.0183 0x131c  Product type: Workstation
13:43:55.0183 0x131c  ComputerName: PEANUT
13:43:55.0183 0x131c  UserName: KengLing
13:43:55.0183 0x131c  Windows directory: C:\windows
13:43:55.0183 0x131c  System windows directory: C:\windows
13:43:55.0183 0x131c  Running under WOW64
13:43:55.0183 0x131c  Processor architecture: Intel x64
13:43:55.0183 0x131c  Number of processors: 4
13:43:55.0183 0x131c  Page size: 0x1000
13:43:55.0183 0x131c  Boot type: Normal boot
13:43:55.0183 0x131c  ============================================================
13:43:55.0480 0x131c  KLMD registered as C:\windows\system32\drivers\39974945.sys
13:43:55.0823 0x131c  System UUID: {01AD8528-1113-AB22-4490-20EA1EAAAB89}
13:43:57.0339 0x131c  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:43:57.0355 0x131c  ============================================================
13:43:57.0355 0x131c  \Device\Harddisk0\DR0:
13:43:57.0355 0x131c  GPT partitions:
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E083AD83-8C68-4E35-92AD-EDA7FC00CBBB}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BD9898D6-9A76-48FB-91F3-AB90F536D088}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {B61F9C83-DA1A-4FED-977D-50926A88F7E2}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {89F44F05-10DC-4D18-A723-F79FAF7E5F3C}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {91EC67ED-6FA0-471C-A652-9465EE8F8540}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0xC9ED000
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AA36C810-532D-43CB-AF3D-28E6E3CB4B83}, Name: Basic data partition, StartLBA 0xCE97800, BlocksNum 0x800000
13:43:57.0355 0x131c  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B1E2FFEB-9522-4649-85D7-1BF250EF6835}, Name: Basic data partition, StartLBA 0xD697800, BlocksNum 0x17E4800
13:43:57.0355 0x131c  MBR partitions:
13:43:57.0355 0x131c  ============================================================
13:43:57.0355 0x131c  C: <-> \Device\Harddisk0\DR0\Partition5
13:43:57.0355 0x131c  D: <-> \Device\Harddisk0\DR0\Partition6
13:43:57.0355 0x131c  ============================================================
13:43:57.0355 0x131c  Initialize success
13:43:57.0355 0x131c  ============================================================
13:44:29.0167 0x1270  ============================================================
13:44:29.0167 0x1270  Scan started
13:44:29.0167 0x1270  Mode: Manual; SigCheck; TDLFS; 
13:44:29.0167 0x1270  ============================================================
13:44:29.0167 0x1270  KSN ping started
13:44:32.0042 0x1270  KSN ping finished: true
13:44:32.0855 0x1270  ================ Scan system memory ========================
13:44:32.0855 0x1270  System memory - ok
13:44:32.0855 0x1270  ================ Scan services =============================
13:44:32.0995 0x1270  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
13:44:33.0120 0x1270  1394ohci - ok
13:44:33.0151 0x1270  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\windows\system32\drivers\3ware.sys
13:44:33.0214 0x1270  3ware - ok
13:44:33.0261 0x1270  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\windows\system32\drivers\ACPI.sys
13:44:33.0355 0x1270  ACPI - ok
13:44:33.0370 0x1270  [ E3530CCC4018BBFC39176E579E438BE6, 6E7D3690E9BD58F35B2412450CDEAA09607CB05B466CEB6EB9A631294ADCF305 ] acpials         C:\windows\system32\DRIVERS\acpials.sys
13:44:33.0402 0x1270  acpials - ok
13:44:33.0433 0x1270  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\windows\system32\Drivers\acpiex.sys
13:44:33.0464 0x1270  acpiex - ok
13:44:33.0480 0x1270  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
13:44:33.0527 0x1270  acpipagr - ok
13:44:33.0542 0x1270  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
13:44:33.0573 0x1270  AcpiPmi - ok
13:44:33.0589 0x1270  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\windows\System32\drivers\acpitime.sys
13:44:33.0620 0x1270  acpitime - ok
13:44:33.0652 0x1270  [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC         C:\windows\System32\drivers\AcpiVpc.sys
13:44:33.0745 0x1270  ACPIVPC - ok
13:44:33.0808 0x1270  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:33.0870 0x1270  AdobeFlashPlayerUpdateSvc - ok
13:44:33.0917 0x1270  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
13:44:34.0011 0x1270  adp94xx - ok
13:44:34.0042 0x1270  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\windows\system32\drivers\adpahci.sys
13:44:34.0136 0x1270  adpahci - ok
13:44:34.0167 0x1270  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\windows\system32\drivers\adpu320.sys
13:44:34.0230 0x1270  adpu320 - ok
13:44:34.0261 0x1270  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
13:44:34.0308 0x1270  AeLookupSvc - ok
13:44:34.0355 0x1270  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\windows\system32\drivers\afd.sys
13:44:34.0433 0x1270  AFD - ok
13:44:34.0448 0x1270  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\windows\system32\drivers\agp440.sys
13:44:34.0495 0x1270  agp440 - ok
13:44:34.0511 0x1270  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\windows\System32\alg.exe
13:44:34.0558 0x1270  ALG - ok
13:44:34.0573 0x1270  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
13:44:34.0620 0x1270  AllUserInstallAgent - ok
13:44:34.0636 0x1270  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\windows\System32\drivers\amdk8.sys
13:44:34.0667 0x1270  AmdK8 - ok
13:44:34.0683 0x1270  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
13:44:34.0730 0x1270  AmdPPM - ok
13:44:34.0745 0x1270  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\windows\system32\drivers\amdsata.sys
13:44:34.0777 0x1270  amdsata - ok
13:44:34.0808 0x1270  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
13:44:34.0855 0x1270  amdsbs - ok
13:44:34.0886 0x1270  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\windows\system32\drivers\amdxata.sys
13:44:34.0917 0x1270  amdxata - ok
13:44:34.0917 0x1270  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\windows\System32\Drivers\ssadadb.sys
13:44:34.0964 0x1270  androidusb - ok
13:44:34.0964 0x1270  AntiVirWebService - ok
13:44:34.0995 0x1270  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\windows\system32\drivers\appid.sys
13:44:35.0058 0x1270  AppID - ok
13:44:35.0073 0x1270  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\windows\System32\appidsvc.dll
13:44:35.0105 0x1270  AppIDSvc - ok
13:44:35.0120 0x1270  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\windows\System32\appinfo.dll
13:44:35.0167 0x1270  Appinfo - ok
13:44:35.0183 0x1270  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\windows\system32\drivers\arc.sys
13:44:35.0214 0x1270  arc - ok
13:44:35.0245 0x1270  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\windows\system32\drivers\arcsas.sys
13:44:35.0277 0x1270  arcsas - ok
13:44:35.0292 0x1270  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
13:44:35.0323 0x1270  AsyncMac - ok
13:44:35.0339 0x1270  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\windows\system32\drivers\atapi.sys
13:44:35.0370 0x1270  atapi - ok
13:44:35.0386 0x1270  [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
13:44:35.0433 0x1270  AudioEndpointBuilder - ok
13:44:35.0495 0x1270  [ 37B2C3BFD6E259A5CBC0053100908157, BB2103C67ED00D2A6C19D97BDFC8D7695F1957910743CA406038262DB1BB9339 ] Audiosrv        C:\windows\System32\Audiosrv.dll
13:44:35.0589 0x1270  Audiosrv - ok
13:44:35.0605 0x1270  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\windows\System32\AxInstSV.dll
13:44:35.0652 0x1270  AxInstSV - ok
13:44:35.0699 0x1270  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
13:44:35.0777 0x1270  b06bdrv - ok
13:44:35.0792 0x1270  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
13:44:35.0824 0x1270  BasicDisplay - ok
13:44:35.0839 0x1270  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
13:44:35.0870 0x1270  BasicRender - ok
13:44:35.0902 0x1270  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\windows\System32\bdesvc.dll
13:44:35.0949 0x1270  BDESVC - ok
13:44:35.0964 0x1270  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\windows\system32\drivers\Beep.sys
13:44:35.0995 0x1270  Beep - ok
13:44:36.0042 0x1270  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\windows\System32\bfe.dll
13:44:36.0120 0x1270  BFE - ok
13:44:36.0183 0x1270  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\windows\System32\qmgr.dll
13:44:36.0277 0x1270  BITS - ok
13:44:36.0308 0x1270  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
13:44:36.0339 0x1270  bowser - ok
13:44:36.0355 0x1270  [ E59C1F1A1BC27283AC2C9C644914E84A, 9C6790E4E4504FAE5535D841EFDDE0491F02AD3FAB8673EA23F4D2F1CBB8437F ] br3gmdm         C:\windows\system32\DRIVERS\br3gmdm.sys
13:44:36.0370 0x1270  br3gmdm - detected UnsignedFile.Multi.Generic ( 1 )
13:44:39.0371 0x1270  Detect skipped due to KSN trusted
13:44:39.0371 0x1270  br3gmdm - ok
13:44:39.0386 0x1270  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
13:44:39.0433 0x1270  BrokerInfrastructure - ok
13:44:39.0449 0x1270  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\windows\System32\browser.dll
13:44:39.0496 0x1270  Browser - ok
13:44:39.0511 0x1270  [ 2C096B3120F7936DB86DEBF0962C8D6A, 8A7B377758749B91B7CDEC633C822FA6AD8983568A86C1D6D2A17ACF67C4AA1D ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
13:44:39.0527 0x1270  BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )
13:44:42.0451 0x1270  Detect skipped due to KSN trusted
13:44:42.0451 0x1270  BTDevManager - ok
13:44:42.0467 0x1270  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
13:44:42.0514 0x1270  BthAvrcpTg - ok
13:44:42.0530 0x1270  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
13:44:42.0545 0x1270  BthEnum - ok
13:44:42.0561 0x1270  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
13:44:42.0639 0x1270  BthHFEnum - ok
13:44:42.0655 0x1270  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
13:44:42.0686 0x1270  bthhfhid - ok
13:44:42.0701 0x1270  [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum       C:\windows\system32\DRIVERS\BthLEEnum.sys
13:44:42.0795 0x1270  BthLEEnum - ok
13:44:42.0811 0x1270  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
13:44:42.0873 0x1270  BTHMODEM - ok
13:44:42.0889 0x1270  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
13:44:42.0920 0x1270  BthPan - ok
13:44:43.0014 0x1270  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
13:44:43.0139 0x1270  BTHPORT - ok
13:44:43.0170 0x1270  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\windows\system32\bthserv.dll
13:44:43.0201 0x1270  bthserv - ok
13:44:43.0217 0x1270  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
13:44:43.0248 0x1270  BTHUSB - ok
13:44:43.0280 0x1270  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
13:44:43.0311 0x1270  cdfs - ok
13:44:43.0326 0x1270  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\windows\System32\drivers\cdrom.sys
13:44:43.0373 0x1270  cdrom - ok
13:44:43.0389 0x1270  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\windows\System32\certprop.dll
13:44:43.0420 0x1270  CertPropSvc - ok
13:44:43.0436 0x1270  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\windows\System32\drivers\circlass.sys
13:44:43.0514 0x1270  circlass - ok
13:44:43.0545 0x1270  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\windows\system32\drivers\CLFS.sys
13:44:43.0608 0x1270  CLFS - ok
13:44:43.0639 0x1270  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
13:44:43.0670 0x1270  CmBatt - ok
13:44:43.0733 0x1270  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\windows\system32\Drivers\cng.sys
13:44:43.0827 0x1270  CNG - ok
13:44:43.0967 0x1270  [ B4C97854D48060EF8891B53AF3990D15, 5BD03C79954566DDDB58A73B0C735112CB24F1C090E0AB553595DC65D02CFFCC ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
13:44:44.0123 0x1270  CnxtHdAudService - ok
13:44:44.0139 0x1270  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
13:44:44.0217 0x1270  CompositeBus - ok
13:44:44.0233 0x1270  COMSysApp - ok
13:44:44.0248 0x1270  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\windows\system32\drivers\condrv.sys
13:44:44.0280 0x1270  condrv - ok
13:44:44.0327 0x1270  [ 815F3180B5117E42E422188E9CCC89C6, 69E539D33F3B9F3562FE4B21D853EEBB15DBD2106509FEBD476D04562F34AC08 ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
13:44:44.0373 0x1270  cphs - ok
13:44:44.0389 0x1270  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\windows\system32\cryptsvc.dll
13:44:44.0436 0x1270  CryptSvc - ok
13:44:44.0467 0x1270  [ 48AED45DF009081AF3F5144F7D624674, 4425C15EB9E1177EE5134A33F63DAF7FF876577946DBF1EAD92C5614025113BB ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
13:44:44.0498 0x1270  CxAudMsg - ok
13:44:44.0514 0x1270  [ 3A6209AC494296C24C2065CB4392B5F4, 944556A8521D4E59EE35B364C9FB1A3846924D512E73C2CB32DD440022E6B1B5 ] D0E87C27        C:\windows\system32\rundll32.exe
13:44:44.0608 0x1270  D0E87C27 - ok
13:44:44.0623 0x1270  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\windows\system32\drivers\dam.sys
13:44:44.0655 0x1270  dam - ok
13:44:44.0733 0x1270  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\windows\system32\rpcss.dll
13:44:44.0842 0x1270  DcomLaunch - ok
13:44:44.0873 0x1270  [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc       C:\windows\System32\defragsvc.dll
13:44:44.0936 0x1270  defragsvc - ok
13:44:44.0967 0x1270  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
13:44:45.0045 0x1270  DeviceAssociationService - ok
13:44:45.0061 0x1270  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
13:44:45.0092 0x1270  DeviceInstall - ok
13:44:45.0123 0x1270  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
13:44:45.0155 0x1270  Dfsc - ok
13:44:45.0170 0x1270  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
13:44:45.0202 0x1270  dg_ssudbus - ok
13:44:45.0233 0x1270  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\windows\system32\dhcpcore.dll
13:44:45.0280 0x1270  Dhcp - ok
13:44:45.0295 0x1270  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\windows\system32\drivers\discache.sys
13:44:45.0358 0x1270  discache - ok
13:44:45.0373 0x1270  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\windows\system32\drivers\disk.sys
13:44:45.0405 0x1270  disk - ok
13:44:45.0420 0x1270  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
13:44:45.0452 0x1270  dmvsc - ok
13:44:45.0467 0x1270  [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache        C:\windows\System32\dnsrslvr.dll
13:44:45.0530 0x1270  Dnscache - ok
13:44:45.0561 0x1270  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\windows\System32\dot3svc.dll
13:44:45.0639 0x1270  dot3svc - ok
13:44:45.0655 0x1270  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\windows\system32\dps.dll
13:44:45.0717 0x1270  DPS - ok
13:44:45.0733 0x1270  [ 2986DF25D67710EB415BFDEB5EBDD486, 4378C70610B41F95714FAB9581C5AB840704FC0A6268E9394FA1B624CF108F1A ] DptfDevPch      C:\windows\system32\DRIVERS\DptfDevPch.sys
13:44:45.0764 0x1270  DptfDevPch - ok
13:44:45.0795 0x1270  [ 6C3A9CF2037ADDFDC3AB96B04797AE12, B339F0019B690F66C76D34AE1ECD8CA315C8BB820452B3A5824829C9379CF313 ] DptfDevProc     C:\windows\system32\DRIVERS\DptfDevProc.sys
13:44:45.0842 0x1270  DptfDevProc - ok
13:44:45.0873 0x1270  [ 593BFE1580F26864AFA2B3CDF3EEF71F, 71052F4DCCC5E1A78176599AB0A330FD3D0038C2C59DC0CC635DCF4FB3FB3630 ] DptfManager     C:\windows\system32\DRIVERS\DptfManager.sys
13:44:45.0920 0x1270  DptfManager - ok
13:44:45.0936 0x1270  [ 3EBB900BA3BC774CABEBE2BED3200B8C, FC8D5BEA88909F7932C3F55EEF1EB95F0BCC7FFCCA820A20BAC46B894FA26264 ] DptfParticipantProcessorService C:\windows\system32\DptfParticipantProcessorService.exe
13:44:45.0952 0x1270  DptfParticipantProcessorService - ok
13:44:45.0967 0x1270  [ 15FB795C1683ACC47989875E0CC5ED0B, 6F5D36547F87FB7D593477A01EA82B8A4069CBDF61095643A627943F558288A3 ] DptfPolicyConfigTDPService C:\windows\system32\DptfPolicyConfigTDPService.exe
13:44:45.0983 0x1270  DptfPolicyConfigTDPService - ok
13:44:45.0998 0x1270  [ A190809F608519CC5E77DD4C10A87863, 4865919074D7C83030B310C32351D19368C24A08AB4F6D85B8F0AFA13B63457E ] DptfPolicyLpmService C:\windows\system32\DptfPolicyLpmService.exe
13:44:46.0014 0x1270  DptfPolicyLpmService - ok
13:44:46.0030 0x1270  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
13:44:46.0061 0x1270  drmkaud - ok
13:44:46.0077 0x1270  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
13:44:46.0124 0x1270  DsmSvc - ok
13:44:46.0217 0x1270  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
13:44:46.0358 0x1270  DXGKrnl - ok
13:44:46.0405 0x1270  [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress      C:\windows\system32\DRIVERS\e1i63x64.sys
13:44:46.0499 0x1270  e1iexpress - ok
13:44:46.0499 0x1270  [ 3A6209AC494296C24C2065CB4392B5F4, 944556A8521D4E59EE35B364C9FB1A3846924D512E73C2CB32DD440022E6B1B5 ] e81a9dc1        C:\windows\system32\rundll32.exe
13:44:46.0545 0x1270  e81a9dc1 - ok
13:44:46.0561 0x1270  EagleX64 - ok
13:44:46.0577 0x1270  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\windows\System32\eapsvc.dll
13:44:46.0624 0x1270  Eaphost - ok
13:44:46.0842 0x1270  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\windows\system32\drivers\evbda.sys
13:44:47.0170 0x1270  ebdrv - ok
13:44:47.0186 0x1270  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\windows\System32\lsass.exe
13:44:47.0233 0x1270  EFS - ok
13:44:47.0264 0x1270  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
13:44:47.0295 0x1270  EhStorClass - ok
13:44:47.0327 0x1270  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
13:44:47.0374 0x1270  EhStorTcgDrv - ok
13:44:47.0389 0x1270  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\windows\System32\drivers\errdev.sys
13:44:47.0420 0x1270  ErrDev - ok
13:44:47.0483 0x1270  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\windows\system32\es.dll
13:44:47.0561 0x1270  EventSystem - ok
13:44:47.0577 0x1270  ewusbnet - ok
13:44:47.0592 0x1270  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev     C:\windows\system32\DRIVERS\ew_hwusbdev.sys
13:44:47.0639 0x1270  ew_hwusbdev - ok
13:44:47.0655 0x1270  [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\windows\System32\drivers\ew_usbenumfilter.sys
13:44:47.0670 0x1270  ew_usbenumfilter - ok
13:44:47.0702 0x1270  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\windows\system32\drivers\exfat.sys
13:44:47.0764 0x1270  exfat - ok
13:44:47.0795 0x1270  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\windows\system32\drivers\fastfat.sys
13:44:47.0842 0x1270  fastfat - ok
13:44:47.0905 0x1270  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\windows\system32\fxssvc.exe
13:44:47.0983 0x1270  Fax - ok
13:44:47.0999 0x1270  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\windows\System32\drivers\fdc.sys
13:44:48.0014 0x1270  fdc - ok
13:44:48.0030 0x1270  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\windows\system32\fdPHost.dll
13:44:48.0077 0x1270  fdPHost - ok
13:44:48.0092 0x1270  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\windows\system32\fdrespub.dll
13:44:48.0155 0x1270  FDResPub - ok
13:44:48.0170 0x1270  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\windows\system32\fhsvc.dll
13:44:48.0202 0x1270  fhsvc - ok
13:44:48.0217 0x1270  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
13:44:48.0249 0x1270  FileInfo - ok
13:44:48.0249 0x1270  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
13:44:48.0311 0x1270  Filetrace - ok
13:44:48.0327 0x1270  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
13:44:48.0358 0x1270  flpydisk - ok
13:44:48.0389 0x1270  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
13:44:48.0452 0x1270  FltMgr - ok
13:44:48.0561 0x1270  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\windows\system32\FntCache.dll
13:44:48.0671 0x1270  FontCache - ok
13:44:48.0686 0x1270  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:44:48.0717 0x1270  FontCache3.0.0.0 - ok
13:44:48.0733 0x1270  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
13:44:48.0764 0x1270  FsDepends - ok
13:44:48.0780 0x1270  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
13:44:48.0811 0x1270  Fs_Rec - ok
13:44:48.0858 0x1270  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
13:44:48.0936 0x1270  fvevol - ok
13:44:48.0952 0x1270  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
13:44:48.0983 0x1270  FxPPM - ok
13:44:48.0999 0x1270  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
13:44:49.0030 0x1270  gagp30kx - ok
13:44:49.0046 0x1270  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
13:44:49.0077 0x1270  gencounter - ok
13:44:49.0092 0x1270  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
13:44:49.0155 0x1270  GPIOClx0101 - ok
13:44:49.0249 0x1270  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\windows\System32\gpsvc.dll
13:44:49.0421 0x1270  gpsvc - ok
13:44:49.0452 0x1270  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:44:49.0467 0x1270  gupdate - ok
13:44:49.0483 0x1270  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:44:49.0514 0x1270  gupdatem - ok
13:44:49.0561 0x1270  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:44:49.0608 0x1270  HdAudAddService - ok
13:44:49.0624 0x1270  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
13:44:49.0671 0x1270  HDAudBus - ok
13:44:49.0686 0x1270  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
13:44:49.0717 0x1270  HidBatt - ok
13:44:49.0749 0x1270  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\windows\System32\drivers\hidbth.sys
13:44:49.0796 0x1270  HidBth - ok
13:44:49.0811 0x1270  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
13:44:49.0858 0x1270  hidi2c - ok
13:44:49.0874 0x1270  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\windows\System32\drivers\hidir.sys
13:44:49.0921 0x1270  HidIr - ok
13:44:49.0936 0x1270  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\windows\system32\hidserv.dll
13:44:49.0967 0x1270  hidserv - ok
13:44:49.0983 0x1270  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\windows\System32\drivers\hidusb.sys
13:44:50.0014 0x1270  HidUsb - ok
13:44:50.0030 0x1270  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\windows\system32\kmsvc.dll
13:44:50.0077 0x1270  hkmsvc - ok
13:44:50.0108 0x1270  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:44:50.0151 0x1270  HomeGroupListener - ok
13:44:50.0198 0x1270  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:44:50.0245 0x1270  HomeGroupProvider - ok
13:44:50.0261 0x1270  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
13:44:50.0308 0x1270  HpSAMD - ok
13:44:50.0370 0x1270  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\windows\system32\drivers\HTTP.sys
13:44:50.0448 0x1270  HTTP - ok
13:44:50.0480 0x1270  [ 3B33B06D9A60CC8869CC280DAA36E414, 3C706F4B39A7E1800A2164FE808A179BD1A058C606468855692EA74CA46F9AE9 ] huawei_cdcacm   C:\windows\system32\DRIVERS\ew_jucdcacm.sys
13:44:50.0511 0x1270  huawei_cdcacm - ok
13:44:50.0526 0x1270  [ 871DE49EFF65CEABF15415F93148DF5A, 8FD66237135BB2A405CA6F0BDFE9163161123F5AEE89A37A8C4ABFF1C9E20A91 ] huawei_enumerator C:\windows\System32\drivers\ew_jubusenum.sys
13:44:50.0558 0x1270  huawei_enumerator - ok
13:44:50.0573 0x1270  [ 1EC67C791D2D3EAE203B5F2CBFFE867C, CD2D0731D1AB3A67ACFD328923FF8E219D85DFC2E4D5D4468316F6F0D95B29D9 ] huawei_ext_ctrl C:\windows\System32\drivers\ew_juextctrl.sys
13:44:50.0589 0x1270  huawei_ext_ctrl - ok
13:44:50.0636 0x1270  [ 6DF7633CD4665BC6A1B3572751B8D260, EB4885CA56BA0BF7E05F0D68B85BE879D91D69281EA856A19CA764C53E85B87C ] huawei_wwanecm  C:\windows\system32\DRIVERS\ew_juwwanecm.sys
13:44:50.0667 0x1270  huawei_wwanecm - ok
13:44:50.0698 0x1270  [ 24FA6177FE55C4BC045EC87E39F90688, 14B6EF152CE5293BB549A8FA069BEBC34C8C6B9796A6AA94B0AB6ADBEC3819C1 ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys
13:44:50.0745 0x1270  hwdatacard - ok
13:44:50.0776 0x1270  [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
13:44:50.0823 0x1270  HWDeviceService64.exe - ok
13:44:50.0839 0x1270  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
13:44:50.0870 0x1270  hwpolicy - ok
13:44:50.0886 0x1270  hwusbdev - ok
13:44:50.0886 0x1270  hwusbfake - ok
13:44:50.0901 0x1270  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
13:44:50.0933 0x1270  hyperkbd - ok
13:44:50.0948 0x1270  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
13:44:50.0980 0x1270  HyperVideo - ok
13:44:50.0995 0x1270  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
13:44:51.0042 0x1270  i8042prt - ok
13:44:51.0073 0x1270  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
13:44:51.0136 0x1270  iaStorV - ok
13:44:51.0308 0x1270  [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
13:44:51.0495 0x1270  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
13:44:53.0882 0x1270  Detect skipped due to KSN trusted
13:44:53.0898 0x1270  IconMan_R - ok
13:44:54.0226 0x1270  [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
13:44:54.0648 0x1270  igfx - ok
13:44:54.0679 0x1270  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
13:44:54.0710 0x1270  iirsp - ok
13:44:54.0804 0x1270  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\windows\System32\ikeext.dll
13:44:54.0945 0x1270  IKEEXT - ok
13:44:54.0992 0x1270  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
13:44:55.0039 0x1270  IntcDAud - ok
13:44:55.0101 0x1270  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:44:55.0148 0x1270  Intel® Capability Licensing Service Interface - ok
13:44:55.0164 0x1270  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\windows\system32\drivers\intelide.sys
13:44:55.0211 0x1270  intelide - ok
13:44:55.0226 0x1270  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\windows\System32\drivers\intelppm.sys
13:44:55.0257 0x1270  intelppm - ok
13:44:55.0289 0x1270  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
13:44:55.0351 0x1270  IpFilterDriver - ok
13:44:55.0429 0x1270  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
13:44:55.0554 0x1270  iphlpsvc - ok
13:44:55.0601 0x1270  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
13:44:55.0632 0x1270  IPMIDRV - ok
13:44:55.0664 0x1270  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
13:44:55.0726 0x1270  IPNAT - ok
13:44:55.0742 0x1270  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\windows\system32\drivers\irenum.sys
13:44:55.0773 0x1270  IRENUM - ok
13:44:55.0773 0x1270  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\windows\system32\drivers\isapnp.sys
13:44:55.0820 0x1270  isapnp - ok
13:44:55.0851 0x1270  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
13:44:55.0898 0x1270  iScsiPrt - ok
13:44:55.0929 0x1270  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:44:55.0945 0x1270  jhi_service - ok
13:44:55.0961 0x1270  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
13:44:56.0007 0x1270  kbdclass - ok
13:44:56.0023 0x1270  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
13:44:56.0054 0x1270  kbdhid - ok
13:44:56.0070 0x1270  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
13:44:56.0101 0x1270  kdnic - ok
13:44:56.0117 0x1270  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\windows\system32\lsass.exe
13:44:56.0148 0x1270  KeyIso - ok
13:44:56.0179 0x1270  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
13:44:56.0211 0x1270  KSecDD - ok
13:44:56.0226 0x1270  [ 0EB535ADDC065F2D0CBFC089630A6065, F6DD544227A5B7A0C80E401EB5461963567A24834C60AF520FBABC1A9FB4E631 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
13:44:56.0289 0x1270  KSecPkg - ok
13:44:56.0304 0x1270  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
13:44:56.0351 0x1270  ksthunk - ok
13:44:56.0398 0x1270  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\windows\system32\msdtckrm.dll
13:44:56.0476 0x1270  KtmRm - ok
13:44:56.0507 0x1270  [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer    C:\windows\system32\srvsvc.dll
13:44:56.0570 0x1270  LanmanServer - ok
13:44:56.0586 0x1270  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:44:56.0632 0x1270  LanmanWorkstation - ok
13:44:56.0648 0x1270  [ 2D4DB08B74F50988800ACA227598E68B, 5C2251BC51E57CDC35D9C3B7EB6FB2958A4629095E3F63D488DF477E9AE68F95 ] leymc           C:\windows\system32\DRIVERS\leymc.sys
13:44:56.0679 0x1270  leymc - ok
13:44:56.0679 0x1270  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
13:44:56.0711 0x1270  LHDmgr - ok
13:44:56.0726 0x1270  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
13:44:56.0773 0x1270  lltdio - ok
13:44:56.0804 0x1270  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\windows\System32\lltdsvc.dll
13:44:56.0867 0x1270  lltdsvc - ok
13:44:56.0882 0x1270  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\windows\System32\lmhsvc.dll
13:44:56.0914 0x1270  lmhosts - ok
13:44:56.0929 0x1270  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:44:56.0976 0x1270  LMS - ok
13:44:56.0992 0x1270  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
13:44:57.0023 0x1270  LSI_SAS - ok
13:44:57.0039 0x1270  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
13:44:57.0086 0x1270  LSI_SAS2 - ok
13:44:57.0101 0x1270  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
13:44:57.0133 0x1270  LSI_SCSI - ok
13:44:57.0148 0x1270  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
13:44:57.0179 0x1270  LSI_SSS - ok
13:44:57.0211 0x1270  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\windows\System32\lsm.dll
13:44:57.0273 0x1270  LSM - ok
13:44:57.0304 0x1270  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\windows\system32\drivers\luafv.sys
13:44:57.0351 0x1270  luafv - ok
13:44:57.0367 0x1270  mcbootdelaystartsvc - ok
13:44:57.0383 0x1270  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\windows\system32\drivers\megasas.sys
13:44:57.0414 0x1270  megasas - ok
13:44:57.0445 0x1270  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
13:44:57.0508 0x1270  MegaSR - ok
13:44:57.0523 0x1270  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\windows\System32\drivers\HECIx64.sys
13:44:57.0539 0x1270  MEIx64 - ok
13:44:57.0570 0x1270  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:44:57.0586 0x1270  Microsoft Office Groove Audit Service - ok
13:44:57.0617 0x1270  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\windows\system32\mmcss.dll
13:44:57.0648 0x1270  MMCSS - ok
13:44:57.0695 0x1270  [ 66AAE701A787E4BDF73116B79274DC86, A03340AEE25B834D0AAD6F744BF5D908A19B1CA830EBC465F01538B559A692EE ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
13:44:57.0742 0x1270  Mobile Partner. RunOuc - ok
13:44:57.0773 0x1270  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\windows\system32\drivers\modem.sys
13:44:57.0820 0x1270  Modem - ok
13:44:57.0836 0x1270  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\windows\System32\drivers\monitor.sys
13:44:57.0851 0x1270  monitor - ok
13:44:57.0867 0x1270  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\windows\System32\drivers\mouclass.sys
13:44:57.0898 0x1270  mouclass - ok
13:44:57.0914 0x1270  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\windows\System32\drivers\mouhid.sys
13:44:57.0945 0x1270  mouhid - ok
13:44:57.0961 0x1270  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
13:44:57.0992 0x1270  mountmgr - ok
13:44:58.0008 0x1270  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
13:44:58.0039 0x1270  mpsdrv - ok
13:44:58.0101 0x1270  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\windows\system32\mpssvc.dll
13:44:58.0195 0x1270  MpsSvc - ok
13:44:58.0226 0x1270  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
13:44:58.0273 0x1270  MRxDAV - ok
13:44:58.0304 0x1270  [ 14EE56050E1637926F5CFA65B1F4209B, C654280B4BB461898B43DF350B5BB76C2FDEBD6B49A19D08B2F28D92E2FA3D0D ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
13:44:58.0351 0x1270  mrxsmb - ok
13:44:58.0383 0x1270  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
13:44:58.0445 0x1270  mrxsmb10 - ok
13:44:58.0461 0x1270  [ 0AA400AB21745F1153ECE75E0186509A, E26696A00008BB8D88ABED6F379FFFAE21ACE9AA7108D9E89A7D99CAF2F23FEF ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
13:44:58.0523 0x1270  mrxsmb20 - ok
13:44:58.0539 0x1270  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
13:44:58.0586 0x1270  MsBridge - ok
13:44:58.0617 0x1270  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\windows\System32\msdtc.exe
13:44:58.0648 0x1270  MSDTC - ok
13:44:58.0679 0x1270  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\windows\system32\drivers\Msfs.sys
13:44:58.0711 0x1270  Msfs - ok
13:44:58.0711 0x1270  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
13:44:58.0758 0x1270  msgpiowin32 - ok
13:44:58.0773 0x1270  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
13:44:58.0789 0x1270  mshidkmdf - ok
13:44:58.0804 0x1270  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
13:44:58.0836 0x1270  mshidumdf - ok
13:44:58.0851 0x1270  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
13:44:58.0883 0x1270  msisadrv - ok
13:44:58.0898 0x1270  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\windows\system32\iscsiexe.dll
13:44:58.0945 0x1270  MSiSCSI - ok
13:44:58.0961 0x1270  msiserver - ok
13:44:58.0976 0x1270  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
13:44:59.0008 0x1270  MSKSSRV - ok
13:44:59.0023 0x1270  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
13:44:59.0054 0x1270  MsLldp - ok
13:44:59.0054 0x1270  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
13:44:59.0086 0x1270  MSPCLOCK - ok
13:44:59.0101 0x1270  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
13:44:59.0148 0x1270  MSPQM - ok
13:44:59.0179 0x1270  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
13:44:59.0226 0x1270  MsRPC - ok
13:44:59.0242 0x1270  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
13:44:59.0289 0x1270  mssmbios - ok
13:44:59.0289 0x1270  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
13:44:59.0320 0x1270  MSTEE - ok
13:44:59.0336 0x1270  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
13:44:59.0367 0x1270  MTConfig - ok
13:44:59.0383 0x1270  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\windows\system32\Drivers\mup.sys
13:44:59.0414 0x1270  Mup - ok
13:44:59.0429 0x1270  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\windows\system32\drivers\mvumis.sys
13:44:59.0461 0x1270  mvumis - ok
13:44:59.0492 0x1270  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\windows\system32\qagentRT.dll
13:44:59.0570 0x1270  napagent - ok
13:44:59.0601 0x1270  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
13:44:59.0664 0x1270  NativeWifiP - ok
13:44:59.0695 0x1270  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\windows\System32\ncasvc.dll
13:44:59.0742 0x1270  NcaSvc - ok
13:44:59.0758 0x1270  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
13:44:59.0805 0x1270  NcdAutoSetup - ok
13:44:59.0867 0x1270  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\windows\system32\drivers\ndis.sys
13:44:59.0976 0x1270  NDIS - ok
13:44:59.0992 0x1270  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
13:45:00.0023 0x1270  NdisCap - ok
13:45:00.0039 0x1270  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
13:45:00.0086 0x1270  NdisImPlatform - ok
13:45:00.0101 0x1270  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
13:45:00.0133 0x1270  NdisTapi - ok
13:45:00.0133 0x1270  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
13:45:00.0164 0x1270  Ndisuio - ok
13:45:00.0195 0x1270  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
13:45:00.0258 0x1270  NdisWan - ok
13:45:00.0351 0x1270  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\windows\system32\DRIVERS\ndiswan.sys
13:45:00.0414 0x1270  NDISWANLEGACY - ok
13:45:00.0430 0x1270  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
13:45:00.0461 0x1270  NDProxy - ok
13:45:00.0461 0x1270  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\windows\system32\drivers\Ndu.sys
13:45:00.0508 0x1270  Ndu - ok
13:45:00.0523 0x1270  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
13:45:00.0555 0x1270  NetBIOS - ok
13:45:00.0601 0x1270  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
13:45:00.0648 0x1270  NetBT - ok
13:45:00.0664 0x1270  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\windows\system32\lsass.exe
13:45:00.0695 0x1270  Netlogon - ok
13:45:00.0726 0x1270  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\windows\System32\netman.dll
13:45:00.0789 0x1270  Netman - ok
13:45:00.0836 0x1270  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\windows\System32\netprofmsvc.dll
13:45:00.0914 0x1270  netprofm - ok
13:45:00.0930 0x1270  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:45:00.0976 0x1270  NetTcpPortSharing - ok
13:45:01.0633 0x1270  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
13:45:02.0430 0x1270  NETwNs64 - ok
13:45:02.0461 0x1270  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
13:45:02.0492 0x1270  nfrd960 - ok
13:45:02.0523 0x1270  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\windows\System32\nlasvc.dll
13:45:02.0586 0x1270  NlaSvc - ok
13:45:02.0602 0x1270  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\windows\system32\drivers\NPF.sys
13:45:02.0617 0x1270  NPF - ok
13:45:02.0633 0x1270  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\windows\system32\drivers\Npfs.sys
13:45:02.0664 0x1270  Npfs - ok
13:45:02.0680 0x1270  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
13:45:02.0727 0x1270  npsvctrig - ok
13:45:02.0742 0x1270  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\windows\system32\nsisvc.dll
13:45:02.0789 0x1270  nsi - ok
13:45:02.0789 0x1270  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
13:45:02.0820 0x1270  nsiproxy - ok
13:45:02.0961 0x1270  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
13:45:03.0164 0x1270  Ntfs - ok
13:45:03.0180 0x1270  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\windows\system32\drivers\Null.sys
13:45:03.0211 0x1270  Null - ok
13:45:03.0227 0x1270  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\windows\system32\drivers\nvraid.sys
13:45:03.0273 0x1270  nvraid - ok
13:45:03.0289 0x1270  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\windows\system32\drivers\nvstor.sys
13:45:03.0336 0x1270  nvstor - ok
13:45:03.0352 0x1270  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
13:45:03.0398 0x1270  nv_agp - ok
13:45:03.0430 0x1270  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:45:03.0477 0x1270  odserv - ok
13:45:03.0492 0x1270  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:03.0523 0x1270  ose - ok
13:45:03.0555 0x1270  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
13:45:03.0617 0x1270  p2pimsvc - ok
13:45:03.0648 0x1270  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\windows\system32\p2psvc.dll
13:45:03.0711 0x1270  p2psvc - ok
13:45:03.0742 0x1270  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\windows\System32\drivers\parport.sys
13:45:03.0773 0x1270  Parport - ok
13:45:03.0805 0x1270  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\windows\system32\drivers\partmgr.sys
13:45:03.0836 0x1270  partmgr - ok
13:45:03.0883 0x1270  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\windows\System32\pcasvc.dll
13:45:03.0945 0x1270  PcaSvc - ok
13:45:03.0977 0x1270  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\windows\system32\drivers\pci.sys
13:45:04.0023 0x1270  pci - ok
13:45:04.0023 0x1270  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\windows\system32\drivers\pciide.sys
13:45:04.0055 0x1270  pciide - ok
13:45:04.0086 0x1270  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
13:45:04.0133 0x1270  pcmcia - ok
13:45:04.0148 0x1270  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\windows\system32\drivers\pcw.sys
13:45:04.0180 0x1270  pcw - ok
13:45:04.0195 0x1270  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\windows\system32\drivers\pdc.sys
13:45:04.0227 0x1270  pdc - ok
13:45:04.0274 0x1270  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
13:45:04.0367 0x1270  PEAUTH - ok
13:45:04.0414 0x1270  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\windows\SysWow64\perfhost.exe
13:45:04.0445 0x1270  PerfHost - ok
13:45:04.0555 0x1270  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\windows\system32\pla.dll
13:45:04.0727 0x1270  pla - ok
13:45:04.0742 0x1270  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
13:45:04.0805 0x1270  PlugPlay - ok
13:45:04.0820 0x1270  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
13:45:04.0852 0x1270  PNRPAutoReg - ok
13:45:04.0883 0x1270  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
13:45:04.0930 0x1270  PNRPsvc - ok
13:45:04.0977 0x1270  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
13:45:05.0070 0x1270  PolicyAgent - ok
13:45:05.0086 0x1270  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\windows\system32\umpo.dll
13:45:05.0117 0x1270  Power - ok
13:45:05.0133 0x1270  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
13:45:05.0180 0x1270  PptpMiniport - ok
13:45:05.0352 0x1270  [ EE553F62E81D7F7F3718DB960A1EF2C0, 84A8C79B4F51D606F567A038280007F278D57BE06AB0F060E4D43AC1347AB459 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
13:45:05.0570 0x1270  PrintNotify - ok
13:45:05.0602 0x1270  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\windows\System32\drivers\processr.sys
13:45:05.0633 0x1270  Processor - ok
13:45:05.0649 0x1270  [ 7319B31138CF508E0C4502946657A4B4, 03C57F90F673012B983720D1477822AABA6D6D54F700AB2248CAED6451B37CA3 ] ProfSvc         C:\windows\system32\profsvc.dll
13:45:05.0695 0x1270  ProfSvc - ok
13:45:05.0711 0x1270  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
13:45:05.0758 0x1270  Psched - ok
13:45:05.0789 0x1270  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\windows\system32\qwave.dll
13:45:05.0852 0x1270  QWAVE - ok
13:45:05.0867 0x1270  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
13:45:05.0914 0x1270  QWAVEdrv - ok
13:45:05.0930 0x1270  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
13:45:05.0961 0x1270  RasAcd - ok
13:45:05.0977 0x1270  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
13:45:06.0024 0x1270  RasAgileVpn - ok
13:45:06.0039 0x1270  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\windows\System32\rasauto.dll
13:45:06.0086 0x1270  RasAuto - ok
13:45:06.0102 0x1270  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
13:45:06.0149 0x1270  Rasl2tp - ok
13:45:06.0180 0x1270  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\windows\System32\rasmans.dll
13:45:06.0242 0x1270  RasMan - ok
13:45:06.0258 0x1270  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
13:45:06.0305 0x1270  RasPppoe - ok
13:45:06.0336 0x1270  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
13:45:06.0383 0x1270  RasSstp - ok
13:45:06.0414 0x1270  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
13:45:06.0477 0x1270  rdbss - ok
13:45:06.0492 0x1270  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
13:45:06.0524 0x1270  rdpbus - ok
13:45:06.0539 0x1270  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
13:45:06.0586 0x1270  RDPDR - ok
13:45:06.0602 0x1270  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
13:45:06.0633 0x1270  RdpVideoMiniport - ok
13:45:06.0649 0x1270  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
13:45:06.0695 0x1270  RDPWD - ok
13:45:06.0711 0x1270  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
13:45:06.0758 0x1270  rdyboost - ok
13:45:06.0774 0x1270  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\windows\System32\mprdim.dll
13:45:06.0836 0x1270  RemoteAccess - ok
13:45:06.0867 0x1270  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\windows\system32\regsvc.dll
13:45:06.0946 0x1270  RemoteRegistry - ok
13:45:06.0961 0x1270  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\windows\System32\drivers\rfcomm.sys
13:45:07.0008 0x1270  RFCOMM - ok
13:45:07.0024 0x1270  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
13:45:07.0055 0x1270  RpcEptMapper - ok
13:45:07.0071 0x1270  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\windows\system32\locator.exe
13:45:07.0102 0x1270  RpcLocator - ok
13:45:07.0180 0x1270  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\windows\system32\rpcss.dll
13:45:07.0305 0x1270  RpcSs - ok
13:45:07.0446 0x1270  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
13:45:07.0508 0x1270  rspndr - ok
13:45:07.0571 0x1270  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\windows\System32\Drivers\RtsUVStor.sys
13:45:07.0617 0x1270  RSUSBVSTOR - ok
13:45:07.0696 0x1270  [ 959849F688E57B50636D01BD3192DA19, 5AFFB63DA57BD524EE0A84FF99432ADE8446B96F6BA651DC3CB2E2413DE2F105 ] RtkBtFilter     C:\windows\system32\DRIVERS\RtkBtfilter.sys
13:45:07.0758 0x1270  RtkBtFilter - ok
13:45:07.0899 0x1270  [ 4B5F13740C15BA2499ADA8B245C0840A, CEB0295FBB9F880246D14733278CF051BFB00803913CB08ABBF78B398EFD7247 ] RtlWlanu        C:\windows\system32\DRIVERS\rtwlanu.sys
13:45:08.0039 0x1270  RtlWlanu - ok
13:45:08.0055 0x1270  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
13:45:08.0086 0x1270  s3cap - ok
13:45:08.0102 0x1270  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\windows\system32\lsass.exe
13:45:08.0133 0x1270  SamSs - ok
13:45:08.0149 0x1270  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
13:45:08.0180 0x1270  sbp2port - ok
13:45:08.0211 0x1270  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\windows\System32\SCardSvr.dll
13:45:08.0258 0x1270  SCardSvr - ok
13:45:08.0274 0x1270  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
13:45:08.0321 0x1270  scfilter - ok
13:45:08.0399 0x1270  [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule        C:\windows\system32\schedsvc.dll
13:45:08.0524 0x1270  Schedule - ok
13:45:08.0539 0x1270  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\windows\System32\certprop.dll
13:45:08.0602 0x1270  SCPolicySvc - ok
13:45:08.0617 0x1270  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\windows\System32\drivers\sdbus.sys
13:45:08.0680 0x1270  sdbus - ok
13:45:08.0711 0x1270  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\windows\System32\SDRSVC.dll
13:45:08.0758 0x1270  SDRSVC - ok
13:45:09.0055 0x1270  [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
13:45:09.0321 0x1270  SDScannerService - ok
13:45:09.0352 0x1270  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\windows\System32\drivers\sdstor.sys
13:45:09.0368 0x1270  sdstor - ok
13:45:09.0446 0x1270  [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:45:09.0555 0x1270  SDUpdateService - ok
13:45:09.0571 0x1270  [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
13:45:09.0602 0x1270  SDWSCService - ok
13:45:09.0618 0x1270  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
13:45:09.0649 0x1270  secdrv - ok
13:45:09.0664 0x1270  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\windows\system32\seclogon.dll
13:45:09.0711 0x1270  seclogon - ok
13:45:09.0727 0x1270  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\windows\System32\sens.dll
13:45:09.0789 0x1270  SENS - ok
13:45:09.0805 0x1270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] SensorsAlsDriver C:\windows\system32\DRIVERS\WUDFRd.sys
13:45:09.0852 0x1270  SensorsAlsDriver - ok
13:45:09.0868 0x1270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] SensorsHIDClassDriver C:\windows\System32\drivers\WUDFRd.sys
13:45:09.0914 0x1270  SensorsHIDClassDriver - ok
13:45:09.0946 0x1270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] SensorsServiceDriver C:\windows\system32\DRIVERS\WUDFRd.sys
13:45:10.0005 0x1270  SensorsServiceDriver - ok
13:45:10.0067 0x1270  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\windows\system32\sensrsvc.dll
13:45:10.0114 0x1270  SensrSvc - ok
13:45:10.0130 0x1270  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\windows\system32\drivers\SerCx.sys
13:45:10.0161 0x1270  SerCx - ok
13:45:10.0176 0x1270  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\windows\System32\drivers\serenum.sys
13:45:10.0208 0x1270  Serenum - ok
13:45:10.0223 0x1270  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\windows\System32\drivers\serial.sys
13:45:10.0255 0x1270  Serial - ok
13:45:10.0270 0x1270  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\windows\System32\drivers\sermouse.sys
13:45:10.0301 0x1270  sermouse - ok
13:45:10.0348 0x1270  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\windows\system32\sessenv.dll
13:45:10.0395 0x1270  SessionEnv - ok
13:45:10.0411 0x1270  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
13:45:10.0442 0x1270  sfloppy - ok
13:45:10.0489 0x1270  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\windows\System32\ipnathlp.dll
13:45:10.0551 0x1270  SharedAccess - ok
13:45:10.0614 0x1270  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:45:10.0708 0x1270  ShellHWDetection - ok
13:45:10.0723 0x1270  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
13:45:10.0755 0x1270  SiSRaid2 - ok
13:45:10.0770 0x1270  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
13:45:10.0802 0x1270  SiSRaid4 - ok
13:45:10.0817 0x1270  [ 0C66ADD5C164CE0451C24B45CFDBE102, 6F556AD25150798DFB87217FF3475CA854591849E73E90B616F42101BA6248C3 ] SmbDrvI         C:\windows\system32\DRIVERS\Smb_driver_Intel.sys
13:45:10.0833 0x1270  SmbDrvI - ok
13:45:10.0848 0x1270  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
13:45:10.0880 0x1270  SNMPTRAP - ok
13:45:10.0911 0x1270  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\windows\system32\drivers\spaceport.sys
13:45:10.0958 0x1270  spaceport - ok
13:45:10.0973 0x1270  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
13:45:11.0020 0x1270  SpbCx - ok
13:45:11.0067 0x1270  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\windows\System32\spoolsv.exe
13:45:11.0161 0x1270  Spooler - ok
13:45:11.0489 0x1270  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\windows\system32\sppsvc.exe
13:45:11.0895 0x1270  sppsvc - ok
13:45:11.0958 0x1270  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\windows\system32\DRIVERS\srv.sys
13:45:12.0005 0x1270  srv - ok
13:45:12.0083 0x1270  [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
13:45:12.0145 0x1270  srv2 - ok
13:45:12.0177 0x1270  [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
13:45:12.0208 0x1270  srvnet - ok
13:45:12.0239 0x1270  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\windows\System32\drivers\ssadbus.sys
13:45:12.0270 0x1270  ssadbus - ok
13:45:12.0286 0x1270  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys
13:45:12.0302 0x1270  ssadmdfl - ok
13:45:12.0333 0x1270  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys
13:45:12.0364 0x1270  ssadmdm - ok
13:45:12.0380 0x1270  [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd        C:\windows\system32\DRIVERS\ssadserd.sys
13:45:12.0427 0x1270  ssadserd - ok
13:45:12.0458 0x1270  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
13:45:12.0505 0x1270  SSDPSRV - ok
13:45:12.0536 0x1270  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\windows\system32\sstpsvc.dll
13:45:12.0567 0x1270  SstpSvc - ok
13:45:12.0598 0x1270  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
13:45:12.0630 0x1270  ssudmdm - ok
13:45:12.0645 0x1270  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\windows\system32\drivers\stexstor.sys
13:45:12.0661 0x1270  stexstor - ok
13:45:12.0708 0x1270  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\windows\System32\wiaservc.dll
13:45:12.0817 0x1270  stisvc - ok
13:45:12.0848 0x1270  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\windows\system32\drivers\storahci.sys
13:45:12.0880 0x1270  storahci - ok
13:45:12.0911 0x1270  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
13:45:13.0161 0x1270  storflt - ok
13:45:13.0177 0x1270  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\windows\system32\storsvc.dll
13:45:13.0223 0x1270  StorSvc - ok
13:45:13.0239 0x1270  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\windows\system32\drivers\storvsc.sys
13:45:13.0270 0x1270  storvsc - ok
13:45:13.0286 0x1270  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\windows\system32\svsvc.dll
13:45:13.0349 0x1270  svsvc - ok
13:45:13.0364 0x1270  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\windows\System32\drivers\swenum.sys
13:45:13.0411 0x1270  swenum - ok
13:45:13.0458 0x1270  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\windows\System32\swprv.dll
13:45:13.0583 0x1270  swprv - ok
13:45:13.0630 0x1270  [ 9428093A8084B2F410D0EEB8F29AF105, 254A7715139F245513DB5DD067F0F3609A7F10357D84EE3408187348B41376CE ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
13:45:13.0692 0x1270  SynTP - ok
13:45:13.0802 0x1270  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\windows\system32\sysmain.dll
13:45:13.0958 0x1270  SysMain - ok
13:45:13.0974 0x1270  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
13:45:14.0036 0x1270  SystemEventsBroker - ok
13:45:14.0036 0x1270  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
13:45:14.0083 0x1270  TabletInputService - ok
13:45:14.0130 0x1270  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\windows\System32\tapisrv.dll
13:45:14.0192 0x1270  TapiSrv - ok
13:45:14.0333 0x1270  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
13:45:14.0552 0x1270  Tcpip - ok
13:45:14.0692 0x1270  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
13:45:14.0911 0x1270  TCPIP6 - ok
13:45:14.0942 0x1270  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
13:45:14.0989 0x1270  tcpipreg - ok
13:45:15.0005 0x1270  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
13:45:15.0052 0x1270  tdx - ok
13:45:15.0067 0x1270  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\windows\System32\drivers\terminpt.sys
13:45:15.0099 0x1270  terminpt - ok
13:45:15.0145 0x1270  [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService     C:\windows\System32\termsrv.dll
13:45:15.0239 0x1270  TermService - ok
13:45:15.0255 0x1270  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\windows\system32\themeservice.dll
13:45:15.0317 0x1270  Themes - ok
13:45:15.0333 0x1270  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\windows\system32\mmcss.dll
13:45:15.0364 0x1270  THREADORDER - ok
13:45:15.0380 0x1270  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
13:45:15.0427 0x1270  TimeBroker - ok
13:45:15.0474 0x1270  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\windows\system32\drivers\tpm.sys
13:45:15.0536 0x1270  TPM - ok
13:45:15.0552 0x1270  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\windows\System32\trkwks.dll
13:45:15.0599 0x1270  TrkWks - ok
13:45:15.0614 0x1270  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:45:15.0645 0x1270  TrustedInstaller - ok
13:45:15.0661 0x1270  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
13:45:15.0692 0x1270  TsUsbFlt - ok
13:45:15.0708 0x1270  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
13:45:15.0739 0x1270  TsUsbGD - ok
13:45:15.0771 0x1270  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
13:45:15.0817 0x1270  tunnel - ok
13:45:15.0833 0x1270  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\windows\system32\drivers\uagp35.sys
13:45:15.0864 0x1270  uagp35 - ok
13:45:15.0880 0x1270  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
13:45:15.0911 0x1270  UASPStor - ok
13:45:15.0942 0x1270  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
13:45:15.0989 0x1270  UCX01000 - ok
13:45:16.0021 0x1270  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
13:45:16.0083 0x1270  udfs - ok
13:45:16.0114 0x1270  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\windows\system32\UI0Detect.exe
13:45:16.0161 0x1270  UI0Detect - ok
13:45:16.0177 0x1270  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
13:45:16.0208 0x1270  uliagpkx - ok
13:45:16.0224 0x1270  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\windows\System32\drivers\umbus.sys
13:45:16.0255 0x1270  umbus - ok
13:45:16.0255 0x1270  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\windows\System32\drivers\umpass.sys
13:45:16.0286 0x1270  UmPass - ok
13:45:16.0317 0x1270  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\windows\System32\umrdp.dll
13:45:16.0364 0x1270  UmRdpService - ok
13:45:16.0411 0x1270  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:45:16.0442 0x1270  UNS - ok
13:45:16.0489 0x1270  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\windows\System32\upnphost.dll
13:45:16.0567 0x1270  upnphost - ok
13:45:16.0583 0x1270  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\System32\Drivers\usbaapl64.sys
13:45:16.0583 0x1270  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
13:45:18.0958 0x1270  Detect skipped due to KSN trusted
13:45:18.0958 0x1270  USBAAPL64 - ok
13:45:18.0989 0x1270  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
13:45:19.0036 0x1270  usbccgp - ok
13:45:19.0052 0x1270  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\windows\System32\drivers\usbcir.sys
13:45:19.0099 0x1270  usbcir - ok
13:45:19.0114 0x1270  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\windows\System32\drivers\usbehci.sys
13:45:19.0161 0x1270  usbehci - ok
13:45:19.0208 0x1270  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\windows\System32\drivers\usbhub.sys
13:45:19.0318 0x1270  usbhub - ok
13:45:19.0349 0x1270  [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
13:45:19.0443 0x1270  USBHUB3 - ok
13:45:19.0458 0x1270  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\windows\System32\drivers\usbohci.sys
13:45:19.0489 0x1270  usbohci - ok
13:45:19.0505 0x1270  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\windows\System32\drivers\usbprint.sys
13:45:19.0536 0x1270  usbprint - ok
13:45:19.0552 0x1270  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
13:45:19.0614 0x1270  usbscan - ok
13:45:19.0630 0x1270  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
13:45:19.0661 0x1270  USBSTOR - ok
13:45:19.0693 0x1270  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
13:45:19.0708 0x1270  usbuhci - ok
13:45:19.0755 0x1270  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
13:45:19.0802 0x1270  usbvideo - ok
13:45:19.0833 0x1270  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
13:45:19.0900 0x1270  USBXHCI - ok
13:45:19.0915 0x1270  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\windows\system32\lsass.exe
13:45:19.0931 0x1270  VaultSvc - ok
13:45:19.0947 0x1270  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
13:45:19.0978 0x1270  vdrvroot - ok
13:45:20.0040 0x1270  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\windows\System32\vds.exe
13:45:20.0134 0x1270  vds - ok
13:45:20.0150 0x1270  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
13:45:20.0181 0x1270  VerifierExt - ok
13:45:20.0228 0x1270  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
13:45:20.0290 0x1270  vhdmp - ok
13:45:20.0306 0x1270  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\windows\system32\drivers\viaide.sys
13:45:20.0337 0x1270  viaide - ok
13:45:20.0415 0x1270  [ 71B51CF0B12E216D1FA8262B3B8E7DB4, E392CE09E02519AD2E31FB42ECEEDA5D252A9F3F1F9E137AA0726784EF7DFB71 ] vm332avs        C:\windows\System32\Drivers\vm332avs.sys
13:45:20.0494 0x1270  vm332avs - ok
13:45:20.0509 0x1270  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\windows\system32\drivers\vmbus.sys
13:45:20.0556 0x1270  vmbus - ok
13:45:20.0556 0x1270  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
13:45:20.0587 0x1270  VMBusHID - ok
13:45:20.0619 0x1270  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\windows\System32\ICSvc.dll
13:45:20.0665 0x1270  vmicheartbeat - ok
13:45:20.0697 0x1270  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
13:45:20.0744 0x1270  vmickvpexchange - ok
13:45:20.0775 0x1270  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\windows\System32\ICSvc.dll
13:45:20.0822 0x1270  vmicrdv - ok
13:45:20.0837 0x1270  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\windows\System32\ICSvc.dll
13:45:20.0884 0x1270  vmicshutdown - ok
13:45:20.0931 0x1270  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\windows\System32\ICSvc.dll
13:45:20.0994 0x1270  vmictimesync - ok
13:45:21.0009 0x1270  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\windows\System32\ICSvc.dll
13:45:21.0072 0x1270  vmicvss - ok
13:45:21.0087 0x1270  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\windows\system32\drivers\volmgr.sys
13:45:21.0119 0x1270  volmgr - ok
13:45:21.0150 0x1270  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
13:45:21.0212 0x1270  volmgrx - ok
13:45:21.0244 0x1270  [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap         C:\windows\system32\drivers\volsnap.sys
13:45:21.0306 0x1270  volsnap - ok
13:45:21.0322 0x1270  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\windows\System32\drivers\vpci.sys
13:45:21.0353 0x1270  vpci - ok
13:45:21.0369 0x1270  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
13:45:21.0400 0x1270  vsmraid - ok
13:45:21.0509 0x1270  [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS             C:\windows\system32\vssvc.exe
13:45:21.0650 0x1270  VSS - ok
13:45:21.0697 0x1270  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
13:45:21.0759 0x1270  VSTXRAID - ok
13:45:21.0790 0x1270  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
13:45:21.0822 0x1270  vwifibus - ok
13:45:21.0837 0x1270  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
13:45:21.0896 0x1270  vwififlt - ok
13:45:21.0900 0x1270  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
13:45:21.0947 0x1270  vwifimp - ok
13:45:21.0994 0x1270  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\windows\system32\w32time.dll
13:45:22.0072 0x1270  W32Time - ok
13:45:22.0103 0x1270  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\windows\System32\drivers\wacompen.sys
13:45:22.0135 0x1270  WacomPen - ok
13:45:22.0166 0x1270  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
13:45:22.0197 0x1270  Wanarp - ok
13:45:22.0213 0x1270  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
13:45:22.0260 0x1270  Wanarpv6 - ok
13:45:22.0463 0x1270  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\windows\system32\wbengine.exe
13:45:22.0650 0x1270  wbengine - ok
13:45:22.0916 0x1270  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
13:45:22.0994 0x1270  WbioSrvc - ok
13:45:23.0072 0x1270  [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc          C:\windows\System32\wcmsvc.dll
13:45:23.0135 0x1270  Wcmsvc - ok
13:45:23.0213 0x1270  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\windows\System32\wcncsvc.dll
13:45:23.0291 0x1270  wcncsvc - ok
13:45:23.0307 0x1270  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:45:23.0353 0x1270  WcsPlugInService - ok
13:45:23.0369 0x1270  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\windows\system32\drivers\wd.sys
13:45:23.0400 0x1270  Wd - ok
13:45:23.0432 0x1270  [ B7FD627AAE8E95848BFEC437C923A87E, 26188FC7E86AD9B92FB732DD3EC5E8EAB18EB52B21E854B27798EC08C49167D8 ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
13:45:23.0463 0x1270  WdBoot - ok
13:45:23.0557 0x1270  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
13:45:23.0666 0x1270  Wdf01000 - ok
13:45:23.0978 0x1270  [ FAC362ED29713A535C6E2EEFFA5B4733, C4AF6C5A74389F9F51668433D4478806016C4913CB241F77513601803D532EC0 ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
13:45:24.0041 0x1270  WdFilter - ok
13:45:24.0072 0x1270  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\windows\system32\wdi.dll
13:45:24.0166 0x1270  WdiServiceHost - ok
13:45:24.0197 0x1270  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\windows\system32\wdi.dll
13:45:24.0260 0x1270  WdiSystemHost - ok
13:45:24.0307 0x1270  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\windows\System32\webclnt.dll
13:45:24.0369 0x1270  WebClient - ok
13:45:24.0416 0x1270  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\windows\system32\wecsvc.dll
13:45:24.0479 0x1270  Wecsvc - ok
13:45:24.0541 0x1270  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\windows\System32\wercplsupport.dll
13:45:24.0807 0x1270  wercplsupport - ok
13:45:24.0838 0x1270  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\windows\System32\WerSvc.dll
13:45:24.0947 0x1270  WerSvc - ok
13:45:24.0963 0x1270  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
13:45:25.0010 0x1270  WFPLWFS - ok
13:45:25.0041 0x1270  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\windows\System32\wiarpc.dll
13:45:25.0197 0x1270  WiaRpc - ok
13:45:25.0307 0x1270  [ EE217ED6553D06E1C826313A5604DE99, F56346CE7913E55B1C2465F22CECD539B307C023AD00C695313FDA96A73724D7 ] wifimansvc      C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe
13:45:25.0385 0x1270  wifimansvc - detected UnsignedFile.Multi.Generic ( 1 )
13:45:28.0592 0x1270  wifimansvc ( UnsignedFile.Multi.Generic ) - warning
13:45:31.0217 0x1270  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
13:45:31.0249 0x1270  WIMMount - ok
13:45:31.0264 0x1270  WinDefend - ok
13:45:31.0342 0x1270  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
13:45:31.0452 0x1270  WinHttpAutoProxySvc - ok
13:45:31.0483 0x1270  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
13:45:31.0545 0x1270  Winmgmt - ok
13:45:31.0764 0x1270  [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM           C:\windows\system32\WsmSvc.dll
13:45:32.0045 0x1270  WinRM - ok
13:45:32.0077 0x1270  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
13:45:32.0139 0x1270  WinUsb - ok
13:45:32.0249 0x1270  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\windows\System32\wlansvc.dll
13:45:32.0389 0x1270  WlanSvc - ok
13:45:32.0545 0x1270  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\windows\system32\wlidsvc.dll
13:45:32.0717 0x1270  wlidsvc - ok
13:45:32.0733 0x1270  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
13:45:32.0764 0x1270  WmiAcpi - ok
13:45:32.0795 0x1270  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
13:45:32.0842 0x1270  wmiApSrv - ok
13:45:32.0858 0x1270  WMPNetworkSvc - ok
13:45:32.0874 0x1270  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
13:45:32.0905 0x1270  wpcfltr - ok
13:45:32.0920 0x1270  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\windows\System32\wpcsvc.dll
13:45:32.0952 0x1270  WPCSvc - ok
13:45:32.0967 0x1270  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
13:45:32.0999 0x1270  WPDBusEnum - ok
13:45:33.0014 0x1270  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
13:45:33.0046 0x1270  WpdUpFltr - ok
13:45:33.0061 0x1270  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
13:45:33.0092 0x1270  ws2ifsl - ok
13:45:33.0108 0x1270  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\windows\System32\wscsvc.dll
13:45:33.0155 0x1270  wscsvc - ok
13:45:33.0171 0x1270  WSearch - ok
13:45:33.0327 0x1270  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\windows\System32\WSService.dll
13:45:33.0577 0x1270  WSService - ok
13:45:33.0608 0x1270  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
13:45:33.0639 0x1270  wsvd - ok
13:45:33.0842 0x1270  [ 10EA2DBD2820A504D98D19F5EDAAFC04, 5B84D7C169CBAEBCE4A03BB89426E74DBF5AFCA1F8FDE2A5BC1006A8464D7E24 ] wuauserv        C:\windows\system32\wuaueng.dll
13:45:34.0124 0x1270  wuauserv - ok
13:45:34.0139 0x1270  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
13:45:34.0171 0x1270  WudfPf - ok
13:45:34.0186 0x1270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
13:45:34.0233 0x1270  WUDFRd - ok
13:45:34.0249 0x1270  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
13:45:34.0296 0x1270  wudfsvc - ok
13:45:34.0311 0x1270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\windows\system32\DRIVERS\WUDFRd.sys
13:45:34.0358 0x1270  WUDFWpdFs - ok
13:45:34.0374 0x1270  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\windows\system32\DRIVERS\WUDFRd.sys
13:45:34.0421 0x1270  WUDFWpdMtp - ok
13:45:34.0452 0x1270  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\windows\System32\wwansvc.dll
13:45:34.0514 0x1270  WwanSvc - ok
13:45:34.0530 0x1270  [ A591BF115F9BEEA650FD440DDF2F9508, 006B349929389603E1D54FCD968D38629AB6877E70E9EEC750FEBFE2957B4D56 ] ymc             C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
13:45:34.0546 0x1270  ymc - ok
13:45:34.0608 0x1270  ================ Scan global ===============================
13:45:34.0624 0x1270  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
13:45:34.0655 0x1270  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
13:45:34.0686 0x1270  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
13:45:34.0717 0x1270  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\windows\system32\services.exe
13:45:34.0749 0x1270  [ Global ] - ok
13:45:34.0749 0x1270  ================ Scan MBR ==================================
13:45:34.0749 0x1270  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:45:34.0827 0x1270  \Device\Harddisk0\DR0 - ok
13:45:34.0827 0x1270  ================ Scan VBR ==================================
13:45:34.0827 0x1270  [ D7876C190DD64B3D675FB75A375BCA7F ] \Device\Harddisk0\DR0\Partition1
13:45:34.0827 0x1270  \Device\Harddisk0\DR0\Partition1 - ok
13:45:34.0842 0x1270  [ 3D3EA5F2D75C3F682A4A9A0DF84B6AC5 ] \Device\Harddisk0\DR0\Partition2
13:45:34.0842 0x1270  \Device\Harddisk0\DR0\Partition2 - ok
13:45:34.0858 0x1270  [ 5DAB1FE403F969F41D1D7115BC36DA0F ] \Device\Harddisk0\DR0\Partition3
13:45:34.0858 0x1270  \Device\Harddisk0\DR0\Partition3 - ok
13:45:34.0874 0x1270  [ E895C464B4EF9C7842048E234F5FAB22 ] \Device\Harddisk0\DR0\Partition4
13:45:34.0874 0x1270  \Device\Harddisk0\DR0\Partition4 - ok
13:45:34.0874 0x1270  [ 6AD78685C737A4F4CEDB0CB1D1C6BA6B ] \Device\Harddisk0\DR0\Partition5
13:45:34.0874 0x1270  \Device\Harddisk0\DR0\Partition5 - ok
13:45:34.0889 0x1270  [ 3588ACC04A7286997F27BA09C2E4608D ] \Device\Harddisk0\DR0\Partition6
13:45:34.0889 0x1270  \Device\Harddisk0\DR0\Partition6 - ok
13:45:34.0889 0x1270  [ 49E118466CFDF99E30BAACD7B53763BF ] \Device\Harddisk0\DR0\Partition7
13:45:34.0905 0x1270  \Device\Harddisk0\DR0\Partition7 - ok
13:45:34.0905 0x1270  ================ Scan generic autorun ======================
13:45:34.0967 0x1270  [ 9AE79CD9E6C8DE6ED0EBC0E11937889E, 3297D51B00FCF5621D3C50C3E03AB2764F66898D663426E8B8738A6031BF1DF7 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
13:45:35.0061 0x1270  cAudioFilterAgent - ok
13:45:35.0077 0x1270  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
13:45:35.0092 0x1270  ForteConfig - ok
13:45:35.0202 0x1270  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
13:45:35.0343 0x1270  SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
13:45:38.0132 0x1270  Detect skipped due to KSN trusted
13:45:38.0132 0x1270  SmartAudio - ok
13:45:38.0148 0x1270  [ 247C63697DAA7D49AD75F598AC9B4C91, 37548A05E61B8F2596633F1987606A1C140BC6650ABCCD5CB613BE6F4BE70E23 ] C:\windows\system32\DptfPolicyLpmServiceHelper.exe
13:45:38.0164 0x1270  DptfPolicyLpmServiceHelper - ok
13:45:38.0195 0x1270  [ 6C8E6190E347D37F38DB624B7D57D7A7, CB6641B2681012EF347A38A57F908D359A5AE327176857BA17CD0BC3373CA8E0 ] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
13:45:38.0242 0x1270  BtServer - detected UnsignedFile.Multi.Generic ( 1 )
13:45:40.0601 0x1270  Detect skipped due to KSN trusted
13:45:40.0601 0x1270  BtServer - ok
13:45:40.0617 0x1270  SynLenovoGestureMgr - ok
13:45:40.0632 0x1270  [ BE7C6164C3343917AC16AC17A641DC6A, 3489DDC6A3F3155466D88B5729F188947FD24782C22CB77056DEFC10E4D0C1A6 ] C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
13:45:40.0664 0x1270  Lenovo Transition - ok
13:45:40.0679 0x1270  [ 11E0D8B385AEC673E4DCC84C8B6E4023, D2E499A24EFF556BD07C49ED4BCD11A7FDBE32924DE21BE7D20BCD7E948C1D72 ] C:\ProgramData\YogaSmartSwicth\yogaserver.exe
13:45:40.0711 0x1270  yogaserver - ok
13:45:41.0898 0x1270  [ DF99547E3CD8C828202546ED9C4D7D25, 83013EEE760004E812CD63662843D1F3972AFBF83B4739935FC746F470FA7188 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
13:45:43.0054 0x1270  Energy Management - ok
13:45:43.0133 0x1270  [ D41309D7717CC5D62C2E0C5EB6B127B3, 50F46F762320C9B2560AA356B31EB564651F92BDA2DBCE34E3E349A65E347FAC ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
13:45:43.0148 0x1270  EnergyUtility - ok
13:45:43.0195 0x1270  [ BE49AF92F13030E188DBE8E2841D173A, AFC312A888F63D34E4F4E27A3FF50D5569BCAF0DD061671CC661E778FEC02EEB ] C:\windows\system32\igfxtray.exe
13:45:43.0226 0x1270  IgfxTray - ok
13:45:43.0289 0x1270  [ 664FF61BE83FCACBF67A8D307011ADF5, B5270D13A355002336D25C092C042CA8E36795D23EB81134418BB2A8ABFBDF66 ] C:\windows\system32\hkcmd.exe
13:45:43.0336 0x1270  HotKeysCmds - ok
13:45:43.0367 0x1270  [ 899D435E1C190C204E349CE0E483098B, FC6E84D7A382FBCBF3B2DAA4B75BD78F447359F314C1CD4424759E2EC97FD2DE ] C:\windows\system32\igfxpers.exe
13:45:43.0414 0x1270  Persistence - ok
13:45:43.0461 0x1270  [ 85E16273E411977E2EF7192B898F0C2B, 5F55BFE0FC43FB1B011DD45EB2667E1B9371D9C870BCA3AB9C179E1B976E4DD8 ] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
13:45:43.0523 0x1270  332BigDog - ok
13:45:43.0570 0x1270  [ 50D1476C84446135A990F4939DC2DC1D, D062F92863E32EC075BD672F3C185CE8C9329F8B679D5508C396131B1DB30EF7 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
13:45:43.0617 0x1270  Dolby Home Theater v4 - ok
13:45:43.0648 0x1270  [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
13:45:43.0664 0x1270  Intel AppUp(SM) center - ok
13:45:43.0695 0x1270  [ C2513AEB3F326B8811E2A37C9A7F930B, E3D9C0BB1A31367E7E3E0ED71F04068DF09F57CA293293B24D841331A1F9ADCB ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
13:45:43.0726 0x1270  YouCam Tray - ok
13:45:43.0742 0x1270  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
13:45:43.0773 0x1270  GrooveMonitor - ok
13:45:43.0836 0x1270  [ 955B8DBC8ED160058902C0244F60139E, 26349A2E1080CFD20238A3DB6DB3D25325AE941C35AF1037692FEA796709C528 ] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
13:45:43.0898 0x1270  mobilegeni daemon - ok
13:45:44.0383 0x1270  [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
13:45:44.0789 0x1270  SDTray - ok
13:45:44.0805 0x1270  QuickTime Task - ok
13:45:45.0031 0x1270  [ 771293BC7EACB6FB7A78F8B7A954F019, DF06F0D0C8E38F17AD155CAB009A5A2969E7638B88AFBC2A75450EB1239ECAB4 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
13:45:45.0297 0x1270  Spybot-S&D Cleaning - ok
13:45:45.0297 0x1270  Waiting for KSN requests completion. In queue: 16
13:45:46.0313 0x1270  Waiting for KSN requests completion. In queue: 16
13:45:47.0328 0x1270  Waiting for KSN requests completion. In queue: 16
13:45:48.0360 0x1270  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x61100 ( enabled : updated )
13:45:48.0375 0x1270  Win FW state via NFP2: enabled
13:45:50.0969 0x1270  ============================================================
13:45:50.0969 0x1270  Scan finished
13:45:50.0969 0x1270  ============================================================
13:45:50.0985 0x0924  Detected object count: 1
13:45:50.0985 0x0924  Actual detected object count: 1
13:45:55.0643 0x0924  wifimansvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:45:55.0643 0x0924  wifimansvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:46:37.0324 0x0e00  Deinitialize success
 

 


#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 19 December 2014 - 12:40 AM

Please consider the following suggestion, and proceed with the instructions below. 

 

goGMWSt.gifSpybot S&D No Longer Recommended

------------------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results (scroll down and read under Freeware Antispyware Products).

I would advise uninstalling Spybot S&D. The presence of this programme can make the cleaning of your computer more difficult. You can uninstall the programme by:

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Spybot, right-click the entry and click Uninstall.
Please inform me of your decision.

 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • BlockIt Ad remover
    • GS-Supporter 1.80
    • Pando Media Booster
    • SW-Booster
    • SW-Sustainer 1.80
    • System Speedup 
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
CreateRestorePoint:
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-26] ()
C:\Program Files (x86)\Mobogenie
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {0a8bc460-30c1-11e3-bed5-2cd05a10fb35} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {40339722-5963-11e3-beef-2cd05a10fb35} - "E:\AUTORUN_BANDLUXE.EXE" /EjectCDROM
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f0689-8a42-11e2-be73-2cd05a10fb35} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f06b5-8a42-11e2-be73-2cd05a10fb35} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f0718-8a42-11e2-be73-2cd05a10fb35} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {63851795-3a0a-11e3-bede-2cd05a10fb35} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d1d7-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d201-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d23d-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfbfc-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfcb4-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfd58-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {dadf6686-a2a2-11e2-be84-001e101f0b99} - "F:\LGAutoRun.exe"
AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll [2759168 2014-12-18] ()
AppInit_DLLs:  C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-12-18] ()
C:\Program Files (x86)\GS-Enabler
C:\Program Files (x86)\SW-Booster
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => c:\Program Files (x86)\SW-Booster\Assistant.dll [4296192 2014-12-18] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\KengLing\vbvds\76469.vbs (No File)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fix...&cc=SG&unqvl=61
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {119CD317-C309-419C-9642-ACC45439850A} URL = http://websearch.ask...66-D98EFD1A3192
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL = 
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
BHO: GoSaVe -> {8f7e6959-8579-43ce-a9fb-a197faead952} -> C:\Program Files (x86)\GoSaVe\slYtCdM7ytVne7.x64.dll No File
BHO: GoSaevE -> {a2d0d05a-2688-42aa-a89b-044c5a5bc82c} -> C:\Program Files (x86)\GoSaevE\IngeI1qVcxPImW.x64.dll No File
C:\Program Files (x86)\GoSaVe
C:\Program Files (x86)\GoSaevE
BHO: No Name -> {E1F592C9-D4CB-6EE0-1289-DC7134D4D845} ->  No File
BHO-x32: GoSaVe -> {8f7e6959-8579-43ce-a9fb-a197faead952} -> C:\Program Files (x86)\GoSaVe\slYtCdM7ytVne7.dll No File
BHO-x32: GoSaevE -> {a2d0d05a-2688-42aa-a89b-044c5a5bc82c} -> C:\Program Files (x86)\GoSaevE\IngeI1qVcxPImW.dll No File
Toolbar: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\KengLing\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
C:\Program Files (x86)\Pando Networks
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha268.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta10446.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\VideoPlayerV3
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (50Coupons) - C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn\ [2014-12-19]
C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn
R2 D0E87C27; c:\Program Files (x86)\SW-Booster\AssistantSvc.dll [174928 2014-12-18] () [File not signed]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]
2014-12-18 16:16 - 2014-12-18 16:16 - 00001041 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-12-18 16:15 - 2014-12-18 16:15 - 00003036 _____ () C:\windows\System32\Tasks\System Speedup_UPDATES
2014-12-18 16:15 - 2014-12-18 16:15 - 00002734 _____ () C:\windows\System32\Tasks\SW-Booster-S-792098896
2014-12-18 16:15 - 2014-12-18 16:15 - 00000496 _____ () C:\windows\Tasks\SW-Booster-S-792098896.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000312 _____ () C:\windows\Tasks\System Speedup_UPDATES.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000304 _____ () C:\windows\Tasks\System Speedup_DEFAULT.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-12-18 16:14 - 2014-12-18 16:15 - 00000000 ____D () C:\Users\KengLing\AppData\Local\SwvUpdater
2014-12-18 16:14 - 2014-12-18 16:14 - 00002880 _____ () C:\windows\System32\Tasks\System Speedup_DEFAULT
2014-12-18 16:13 - 2014-12-18 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
2014-12-18 16:13 - 2014-12-18 16:16 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-12-18 16:13 - 2014-12-18 16:13 - 00000944 ____H () C:\Users\KengLing\funshion.ini
2014-12-18 16:13 - 2014-12-18 16:13 - 00000000 ____D () C:\ProgramData\GoSaevE
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Lucifer.dll (Funshion)
ShellIconOverlayIdentifiers-x32: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Users\KengLing\AppData\Local\Giraffe\FunSambar.dll (Funshion)
C:\Users\Public\Fundata
2014-12-15 13:12 - 2014-12-15 13:12 - 00001144 _____ () C:\Users\KengLing\Desktop\Live PC Help.lnk
2014-12-15 12:48 - 2014-12-18 16:15 - 00000000 ____D () C:\ProgramData\BlockIt Ad remover
2014-12-10 23:03 - 2014-12-10 23:03 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\ASP
2014-12-09 02:09 - 2014-12-09 02:09 - 00000000 ____D () C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn
2014-11-26 09:35 - 2014-12-18 16:15 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\FunTV
Folder: C:\Users\KengLing\AppData\Roaming\Zoo
2014-12-18 16:15 - 2014-09-26 10:18 - 00000000 ____D () C:\ProgramData\Mini - Adblocker
2014-12-18 16:15 - 2014-07-28 02:00 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Funshion
2014-12-18 16:15 - 2014-07-04 02:05 - 00000000 ___HD () C:\Users\Public\FunAcce
2014-12-18 16:15 - 2014-01-04 17:50 - 00000000 ____D () C:\Users\KengLing\AppData\Local\genienext
2014-12-18 16:15 - 2013-11-14 11:27 - 00000000 ____D () C:\ProgramData\mcache
2014-12-18 16:13 - 2014-10-24 22:40 - 00000000 ____D () C:\ProgramData\Yellow AdBlocker
2014-12-15 15:01 - 2014-05-10 23:20 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\System Speedup
2014-12-15 13:12 - 2014-05-10 23:21 - 00000000 ____D () C:\ProgramData\Systweak
2014-12-15 13:12 - 2014-05-10 23:20 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\systweak
2014-12-14 21:36 - 2014-05-10 23:20 - 00003132 _____ () C:\windows\System32\Tasks\System Speedup
2014-12-09 02:12 - 2014-01-05 17:42 - 00000000 ____D () C:\ProgramData\365559d05cf6c3a4
2014-12-06 21:39 - 2014-07-15 21:06 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Giraffe
Folder: C:\Users\KengLing\AppData\Roaming\iy
C:\Users\KengLing\AppData\Local\Temp\089709F389a.exe
C:\Users\KengLing\AppData\Local\Temp\0f049aE2.exe
C:\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe
C:\Users\KengLing\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\KengLing\AppData\Local\Temp\drvprosetup.exe
C:\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe
C:\Users\KengLing\AppData\Local\Temp\kwuninsthelper.exe
C:\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\KengLing\AppData\Local\Temp\optprosetup.exe
C:\Users\KengLing\AppData\Local\Temp\ResetDevice.exe
C:\Users\KengLing\AppData\Local\Temp\Tmp1400843114_Greenil.dll
C:\Users\KengLing\AppData\Local\Temp\Tmp1406484046_Greenil.dll
C:\Users\KengLing\AppData\Local\Temp\Tmp1416965757_greenil.dll
Task: {33674A10-3841-41A7-B6BA-BF920AC1AF7E} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
C:\Program Files (x86)\RegClean Pro
Task: {70CEBE38-B50B-4260-8E6E-12960BDD3433} - \KwRunAsStdUser Task1622 No Task File <==== ATTENTION
Task: {B02BB574-F3D1-404D-A72D-86D8027F4CDE} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2014-12-18] (System Speedup)
Task: {CA900987-F717-4571-87AF-51A37B2EA578} - \KwRunAsStdUser Task21221 No Task File <==== ATTENTION
Task: {F153D15D-BF67-4DC8-91FC-82F3A6F4778A} - \KwRunAsStdUser Task21012 No Task File <==== ATTENTION
Task: C:\windows\Tasks\SW-Booster-S-792098896.job => c:\programdata\trusted publisher\sw-booster\SW-Booster.exe <==== ATTENTION
Task: C:\windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
C:\Program Files (x86)\System Speedup
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
EtQetiM.png Uninstall/Reinstall Chrome

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
     

STEP 4
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 5
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8) | link (W7) | link (Vista).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you uninstall Spybot?
  • Did the programmes uninstall OK?
  • Fixlog.txt
  • Did Chrome uninstall/reinstall OK?
  • AdwCleaner[S0].txt
  • JRT.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#5 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 19 December 2014 - 07:53 AM

Spybot uninstalled . 

Programmes uninstalled ok . 

Chrome uninstall and reinstalled ok 

 

3 Log files are below . 

 

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by KengLing at 2014-12-19 21:13:45 Run:1
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-26] ()
C:\Program Files (x86)\Mobogenie
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {0a8bc460-30c1-11e3-bed5-2cd05a10fb35} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {40339722-5963-11e3-beef-2cd05a10fb35} - "E:\AUTORUN_BANDLUXE.EXE" /EjectCDROM
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f0689-8a42-11e2-be73-2cd05a10fb35} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f06b5-8a42-11e2-be73-2cd05a10fb35} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {577f0718-8a42-11e2-be73-2cd05a10fb35} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {63851795-3a0a-11e3-bede-2cd05a10fb35} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d1d7-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d201-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {9c71d23d-2f4b-11e3-bed4-001e101fabfe} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfbfc-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfcb4-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {ab3cfd58-2c87-11e3-bed2-001e101f54a1} - "E:\AutoRun.exe"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\MountPoints2: {dadf6686-a2a2-11e2-be84-001e101f0b99} - "F:\LGAutoRun.exe"
AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll [2759168 2014-12-18] ()
AppInit_DLLs:  C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll [4210176 2014-12-18] ()
C:\Program Files (x86)\GS-Enabler
C:\Program Files (x86)\SW-Booster
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => c:\Program Files (x86)\SW-Booster\Assistant.dll [4296192 2014-12-18] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\KengLing\vbvds\76469.vbs (No File)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fix...&cc=SG&unqvl=61
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {119CD317-C309-419C-9642-ACC45439850A} URL = http://websearch.ask...66-D98EFD1A3192
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL = 
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fix...&cc=SG&unqvl=61
BHO: GoSaVe -> {8f7e6959-8579-43ce-a9fb-a197faead952} -> C:\Program Files (x86)\GoSaVe\slYtCdM7ytVne7.x64.dll No File
BHO: GoSaevE -> {a2d0d05a-2688-42aa-a89b-044c5a5bc82c} -> C:\Program Files (x86)\GoSaevE\IngeI1qVcxPImW.x64.dll No File
C:\Program Files (x86)\GoSaVe
C:\Program Files (x86)\GoSaevE
BHO: No Name -> {E1F592C9-D4CB-6EE0-1289-DC7134D4D845} ->  No File
BHO-x32: GoSaVe -> {8f7e6959-8579-43ce-a9fb-a197faead952} -> C:\Program Files (x86)\GoSaVe\slYtCdM7ytVne7.dll No File
BHO-x32: GoSaevE -> {a2d0d05a-2688-42aa-a89b-044c5a5bc82c} -> C:\Program Files (x86)\GoSaevE\IngeI1qVcxPImW.dll No File
Toolbar: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\KengLing\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
C:\Program Files (x86)\Pando Networks
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha268.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta10446.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\VideoPlayerV3
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (No Name) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (50Coupons) - C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn\ [2014-12-19]
C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn
R2 D0E87C27; c:\Program Files (x86)\SW-Booster\AssistantSvc.dll [174928 2014-12-18] () [File not signed]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]
2014-12-18 16:16 - 2014-12-18 16:16 - 00001041 _____ () C:\Users\Public\Desktop\System Speedup.lnk
2014-12-18 16:15 - 2014-12-18 16:15 - 00003036 _____ () C:\windows\System32\Tasks\System Speedup_UPDATES
2014-12-18 16:15 - 2014-12-18 16:15 - 00002734 _____ () C:\windows\System32\Tasks\SW-Booster-S-792098896
2014-12-18 16:15 - 2014-12-18 16:15 - 00000496 _____ () C:\windows\Tasks\SW-Booster-S-792098896.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000312 _____ () C:\windows\Tasks\System Speedup_UPDATES.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000304 _____ () C:\windows\Tasks\System Speedup_DEFAULT.job
2014-12-18 16:15 - 2014-12-18 16:15 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-12-18 16:14 - 2014-12-18 16:15 - 00000000 ____D () C:\Users\KengLing\AppData\Local\SwvUpdater
2014-12-18 16:14 - 2014-12-18 16:14 - 00002880 _____ () C:\windows\System32\Tasks\System Speedup_DEFAULT
2014-12-18 16:13 - 2014-12-18 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
2014-12-18 16:13 - 2014-12-18 16:16 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-12-18 16:13 - 2014-12-18 16:13 - 00000944 ____H () C:\Users\KengLing\funshion.ini
2014-12-18 16:13 - 2014-12-18 16:13 - 00000000 ____D () C:\ProgramData\GoSaevE
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Lucifer.dll (Funshion)
ShellIconOverlayIdentifiers-x32: [GiraffeOverlay] -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Users\KengLing\AppData\Local\Giraffe\FunSambar.dll (Funshion)
C:\Users\Public\Fundata
2014-12-15 13:12 - 2014-12-15 13:12 - 00001144 _____ () C:\Users\KengLing\Desktop\Live PC Help.lnk
2014-12-15 12:48 - 2014-12-18 16:15 - 00000000 ____D () C:\ProgramData\BlockIt Ad remover
2014-12-10 23:03 - 2014-12-10 23:03 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\ASP
2014-12-09 02:09 - 2014-12-09 02:09 - 00000000 ____D () C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn
2014-11-26 09:35 - 2014-12-18 16:15 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\FunTV
Folder: C:\Users\KengLing\AppData\Roaming\Zoo
2014-12-18 16:15 - 2014-09-26 10:18 - 00000000 ____D () C:\ProgramData\Mini - Adblocker
2014-12-18 16:15 - 2014-07-28 02:00 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Funshion
2014-12-18 16:15 - 2014-07-04 02:05 - 00000000 ___HD () C:\Users\Public\FunAcce
2014-12-18 16:15 - 2014-01-04 17:50 - 00000000 ____D () C:\Users\KengLing\AppData\Local\genienext
2014-12-18 16:15 - 2013-11-14 11:27 - 00000000 ____D () C:\ProgramData\mcache
2014-12-18 16:13 - 2014-10-24 22:40 - 00000000 ____D () C:\ProgramData\Yellow AdBlocker
2014-12-15 15:01 - 2014-05-10 23:20 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\System Speedup
2014-12-15 13:12 - 2014-05-10 23:21 - 00000000 ____D () C:\ProgramData\Systweak
2014-12-15 13:12 - 2014-05-10 23:20 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\systweak
2014-12-14 21:36 - 2014-05-10 23:20 - 00003132 _____ () C:\windows\System32\Tasks\System Speedup
2014-12-09 02:12 - 2014-01-05 17:42 - 00000000 ____D () C:\ProgramData\365559d05cf6c3a4
2014-12-06 21:39 - 2014-07-15 21:06 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Giraffe
Folder: C:\Users\KengLing\AppData\Roaming\iy
C:\Users\KengLing\AppData\Local\Temp\089709F389a.exe
C:\Users\KengLing\AppData\Local\Temp\0f049aE2.exe
C:\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe
C:\Users\KengLing\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\KengLing\AppData\Local\Temp\drvprosetup.exe
C:\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe
C:\Users\KengLing\AppData\Local\Temp\kwuninsthelper.exe
C:\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\KengLing\AppData\Local\Temp\optprosetup.exe
C:\Users\KengLing\AppData\Local\Temp\ResetDevice.exe
C:\Users\KengLing\AppData\Local\Temp\Tmp1400843114_Greenil.dll
C:\Users\KengLing\AppData\Local\Temp\Tmp1406484046_Greenil.dll
C:\Users\KengLing\AppData\Local\Temp\Tmp1416965757_greenil.dll
Task: {33674A10-3841-41A7-B6BA-BF920AC1AF7E} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
C:\Program Files (x86)\RegClean Pro
Task: {70CEBE38-B50B-4260-8E6E-12960BDD3433} - \KwRunAsStdUser Task1622 No Task File <==== ATTENTION
Task: {B02BB574-F3D1-404D-A72D-86D8027F4CDE} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2014-12-18] (System Speedup)
Task: {CA900987-F717-4571-87AF-51A37B2EA578} - \KwRunAsStdUser Task21221 No Task File <==== ATTENTION
Task: {F153D15D-BF67-4DC8-91FC-82F3A6F4778A} - \KwRunAsStdUser Task21012 No Task File <==== ATTENTION
Task: C:\windows\Tasks\SW-Booster-S-792098896.job => c:\programdata\trusted publisher\sw-booster\SW-Booster.exe <==== ATTENTION
Task: C:\windows\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\windows\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
C:\Program Files (x86)\System Speedup
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
EmptyTemp:
end
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
C:\Program Files (x86)\Mobogenie => Moved successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a8bc460-30c1-11e3-bed5-2cd05a10fb35}" => Key deleted successfully.
"HKCR\CLSID\{0a8bc460-30c1-11e3-bed5-2cd05a10fb35}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40339722-5963-11e3-beef-2cd05a10fb35}" => Key deleted successfully.
"HKCR\CLSID\{40339722-5963-11e3-beef-2cd05a10fb35}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577f0689-8a42-11e2-be73-2cd05a10fb35}" => Key deleted successfully.
"HKCR\CLSID\{577f0689-8a42-11e2-be73-2cd05a10fb35}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577f06b5-8a42-11e2-be73-2cd05a10fb35}" => Key deleted successfully.
"HKCR\CLSID\{577f06b5-8a42-11e2-be73-2cd05a10fb35}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577f0718-8a42-11e2-be73-2cd05a10fb35}" => Key deleted successfully.
"HKCR\CLSID\{577f0718-8a42-11e2-be73-2cd05a10fb35}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63851795-3a0a-11e3-bede-2cd05a10fb35}" => Key deleted successfully.
"HKCR\CLSID\{63851795-3a0a-11e3-bede-2cd05a10fb35}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c71d1d7-2f4b-11e3-bed4-001e101fabfe}" => Key deleted successfully.
"HKCR\CLSID\{9c71d1d7-2f4b-11e3-bed4-001e101fabfe}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c71d201-2f4b-11e3-bed4-001e101fabfe}" => Key deleted successfully.
"HKCR\CLSID\{9c71d201-2f4b-11e3-bed4-001e101fabfe}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c71d23d-2f4b-11e3-bed4-001e101fabfe}" => Key deleted successfully.
"HKCR\CLSID\{9c71d23d-2f4b-11e3-bed4-001e101fabfe}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3cfbfc-2c87-11e3-bed2-001e101f54a1}" => Key deleted successfully.
"HKCR\CLSID\{ab3cfbfc-2c87-11e3-bed2-001e101f54a1}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3cfcb4-2c87-11e3-bed2-001e101f54a1}" => Key deleted successfully.
"HKCR\CLSID\{ab3cfcb4-2c87-11e3-bed2-001e101f54a1}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab3cfd58-2c87-11e3-bed2-001e101f54a1}" => Key deleted successfully.
"HKCR\CLSID\{ab3cfd58-2c87-11e3-bed2-001e101f54a1}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dadf6686-a2a2-11e2-be84-001e101f0b99}" => Key deleted successfully.
"HKCR\CLSID\{dadf6686-a2a2-11e2-be84-001e101f0b99}" => Key not found.
"C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL" => Value Data removed successfully.
" C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL" => Value Data not found.
C:\Program Files (x86)\GS-Enabler => Moved successfully.
"C:\Program Files (x86)\SW-Booster" => File/Directory not found.
"c:\progra~2\sw-boo~1\assist~1.dll" => Value Data not found.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk => Moved successfully.
C:\Users\KengLing\vbvds\76469.vbs not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{119CD317-C309-419C-9642-ACC45439850A}" => Key deleted successfully.
"HKCR\CLSID\{119CD317-C309-419C-9642-ACC45439850A}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57E44609-825C-4084-B237-B3A01BC4D771}" => Key deleted successfully.
"HKCR\CLSID\{57E44609-825C-4084-B237-B3A01BC4D771}" => Key not found.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
"HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f7e6959-8579-43ce-a9fb-a197faead952}" => Key deleted successfully.
"HKCR\CLSID\{8f7e6959-8579-43ce-a9fb-a197faead952}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2d0d05a-2688-42aa-a89b-044c5a5bc82c}" => Key deleted successfully.
"HKCR\CLSID\{a2d0d05a-2688-42aa-a89b-044c5a5bc82c}" => Key deleted successfully.
"C:\Program Files (x86)\GoSaVe" => File/Directory not found.
"C:\Program Files (x86)\GoSaevE" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1F592C9-D4CB-6EE0-1289-DC7134D4D845}" => Key deleted successfully.
"HKCR\CLSID\{E1F592C9-D4CB-6EE0-1289-DC7134D4D845}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f7e6959-8579-43ce-a9fb-a197faead952}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8f7e6959-8579-43ce-a9fb-a197faead952}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2d0d05a-2688-42aa-a89b-044c5a5bc82c}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{a2d0d05a-2688-42aa-a89b-044c5a5bc82c}" => Key deleted successfully.
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@funshion.com/npFunshion" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files (x86)\Pando Networks => Moved successfully.
"HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha268.net => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta10446.net => value deleted successfully.
"C:\Program Files (x86)\MediaPlayerV1" => File/Directory not found.
"C:\Program Files (x86)\VideoPlayerV3" => File/Directory not found.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff not found.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff not found.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn\ => Moved successfully.
"C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn" => File/Directory not found.
D0E87C27 => Service not found.
AntiVirWebService => Service deleted successfully.
e81a9dc1 => Service deleted successfully.
mcbootdelaystartsvc => Service deleted successfully.
EagleX64 => Service deleted successfully.
ewusbnet => Service deleted successfully.
hwusbdev => Service deleted successfully.
hwusbfake => Service deleted successfully.
"C:\Users\Public\Desktop\System Speedup.lnk" => File/Directory not found.
C:\windows\System32\Tasks\System Speedup_UPDATES => Moved successfully.
C:\windows\System32\Tasks\SW-Booster-S-792098896 => Moved successfully.
"C:\windows\Tasks\SW-Booster-S-792098896.job" => File/Directory not found.
C:\windows\Tasks\System Speedup_UPDATES.job => Moved successfully.
C:\windows\Tasks\System Speedup_DEFAULT.job => Moved successfully.
C:\ProgramData\YoutubeAdblocker => Moved successfully.
C:\Users\KengLing\AppData\Local\SwvUpdater => Moved successfully.
C:\windows\System32\Tasks\System Speedup_DEFAULT => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup" => File/Directory not found.
"C:\Program Files (x86)\System Speedup" => File/Directory not found.
C:\Users\KengLing\funshion.ini => Moved successfully.
C:\ProgramData\GoSaevE => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => Key deleted successfully.
"HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GiraffeOverlay" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{E1D78D6A-8183-8F10-108D-8850224DC790}" => Key deleted successfully.
 
"C:\Users\Public\Fundata" directory move:
 
C:\Users\Public\Fundata\ad.log => Moved successfully.
C:\Users\Public\Fundata\baychimo.dll => Moved successfully.
C:\Users\Public\Fundata\Baychimo_UvFreqFilter.daw => Moved successfully.
C:\Users\Public\Fundata\blacklist.daw => Moved successfully.
C:\Users\Public\Fundata\bot.daw => Moved successfully.
C:\Users\Public\Fundata\ChaDaoCheng.dll => Moved successfully.
C:\Users\Public\Fundata\DangerAppInfo.dll => Moved successfully.
C:\Users\Public\Fundata\Donovan.dll => Moved successfully.
C:\Users\Public\Fundata\dragon.dll => Moved successfully.
C:\Users\Public\Fundata\Fireman.dll => Moved successfully.
C:\Users\Public\Fundata\Firemanii.dll => Moved successfully.
C:\Users\Public\Fundata\Foam.dll => Moved successfully.
C:\Users\Public\Fundata\Foamii.dll => Moved successfully.
C:\Users\Public\Fundata\Frama.dll => Moved successfully.
C:\Users\Public\Fundata\Friesian.dll => Moved successfully.
C:\Users\Public\Fundata\FsMovie.dll => Moved successfully.
C:\Users\Public\Fundata\FunBSS64.dll => Moved successfully.
C:\Users\Public\Fundata\FunDodge.dll => Moved successfully.
C:\Users\Public\Fundata\FunGecko.dll => Moved successfully.
C:\Users\Public\Fundata\FunKoala.dll => Moved successfully.
C:\Users\Public\Fundata\FunKoala64.dll => Moved successfully.
C:\Users\Public\Fundata\FunKoalaSon.dll => Moved successfully.
C:\Users\Public\Fundata\FunKoalaSon64.dll => Moved successfully.
C:\Users\Public\Fundata\FunNail.dll => Moved successfully.
C:\Users\Public\Fundata\FunNest64.dll => Moved successfully.
C:\Users\Public\Fundata\Funpap.dll => Moved successfully.
C:\Users\Public\Fundata\FunPicRep.dll => Moved successfully.
C:\Users\Public\Fundata\FunPioneer.dll => Moved successfully.
C:\Users\Public\Fundata\FunPioneer.ini => Moved successfully.
C:\Users\Public\Fundata\FunSeed64V864.dll => Moved successfully.
C:\Users\Public\Fundata\FunShadow.dll => Moved successfully.
C:\Users\Public\Fundata\FunshionSync.dll => Moved successfully.
C:\Users\Public\Fundata\FunTesting.dll => Moved successfully.
C:\Users\Public\Fundata\funworks.zip => Moved successfully.
C:\Users\Public\Fundata\FunWorks64.dll => Moved successfully.
C:\Users\Public\Fundata\FunWorksTmp.dll => Moved successfully.
C:\Users\Public\Fundata\Giraffe.dll => Moved successfully.
C:\Users\Public\Fundata\gma.dll => Moved successfully.
C:\Users\Public\Fundata\Hades.dll => Moved successfully.
C:\Users\Public\Fundata\Hippopotamus.dll => Moved successfully.
C:\Users\Public\Fundata\home.daw => Moved successfully.
C:\Users\Public\Fundata\Hunter.dll => Moved successfully.
C:\Users\Public\Fundata\InstalledAppInfo.daw => Moved successfully.
C:\Users\Public\Fundata\iosLog.txt => Moved successfully.
C:\Users\Public\Fundata\JadeHe.dll => Moved successfully.
C:\Users\Public\Fundata\LuaConfig.txt => Moved successfully.
C:\Users\Public\Fundata\LuaInterface_mt.dll => Moved successfully.
C:\Users\Public\Fundata\Lucifer.dll => Moved successfully.
C:\Users\Public\Fundata\Midnight.dll => Moved successfully.
C:\Users\Public\Fundata\Midnightii.dll => Moved successfully.
C:\Users\Public\Fundata\Mindj.dll => Moved successfully.
C:\Users\Public\Fundata\MiniPak => Moved successfully.
C:\Users\Public\Fundata\MiniPak.dll => Moved successfully.
C:\Users\Public\Fundata\MogulKahn.dll => Moved successfully.
C:\Users\Public\Fundata\NailCmd.daw => Moved successfully.
C:\Users\Public\Fundata\Railway.dll => Moved successfully.
C:\Users\Public\Fundata\Raptor.dll => Moved successfully.
C:\Users\Public\Fundata\rch.daw => Moved successfully.
C:\Users\Public\Fundata\scd.daw => Moved successfully.
C:\Users\Public\Fundata\SeedIcon.ico => Moved successfully.
C:\Users\Public\Fundata\sFighter.daw => Moved successfully.
C:\Users\Public\Fundata\sFunWorks.daw => Moved successfully.
C:\Users\Public\Fundata\Sika.dll => Moved successfully.
C:\Users\Public\Fundata\sNail.lua => Moved successfully.
C:\Users\Public\Fundata\Sniper.dll => Moved successfully.
C:\Users\Public\Fundata\sres.daw => Moved successfully.
C:\Users\Public\Fundata\ssdodge.daw => Moved successfully.
C:\Users\Public\Fundata\stg.daw => Moved successfully.
C:\Users\Public\Fundata\sua.daw => Moved successfully.
C:\Users\Public\Fundata\timeactionres.daw => Moved successfully.
C:\Users\Public\Fundata\Titanic.dll => Moved successfully.
C:\Users\Public\Fundata\touch.daw => Moved successfully.
C:\Users\Public\Fundata\Turkey.dll => Moved successfully.
C:\Users\Public\Fundata\ua_save.daw => Moved successfully.
C:\Users\Public\Fundata\Viking.dll => Moved successfully.
C:\Users\Public\Fundata\Visitor.dll => Moved successfully.
C:\Users\Public\Fundata\VisitorResult.daw => Moved successfully.
C:\Users\Public\Fundata\vvsch.daw => Moved successfully.
C:\Users\Public\Fundata\WangJingSi.dll => Moved successfully.
C:\Users\Public\Fundata\Zhongshan.dll => Moved successfully.
C:\Users\Public\Fundata\_bot.daw => Moved successfully.
Could not move "C:\Users\Public\Fundata" directory. => Scheduled to move on reboot.
 
C:\Users\KengLing\Desktop\Live PC Help.lnk => Moved successfully.
"C:\ProgramData\BlockIt Ad remover" => File/Directory not found.
C:\Users\KengLing\AppData\Roaming\ASP => Moved successfully.
"C:\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn" => File/Directory not found.
C:\Users\KengLing\AppData\Roaming\FunTV => Moved successfully.
 
========================= Folder: C:\Users\KengLing\AppData\Roaming\Zoo ========================
 
2014-11-20 13:14 - 2014-11-20 13:14 - 0102176 _____ (Google, inc) C:\Users\KengLing\AppData\Roaming\Zoo\AdbWinApi.dll
2014-11-20 13:14 - 2014-11-20 13:14 - 0066848 _____ (Google, inc) C:\Users\KengLing\AppData\Roaming\Zoo\AdbWinUsbApi.dll
2014-11-20 13:14 - 2014-11-20 13:14 - 0416864 _____ () C:\Users\KengLing\AppData\Roaming\Zoo\fsadb.exe
2014-11-20 13:14 - 2014-11-20 13:14 - 0039001 _____ () C:\Users\KengLing\AppData\Roaming\Zoo\LaunchThirdPartyApp.apk
2014-12-18 16:34 - 2014-12-18 16:34 - 0509264 _____ (Funshion) C:\Users\KengLing\AppData\Roaming\Zoo\Lion.dll
2014-11-20 13:14 - 2014-11-20 13:14 - 0702288 _____ (北京风行在线技术有限公司) C:\Users\KengLing\AppData\Roaming\Zoo\Tiger.dll
 
====== End of Folder: ======
 
C:\ProgramData\Mini - Adblocker => Moved successfully.
C:\Users\KengLing\AppData\Roaming\Funshion => Moved successfully.
C:\Users\Public\FunAcce => Moved successfully.
C:\Users\KengLing\AppData\Local\genienext => Moved successfully.
C:\ProgramData\mcache => Moved successfully.
C:\ProgramData\Yellow AdBlocker => Moved successfully.
C:\Users\KengLing\AppData\Roaming\System Speedup => Moved successfully.
C:\ProgramData\Systweak => Moved successfully.
C:\Users\KengLing\AppData\Roaming\systweak => Moved successfully.
C:\windows\System32\Tasks\System Speedup => Moved successfully.
C:\ProgramData\365559d05cf6c3a4 => Moved successfully.
C:\Users\KengLing\AppData\Local\Giraffe => Moved successfully.
 
========================= Folder: C:\Users\KengLing\AppData\Roaming\iy ========================
 
2014-11-20 13:24 - 2014-11-20 13:25 - 1129968 _____ (iResearch, Inc.                                             ) C:\Users\KengLing\AppData\Roaming\iy\YJT.exe
 
====== End of Folder: ======
 
C:\Users\KengLing\AppData\Local\Temp\089709F389a.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\0f049aE2.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\DataCard_Setup64.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\drvprosetup.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\kwuninsthelper.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\ResetDevice.exe => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\Tmp1400843114_Greenil.dll => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\Tmp1406484046_Greenil.dll => Moved successfully.
C:\Users\KengLing\AppData\Local\Temp\Tmp1416965757_greenil.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33674A10-3841-41A7-B6BA-BF920AC1AF7E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33674A10-3841-41A7-B6BA-BF920AC1AF7E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector" => Key deleted successfully.
"C:\Program Files (x86)\RegClean Pro" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70CEBE38-B50B-4260-8E6E-12960BDD3433}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70CEBE38-B50B-4260-8E6E-12960BDD3433}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KwRunAsStdUser Task1622" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B02BB574-F3D1-404D-A72D-86D8027F4CDE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B02BB574-F3D1-404D-A72D-86D8027F4CDE}" => Key deleted successfully.
C:\Windows\System32\Tasks\System Speedup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA900987-F717-4571-87AF-51A37B2EA578}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA900987-F717-4571-87AF-51A37B2EA578}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KwRunAsStdUser Task21221" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F153D15D-BF67-4DC8-91FC-82F3A6F4778A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F153D15D-BF67-4DC8-91FC-82F3A6F4778A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KwRunAsStdUser Task21012" => Key deleted successfully.
C:\windows\Tasks\SW-Booster-S-792098896.job not found.
C:\windows\Tasks\System Speedup_DEFAULT.job not found.
C:\windows\Tasks\System Speedup_UPDATES.job not found.
"C:\Program Files (x86)\System Speedup" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 840.7 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-19 21:26:53)<=
 
C:\Users\Public\Fundata => Is moved successfully.
 
==== End of Fixlog ====
 
AdwCleaner.txt
 
# AdwCleaner v4.105 - Report created 19/12/2014 at 21:40:50
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : KengLing - PEANUT
# Running from : C:\Users\KengLing\Desktop\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Not Deleted : DptfParticipantProcessorService
[x] Not Deleted : DptfPolicyConfigTDPService
[x] Not Deleted : DptfPolicyLpmService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\SoftWarehouse
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\GoSave
Folder Deleted : C:\ProgramData\AllCCHaeaappPricee
Folder Deleted : C:\ProgramData\CuheapMMe
Folder Deleted : C:\ProgramData\DeigiCouupon
Folder Deleted : C:\ProgramData\DigiSuaver
Folder Deleted : C:\ProgramData\Fun2SavvE
Folder Deleted : C:\ProgramData\GGoSaave
Folder Deleted : C:\ProgramData\NexxtCouP
Folder Deleted : C:\ProgramData\TakeTheCoupon
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\KengLing\AppData\Local\apn
Folder Deleted : C:\Users\KengLing\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\KengLing\AppData\Local\Mobogenie
Folder Deleted : C:\Users\KengLing\AppData\Local\torch
Folder Deleted : C:\Users\KengLing\Desktop\Documents\Mobogenie
Folder Deleted : C:\Users\KengLing\Desktop\Documents\Optimizer Pro
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\olncohbjcaebfdinonamcmpkaomdhklk
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\olncohbjcaebfdinonamcmpkaomdhklk
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olncohbjcaebfdinonamcmpkaomdhklk
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olncohbjcaebfdinonamcmpkaomdhklk
Folder Deleted : C:\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\olncohbjcaebfdinonamcmpkaomdhklk
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\DptfParticipantProcessorService.exe
File Deleted : C:\windows\System32\DptfPolicyConfigTDPService.exe
File Deleted : C:\windows\System32\DptfPolicyLpmService.exe
File Deleted : C:\Users\KengLing\daemonprocess.txt
File Deleted : C:\Users\KengLing\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\KengLing\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Fun2SaVe.Fun2SaVe
Key Deleted : HKLM\SOFTWARE\Classes\Fun2SaVe.Fun2SaVe.4.5
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\DIgiSavEEr.DIgiSavEEr
Key Deleted : HKLM\SOFTWARE\Classes\DIgiSavEEr.DIgiSavEEr.6.7
Key Deleted : HKLM\SOFTWARE\Classes\DiggiiCouapoen.DiggiiCouapoen
Key Deleted : HKLM\SOFTWARE\Classes\DiggiiCouapoen.DiggiiCouapoen.5.3
Key Deleted : HKLM\SOFTWARE\Classes\..10
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05D01265-26C2-F3E1-D2B0-528D03F59009}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{072e0b29-32d7-4ee7-b98d-f64cba00ba1a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{15574728-FDFA-56D0-D755-82690F4B7569}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19539116-8ef3-4da6-86c9-98680bbd8674}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4050A994-73F1-5B61-EA2D-DD14C009C63C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48db1435-fe00-4763-a22c-66d163a99639}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84d5fded-4b70-48d7-b737-1a55d19490c8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9342af30-4d91-4dcc-916d-30f2f82b2465}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a18ffd29-8eb9-462c-bc57-1a267e48393a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bfb79170-d480-457d-933c-9941ddcd4449}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e494720a-e94c-4ce1-ad64-5315395dea8d}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05D01265-26C2-F3E1-D2B0-528D03F59009}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15574728-FDFA-56D0-D755-82690F4B7569}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4050A994-73F1-5B61-EA2D-DD14C009C63C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9342af30-4d91-4dcc-916d-30f2f82b2465}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a18ffd29-8eb9-462c-bc57-1a267e48393a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05D01265-26C2-F3E1-D2B0-528D03F59009}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{15574728-FDFA-56D0-D755-82690F4B7569}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4050A994-73F1-5B61-EA2D-DD14C009C63C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9342af30-4d91-4dcc-916d-30f2f82b2465}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a18ffd29-8eb9-462c-bc57-1a267e48393a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05D01265-26C2-F3E1-D2B0-528D03F59009}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{072e0b29-32d7-4ee7-b98d-f64cba00ba1a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{15574728-FDFA-56D0-D755-82690F4B7569}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{19539116-8ef3-4da6-86c9-98680bbd8674}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4050A994-73F1-5B61-EA2D-DD14C009C63C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{48db1435-fe00-4763-a22c-66d163a99639}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{84d5fded-4b70-48d7-b737-1a55d19490c8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9342af30-4d91-4dcc-916d-30f2f82b2465}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a18ffd29-8eb9-462c-bc57-1a267e48393a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bfb79170-d480-457d-933c-9941ddcd4449}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e494720a-e94c-4ce1-ad64-5315395dea8d}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05D01265-26C2-F3E1-D2B0-528D03F59009}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{072e0b29-32d7-4ee7-b98d-f64cba00ba1a}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{15574728-FDFA-56D0-D755-82690F4B7569}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{19539116-8ef3-4da6-86c9-98680bbd8674}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4050A994-73F1-5B61-EA2D-DD14C009C63C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{48db1435-fe00-4763-a22c-66d163a99639}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{84d5fded-4b70-48d7-b737-1a55d19490c8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9342af30-4d91-4dcc-916d-30f2f82b2465}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a18ffd29-8eb9-462c-bc57-1a267e48393a}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{bfb79170-d480-457d-933c-9941ddcd4449}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{e494720a-e94c-4ce1-ad64-5315395dea8d}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Driver Pro
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\GS-Enabler
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Video Player
Key Deleted : HKLM\SOFTWARE\VideoPlayerV3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17183
 
 
-\\ Google Chrome v39.0.2171.95
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [14667 octets] - [19/12/2014 21:37:53]
AdwCleaner[S0].txt - [14028 octets] - [19/12/2014 21:40:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14089 octets] ##########
 
 
JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 x64
Ran by KengLing on Fri 19/12/2014 at 21:42:56.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\YTNNOaADs
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 19/12/2014 at 21:49:27.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 19 December 2014 - 12:09 PM

Please do the following. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • RKreport.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#7 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 20 December 2014 - 10:19 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by KengLing (administrator) on PEANUT on 21-12-2014 00:09:14
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [892664 2012-12-18] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-30] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-19] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-04] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [209488 2013-02-04] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-07] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{317D32CC-4697-4026-961E-D223C0272349}: [NameServer]  
Tcpip\..\Interfaces\{E64DD415-98C6-408C-A60E-B95D12826413}: [NameServer]  
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KengLing\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://websearch.mocaflix.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.searchsunmy.info/?pid=1091&r=2014/01/05&hid=8402217720576185903&lg=EN&cc=SG&unqvl=45", "hxxp://websearch.fixsearch.info/?pid=3540&r=2014/09/12&hid=8402217720576185903&lg=EN&cc=SG&unqvl=61"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-19]
CHR Extension: (Adblock Plus) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Page Eraser) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2014-12-19]
CHR Extension: (SnapPea Photos) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (AdBlock) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (Bookmark Manager) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
CHR Extension: (School Bus Parking 3D) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmafmjnkhlldllbeggkpfnhfhdcbfade [2014-12-19]
CHR Extension: (New Tab Redirect Plus!) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (AudioSauna) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (FlashControl) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [44032 2012-12-06] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-08-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-04] (Lenovo)
S2 DptfParticipantProcessorService; %SystemRoot%\system32\DptfParticipantProcessorService.exe [X]
S2 DptfPolicyConfigTDPService; %SystemRoot%\system32\DptfPolicyConfigTDPService.exe [X]
S2 DptfPolicyLpmService; %SystemRoot%\system32\DptfPolicyLpmService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 br3gmdm; C:\Windows\system32\DRIVERS\br3gmdm.sys [122880 2009-09-23] (BandRich Inc.) [File not signed]
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-02-04] (Lenovo)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696976 2012-09-06] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1579232 2013-01-04] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-19 21:49 - 2014-12-19 21:49 - 00000739 _____ () C:\Users\KengLing\Desktop\JRT.txt
2014-12-19 21:42 - 2014-12-19 21:42 - 00000000 ____D () C:\windows\ERUNT
2014-12-19 21:37 - 2014-12-19 21:41 - 00000000 ____D () C:\AdwCleaner
2014-12-19 21:34 - 2014-12-21 00:07 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 21:34 - 2014-12-19 21:39 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 21:34 - 2014-12-19 21:34 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 21:34 - 2014-12-19 21:34 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 21:34 - 2014-12-19 21:34 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 21:34 - 2014-12-19 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 21:01 - 2014-12-19 21:01 - 00001544 _____ () C:\windows\comsetup.log
2014-12-19 20:51 - 2014-12-19 20:51 - 00001231 _____ () C:\Users\KengLing\Desktop\Revo Uninstaller.lnk
2014-12-19 20:51 - 2014-12-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagwrn.xml
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagerr.xml
2014-12-19 13:32 - 2014-12-21 00:09 - 00000000 ____D () C:\FRST
2014-12-18 15:53 - 2014-10-09 12:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-18 15:53 - 2014-10-09 12:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-18 15:53 - 2014-10-09 12:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-18 15:21 - 2014-10-11 15:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-18 15:21 - 2014-10-11 13:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-18 15:21 - 2014-10-09 11:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-18 15:21 - 2014-09-22 13:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-18 15:21 - 2014-09-22 11:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-18 15:20 - 2014-11-06 14:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 15:20 - 2014-11-06 13:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 15:19 - 2014-11-21 15:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 15:19 - 2014-11-21 15:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 15:18 - 2014-11-21 16:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 15:18 - 2014-11-21 16:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 15:18 - 2014-11-21 15:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 14:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 12:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-11-27 22:52 - 2014-11-19 15:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-27 22:52 - 2014-11-19 15:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-11-24 21:10 - 2014-11-24 21:10 - 00429752 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-22 20:51 - 2014-11-24 21:08 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-11-22 17:24 - 2014-11-05 14:40 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-22 17:24 - 2014-11-05 14:38 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-22 17:24 - 2014-11-05 11:16 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-22 17:24 - 2014-10-11 15:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-11-22 17:24 - 2014-10-11 15:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-22 17:24 - 2014-10-11 15:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-11-22 17:24 - 2014-10-11 13:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-11-22 17:24 - 2014-09-22 13:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-11-22 17:24 - 2014-08-27 06:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-11-22 17:23 - 2014-10-11 15:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-11-22 17:23 - 2014-10-11 13:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-22 17:23 - 2014-10-11 13:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-11-22 17:23 - 2014-10-11 13:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-11-22 17:22 - 2014-10-22 11:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-11-22 17:22 - 2014-10-22 09:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-11-22 17:22 - 2014-10-22 09:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-22 17:22 - 2014-10-22 09:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-11-22 17:22 - 2014-10-22 09:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-11-22 17:22 - 2014-10-22 09:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-22 17:22 - 2014-10-22 09:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-11-21 21:23 - 2014-09-25 07:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-21 21:23 - 2014-09-25 07:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-11-21 21:23 - 2014-09-25 07:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-21 21:23 - 2014-09-25 07:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-11-21 21:23 - 2014-08-22 07:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-21 21:23 - 2014-08-22 07:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-21 21:22 - 2014-11-08 19:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-21 21:22 - 2014-11-08 19:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-21 21:22 - 2014-11-08 14:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-21 21:22 - 2014-11-08 14:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-21 21:22 - 2014-10-23 20:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-21 21:22 - 2014-10-23 19:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-21 21:22 - 2014-10-18 16:44 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-21 21:22 - 2014-10-18 15:05 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-21 21:22 - 2014-10-11 16:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-21 21:22 - 2014-10-11 15:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-11-21 21:22 - 2014-10-11 15:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-11-21 21:22 - 2014-10-11 15:43 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-21 21:22 - 2014-10-11 13:57 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-11-21 21:22 - 2014-10-11 13:41 - 00713728 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-21 21:22 - 2014-10-11 13:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-21 21:22 - 2014-10-11 13:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-21 21:22 - 2014-10-11 13:04 - 00713728 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-21 21:22 - 2014-10-03 09:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-21 21:22 - 2014-10-03 06:29 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-21 21:22 - 2014-10-03 06:29 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-21 21:22 - 2014-10-03 06:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-11-21 21:22 - 2014-10-02 07:05 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-21 21:22 - 2014-09-06 08:46 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-11-21 21:21 - 2014-09-13 14:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-11-21 21:21 - 2014-09-03 10:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-11-21 21:21 - 2014-09-03 10:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-11-21 21:21 - 2014-08-29 12:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-11-21 21:21 - 2014-08-29 12:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-11-21 21:21 - 2014-08-29 12:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-11-21 21:21 - 2014-08-29 12:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-11-21 21:21 - 2014-08-28 14:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll
2014-11-21 21:21 - 2014-08-28 14:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll
2014-11-21 21:21 - 2014-08-28 13:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll
2014-11-21 21:21 - 2014-07-24 21:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-11-21 21:21 - 2014-07-12 12:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-11-21 21:21 - 2014-07-12 12:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-11-21 21:21 - 2014-07-12 12:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-11-21 21:21 - 2014-07-12 12:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-11-21 21:21 - 2014-07-12 08:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-11-21 21:21 - 2014-07-12 08:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-11-21 21:21 - 2014-07-09 06:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-11-21 21:21 - 2014-07-09 06:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-11-21 21:21 - 2014-07-09 06:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-11-21 21:21 - 2014-07-09 06:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-11-21 21:21 - 2014-07-07 13:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-11-21 21:21 - 2014-07-07 13:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-11-21 21:21 - 2014-07-04 18:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-11-21 21:21 - 2014-07-03 09:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-11-21 21:21 - 2014-07-03 08:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-11-21 21:21 - 2014-06-28 15:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-11-21 21:21 - 2014-06-28 14:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-11-21 21:21 - 2014-06-28 14:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-11-21 21:21 - 2014-06-25 15:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-11-21 21:21 - 2014-06-25 15:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-11-21 21:21 - 2014-06-18 07:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-11-21 21:21 - 2014-06-18 07:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-11-21 21:21 - 2014-06-11 22:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-11-21 21:21 - 2014-06-11 12:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-11-21 21:21 - 2014-06-11 06:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-11-21 21:21 - 2014-02-04 18:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-11-21 21:19 - 2014-07-24 21:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-11-21 21:19 - 2014-07-17 07:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-11-21 21:19 - 2014-07-17 06:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-11-21 21:19 - 2014-07-17 06:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-11-21 21:19 - 2014-07-12 14:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-11-21 21:19 - 2014-07-12 12:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-11-21 21:19 - 2014-07-12 12:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-11-21 21:19 - 2014-07-12 12:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-11-21 21:19 - 2014-07-12 12:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-11-21 21:19 - 2014-06-28 14:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-11-21 21:19 - 2014-06-28 10:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-11-21 21:18 - 2014-07-07 13:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-11-21 21:18 - 2014-07-07 13:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-21 21:18 - 2014-07-07 13:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-11-21 21:18 - 2014-07-07 13:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-21 21:18 - 2014-07-07 12:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-11-21 21:18 - 2014-07-07 12:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-11-21 21:18 - 2014-07-07 12:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-21 21:18 - 2014-07-07 11:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-11-21 21:18 - 2014-06-13 07:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-11-21 21:18 - 2014-06-13 07:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-11-21 21:17 - 2014-09-03 10:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-11-21 21:17 - 2014-09-03 10:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 00:08 - 2013-11-28 20:33 - 00000000 ___RD () C:\Users\KengLing\Dropbox
2014-12-21 00:08 - 2013-11-28 20:31 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Dropbox
2014-12-21 00:08 - 2013-03-11 18:41 - 00037591 _____ () C:\Users\KengLing\AppData\Local\BTServer.log
2014-12-21 00:08 - 2013-02-04 15:17 - 01440029 _____ () C:\windows\WindowsUpdate.log
2014-12-21 00:07 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-19 21:54 - 2013-03-11 19:12 - 17081114 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-19 21:50 - 2013-03-11 18:49 - 00003590 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-336608445-27866453-704810108-1001
2014-12-19 21:49 - 2013-02-04 16:11 - 00444878 _____ () C:\windows\system32\prfh0804.dat
2014-12-19 21:49 - 2013-02-04 16:11 - 00140712 _____ () C:\windows\system32\prfc0804.dat
2014-12-19 21:49 - 2012-07-26 15:28 - 01403652 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-19 21:41 - 2012-10-10 07:08 - 00201694 _____ () C:\windows\PFRO.log
2014-12-19 21:41 - 2012-07-26 15:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-19 21:40 - 2013-03-11 18:41 - 00000000 ____D () C:\Users\KengLing
2014-12-19 21:34 - 2013-03-11 18:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-19 21:34 - 2013-03-11 18:47 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Deployment
2014-12-19 21:26 - 2013-02-04 15:21 - 00000000 ____D () C:\ProgramData\Realtek
2014-12-19 21:23 - 2014-01-30 15:50 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 21:22 - 2012-07-26 13:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-12-19 21:19 - 2012-07-26 16:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-19 21:17 - 2012-07-26 15:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-19 21:08 - 2012-07-26 15:21 - 00498868 _____ () C:\windows\setupact.log
2014-12-19 21:08 - 2012-07-26 13:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-19 21:07 - 2012-07-26 16:13 - 00003611 _____ () C:\windows\DtcInstall.log
2014-12-19 21:02 - 2013-11-01 01:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 21:01 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\Registration
2014-12-19 20:57 - 2013-02-04 15:19 - 00174841 _____ () C:\windows\system32\CoInst.log
2014-12-19 20:56 - 2014-09-24 23:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-19 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-19 20:46 - 2014-01-31 17:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-19 20:46 - 2014-01-31 17:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-19 13:33 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-19 13:30 - 2013-11-28 20:33 - 00000999 _____ () C:\Users\KengLing\Desktop\Dropbox.lnk
2014-12-19 13:30 - 2013-11-28 20:32 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 16:34 - 2014-11-20 13:14 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Zoo
2014-12-18 16:10 - 2014-09-26 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 16:04 - 2012-07-26 16:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2013-11-01 01:35 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 15:21 - 2014-10-25 18:06 - 00000004 _____ () C:\Users\KengLing\AppData\Roaming\appdataFr2.bin
2014-12-13 02:23 - 2013-07-27 19:34 - 00000000 ____D () C:\Users\KengLing\Desktop\MEMORY STORAGE
2014-12-13 02:14 - 2013-11-28 12:10 - 00000000 ____D () C:\Users\KengLing\Desktop\32 GB MICRO SD
2014-12-10 20:03 - 2013-11-01 01:57 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 20:02 - 2014-09-10 02:07 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 21:36 - 2014-09-22 23:26 - 00000000 ____D () C:\windows\rescache
2014-11-22 20:51 - 2014-10-14 20:37 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\WinStore
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-22 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-22 17:55 - 2013-08-07 21:02 - 00000000 ____D () C:\windows\system32\MRT
2014-11-21 20:47 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\NDF
2014-11-21 06:14 - 2014-09-26 22:33 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-26 22:33 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-11-01 01:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
 
Some content of TEMP:
====================
C:\Users\KengLing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxx3tb8.dll
C:\Users\KengLing\AppData\Local\Temp\Quarantine.exe
C:\Users\KengLing\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-18 15:48
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by KengLing at 2014-12-21 00:10:00
Running from C:\Users\KengLing\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.203 - Huawei Technologies Co.,Ltd)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{D6803D14-7510-4B15-ADE9-661DDCB3C467}) (Version: 15.0.1576 - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-12-2014 03:18:41 Scheduled Checkpoint
13-12-2014 03:16:17 Scheduled Checkpoint
18-12-2014 15:48:22 Windows Update
19-12-2014 21:13:46 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2014-01-31 17:25 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07D138E3-3B00-47A3-BB9F-EE706F70C6FC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-19] (Synaptics Incorporated)
Task: {220F6D28-94CC-4FB9-B7CA-165DD7C38A5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {91D61CAE-E8B1-4F3B-BA1D-916E87B11A71} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A4AEF13D-A804-4DE5-A824-6390D326F3DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {AA39E06D-5C0D-46DF-A0C5-0FB24862C7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {C37D08A7-6787-4BB3-BA94-686BE6EE3BA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-04 15:21 - 2012-12-06 07:13 - 00044032 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-08 22:38 - 2012-06-28 10:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyLpmDll.dll
2013-02-04 15:19 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-08-27 12:29 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-10-08 22:38 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-08 22:38 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-08 22:38 - 2010-07-23 12:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-08 22:38 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-08 22:38 - 2012-06-28 10:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-08 22:38 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-02-04 15:18 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 01623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-21 00:08 - 2014-12-21 00:08 - 00043008 _____ () c:\users\kengling\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxx3tb8.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "FlashGet 3"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-336608445-27866453-704810108-500 - Administrator - Disabled)
Guest (S-1-5-21-336608445-27866453-704810108-501 - Limited - Disabled)
KengLing (S-1-5-21-336608445-27866453-704810108-1001 - Administrator - Enabled) => C:\Users\KengLing
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2014 00:08:40 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5644) {E804837A-657B-486A-93B6-9E3EA09F8B77}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/21/2014 00:07:54 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (12/21/2014 00:07:54 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (12/21/2014 00:07:44 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (4988) {BF27C915-4D90-405F-BC16-0BA8EFBBF69F}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
System errors:
=============
Error: (12/21/2014 00:08:00 AM) (Source: DCOM) (EventID: 10010) (User: PEANUT)
Description: {0006F03A-0000-0000-C000-000000000046}
 
 
Microsoft Office Sessions:
=========================
Error: (10/16/2013 06:32:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39619 seconds with 4440 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 59%
Total physical RAM: 3975.27 MB
Available physical RAM: 1605.82 MB
Total Pagefile: 5575.27 MB
Available Pagefile: 2840.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:100.96 GB) (Free:6.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4B236BD6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
RKreport.txt
 
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : KengLing [Administrator]
Mode : Scan -- Date : 12/21/2014  00:18:43
 
¤¤¤ Processes : 4 ¤¤¤
[Suspicious.Path] ouc.exe -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
[Suspicious.Path] ymc.exe -- C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe[7] -> Killed [TermProc]
[Suspicious.Path] yogaserver.exe -- C:\ProgramData\YogaSmartSwicth\yogaserver.exe[7] -> Killed [TermProc]
[Suspicious.Path] FRST64.exe -- C:\Users\KengLing\Desktop\Downloads\FRST64.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | yogaserver : C:\ProgramData\YogaSmartSwicth\yogaserver.exe  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ymc (C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ymc (C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\OFFICE2010ACT -- C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMPC128HBFU-000L1 +++++
--- User ---
[MBR] 1e68df5c61ceef7fd9d876db271b53ec
[BSP] 0d11235fd31b8a9189dc869e0f799e8d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 

#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 20 December 2014 - 11:48 PM

Hello, 
 
STEP 1
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did your browsers reset OK?
  • MBAM Scan log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#9 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 22 December 2014 - 10:30 AM

Reset of all browsers are ok . However , google chrome is still lagging big time . Whenever i came on this page , sometimes its loading very very long and nothing is moving . I have had to close and open browsers several times to get to post a reply . 
 
Malwarebytes log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/12/2014
Scan Time: 9:10:21 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.22.03
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: KengLing
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351473
Time Elapsed: 23 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, No Action By User, [8e8faab96418dd59bf61efe50af87d83], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, No Action By User, [8e8faab96418dd59bf61efe50af87d83], 
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerV1alpha268, No Action By User, [74a981e2ed8f1e181c2277202ad94eb2], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Funshion, C:\Users\KengLing\AppData\Roaming\CloudMedia\JadeHe.dat, No Action By User, [0815194ae69677bfa472107cb24ee31d], 
PUP.Optional.InstalleRex, C:\Users\KengLing\Desktop\Music\GRANRODEO - SUPERNOVA (E. Kolotushkin) - [MP3Juices.com].exe, No Action By User, [4ad35c076e0e0f274a0b4802ad5403fd], 
PUP.Optional.Firseria, C:\Users\KengLing\Desktop\Downloads\FLVMPlayer.exe, No Action By User, [eb325d066319a78f7df97820d8294ab6], 
PUP.Optional.MultiPlug, C:\Users\KengLing\Desktop\Downloads\bloody mary ch1.zip.exe, No Action By User, [0d10a9ba74086bcb4a084298e918e11f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESETScan log
 
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js.vir Win32/Adware.MultiPlug.EB application
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Chromatic Browser\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\KengLing\AppData\Local\torch\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\GS-Enabler\Assistant_x64.dll a variant of Win64/SProtector.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\GoSaevE\bmKp2sujOONjwuD.exe a variant of Win32/AdWare.MultiPlug.CK application
C:\FRST\Quarantine\C\ProgramData\oncanfeampaccccenbclhjlgdkdeeinn\oncanfeampaccccenbclhjlgdkdeeinn\vg.js JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\ProgramData\Systweak\Advanced System Protector\updates\aspsetup_update.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\genienext\nengine.dll Win32/NextLive.A potentially unwanted application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\089709F389a.exe.xBAD a variant of Win32/Adware.MultiPlug.DW application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\0f049aE2.exe.xBAD a variant of Win32/Adware.MultiPlug.DW application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe.xBAD a variant of Win32/Adware.MultiPlug.DW application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe.xBAD a variant of Win32/Adware.MultiPlug.DW application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe.xBAD Win32/LiveSupport.A potentially unwanted application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\optprosetup.exe.xBAD a variant of Win32/OptimizerEliteMax.C potentially unwanted application
C:\FRST\Quarantine\C\Users\KengLing\AppData\Roaming\systweak\ssd\SSDPTstub.exe Win32/Systweak.G potentially unwanted application
C:\ProgramData\InstallMate\{B5AE07C5-0419-4FDD-AD36-4C3B6E4D2533}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js Win32/Adware.MultiPlug.EB application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Win32/Adware.MultiPlug.EB application
C:\Users\All Users\InstallMate\{B5AE07C5-0419-4FDD-AD36-4C3B6E4D2533}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js Win32/Adware.MultiPlug.EB application
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Win32/Adware.MultiPlug.EB application
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda\2.0\dg.js JS/Kryptik.ATB trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc\1.0\jVgz8CDjl.js JS/Kryptik.ATB trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa\2.0\HOc0w.js JS/Kryptik.ATB trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\content.js JS/Chromex.Agent.L trojan
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig\2.0\I1o6fl4pb7.js JS/Kryptik.ATB trojan
C:\Users\KengLing\Desktop\Downloads\bloody mary ch1.zip.exe a variant of Win32/AdWare.MultiPlug.CT application
C:\Users\KengLing\Desktop\Downloads\FLVMPlayer.exe a variant of Win32/FirseriaInstaller.J potentially unwanted application
C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii ? Levels-(mp3).rar a variant of Win32/Spy.Banker.AAPM trojan
C:\Users\KengLing\Desktop\Music\GRANRODEO - SUPERNOVA (E. Kolotushkin) - [MP3Juices.com].exe Win32/InstalleRex.L potentially unwanted application
C:\Users\KengLing\etutc\svchost2.exe RAR/Agent.S trojan
C:\Users\KengLing\etutc\wininit.exe multiple threats
C:\Users\KengLing\uvftv\61033.cmd BAT/Starter.NBI trojan
C:\Users\KengLing\vbvds\81895.cmd BAT/Starter.NBI trojan
C:\Users\KengLing\vbvds\ZVLZovD.WXS Win32/Injector.Autoit.ACP trojan
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

#10 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 22 December 2014 - 01:55 PM

Hello, 
 
Please ensure you have MBAM remove the items flagged. 
Then do the following. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
C:\ProgramData\InstallMate
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\All Users\InstallMate
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
C:\Users\KengLing\Desktop\Downloads\bloody mary ch1.zip.exe
C:\Users\KengLing\Desktop\Downloads\FLVMPlayer.exe
C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii ? Levels-(mp3).rar
C:\Users\KengLing\Desktop\Music\GRANRODEO - SUPERNOVA (E. Kolotushkin) - [MP3Juices.com].exe
C:\Users\KengLing\etutc
C:\Users\KengLing\uvftv
C:\Users\KengLing\vbvds
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Emsisoft log
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove

#11 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 23 December 2014 - 12:40 PM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by KengLing at 2014-12-24 00:45:46 Run:2
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\ProgramData\InstallMate
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\All Users\InstallMate
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig
C:\Users\KengLing\Desktop\Downloads\bloody mary ch1.zip.exe
C:\Users\KengLing\Desktop\Downloads\FLVMPlayer.exe
C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii ? Levels-(mp3).rar
C:\Users\KengLing\Desktop\Music\GRANRODEO - SUPERNOVA (E. Kolotushkin) - [MP3Juices.com].exe
C:\Users\KengLing\etutc
C:\Users\KengLing\uvftv
C:\Users\KengLing\vbvds
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
C:\ProgramData\InstallMate => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
"C:\Users\All Users\InstallMate" => File/Directory not found.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig => Moved successfully.
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akbniljookodcldhdbomkficjechhbda => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dekimbbaaadfpbchedkjlkjnpadngljc => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlaifdhkihbmbncnjpbfapifofmickfa => Moved successfully.
C:\Users\KengLing\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpplejlaebbihmolemidgkoifcdkbgig => Moved successfully.
"C:\Users\KengLing\Desktop\Downloads\bloody mary ch1.zip.exe" => File/Directory not found.
"C:\Users\KengLing\Desktop\Downloads\FLVMPlayer.exe" => File/Directory not found.
Could not move "C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii ? Levels-(mp3).rar" => Scheduled to move on reboot.
"C:\Users\KengLing\Desktop\Music\GRANRODEO - SUPERNOVA (E. Kolotushkin) - [MP3Juices.com].exe" => File/Directory not found.
C:\Users\KengLing\etutc => Moved successfully.
C:\Users\KengLing\uvftv => Moved successfully.
C:\Users\KengLing\vbvds => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 36.9 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-24 00:46:23)<=
 
"C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii ? Levels-(mp3).rar" => File could not move.
 
==== End of Fixlog ====
 
Emisoft log
 
Emsisoft Emergency Kit - Version 9.0
Last update: 24/12/2014 12:57:33 AM
User account: PEANUT\KengLing
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 24/12/2014 1:03:47 AM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}  detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E32743D3-5789-6E4F-3998-06FB87C9214B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}  detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\FUNSHION  detected: Adware.Win32.Sionfun (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FUNSHION  detected: Adware.Win32.Sionfun (A)
Value: HKEY_USERS\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js.vir  detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir detected: Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js.vir detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\ProgramData\GoSaevE\bmKp2sujOONjwuD.exe  detected: Gen:Variant.Adware.MPlug.7 (
C:\FRST\Quarantine\C\ProgramData\InstallMate\{B5AE07C5-0419-4FDD-AD36-4C3B6E4D2533}\Custom.dll  detected: Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js  detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js detected: Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\genienext\nengine.dll  detected: Adware.Win32.Agent (A)
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\089709F389a.exe.xBAD  detected: Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\0f049aE2.exe.xBAD  detected: Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe.xBAD  detected: Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe.xBAD  detected: Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe.xBAD  detected: Application.Win32.AdSupport (A)
C:\FRST\Quarantine\C\Users\KengLing\etutc\HQKMRnz.PFL  detected: Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\etutc\svchost2.exe -> (RAR Sfx o) -> wmukoPJK.KHT  detected: Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\etutc\wininit.exe -> (RAR Sfx o) -> [Comment]  detected: Trojan.Ciusky.Gen.6 (
C:\FRST\Quarantine\C\Users\KengLing\etutc\wininit.exe -> (RAR Sfx o) -> ZVLZovD.WXS  detected: Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\uvftv\wmukoPJK.KHT  detected: Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\vbvds\ZVLZovD.WXS  detected: Trojan.Ciusky.Gen.12 (
C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii – Levels-(mp3).rar -> -(mp3)069. Avicii ¬タモ Levels-(mp3).exe  detected: Gen:Variant.Kazy.26586 (
 
Scanned 272810
Found 60
 
Scan end: 24/12/2014 2:09:25 AM
Scan time: 1:05:38
 
C:\Users\KengLing\Desktop\Music\-(mp3)069. Avicii – Levels-(mp3).rar Quarantined Gen:Variant.Kazy.26586 (
C:\FRST\Quarantine\C\Users\KengLing\vbvds\ZVLZovD.WXS Quarantined Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\uvftv\wmukoPJK.KHT Quarantined Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\etutc\wininit.exe Quarantined Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\etutc\svchost2.exe Quarantined Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\etutc\HQKMRnz.PFL Quarantined Trojan.Ciusky.Gen.12 (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\LiveSupport_setup.exe.xBAD Quarantined Application.Win32.AdSupport (A)
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\ebE3BbfcB36.exe.xBAD Quarantined Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\70A39618E9FE.exe.xBAD Quarantined Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\0f049aE2.exe.xBAD Quarantined Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\Temp\089709F389a.exe.xBAD Quarantined Adware.MultiPlug.DA (
C:\FRST\Quarantine\C\Users\KengLing\AppData\Local\genienext\nengine.dll Quarantined Adware.Win32.Agent (A)
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.jsQuarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.jsQuarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.jsQuarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.jsQuarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js Quarantined Adware.MultiPlug.CY (
C:\FRST\Quarantine\C\ProgramData\InstallMate\{B5AE07C5-0419-4FDD-AD36-4C3B6E4D2533}\Custom.dll Quarantined Application.Win32.InstallAd (A)
C:\FRST\Quarantine\C\ProgramData\GoSaevE\bmKp2sujOONjwuD.exe Quarantined Gen:Variant.Adware.MPlug.7 (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js.virQuarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.virQuarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.virQuarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js.virQuarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\130\Cvl3O1V.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\emebdpkfgininadkndimkbnbodkbafdf\2.1\utoUpln3iQ.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lcbldkdookfndhfkdhfkafpaohjpjknf\2.7\ZbdYM8I8.js.vir Quarantined Adware.MultiPlug.CY (
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jemankoafddlkncgflkmchipgjpdloga\1.1\h2stoVL.js.vir Quarantined Adware.MultiPlug.CY (
Value: HKEY_USERS\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-336608445-27866453-704810108-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\FUNSHION Quarantined Adware.Win32.Sionfun (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\FUNSHION Quarantined Adware.Win32.Sionfun (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantined Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantined Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} Quarantined Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E32743D3-5789-6E4F-3998-06FB87C9214B} Quarantined Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} Quarantined Application.AdGenie (A)
 
Quarantined 55
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2014
Ran by KengLing (administrator) on PEANUT on 24-12-2014 02:14:07
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [892664 2012-12-18] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-30] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-19] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-02-04] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [209488 2013-02-04] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-22] (Lenovo(Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-07] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-336608445-27866453-704810108-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-336608445-27866453-704810108-1001 -> {57E44609-825C-4084-B237-B3A01BC4D771} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.app...ex/qtplugin.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{317D32CC-4697-4026-961E-D223C0272349}: [NameServer]  
Tcpip\..\Interfaces\{E64DD415-98C6-408C-A60E-B95D12826413}: [NameServer]  
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-336608445-27866453-704810108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KengLing\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://websearch.mocaflix.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.searchsunmy.info/?pid=1091&r=2014/01/05&hid=8402217720576185903&lg=EN&cc=SG&unqvl=45", "hxxp://websearch.fixsearch.info/?pid=3540&r=2014/09/12&hid=8402217720576185903&lg=EN&cc=SG&unqvl=61"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-19]
CHR Extension: (Adblock Plus) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-19]
CHR Extension: (Page Eraser) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2014-12-19]
CHR Extension: (SnapPea Photos) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2014-12-19]
CHR Extension: (AdBlock) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (Bookmark Manager) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
CHR Extension: (School Bus Parking 3D) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmafmjnkhlldllbeggkpfnhfhdcbfade [2014-12-19]
CHR Extension: (New Tab Redirect Plus!) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnpoebddognhfcnfbfjdbgmgadkmmdkj [2014-12-19]
CHR Extension: (AudioSauna) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-12-19]
CHR Extension: (FlashControl) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\KengLing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [44032 2012-12-06] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] ()
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-08-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-02-04] (Lenovo)
S2 DptfParticipantProcessorService; %SystemRoot%\system32\DptfParticipantProcessorService.exe [X]
S2 DptfPolicyConfigTDPService; %SystemRoot%\system32\DptfPolicyConfigTDPService.exe [X]
S2 DptfPolicyLpmService; %SystemRoot%\system32\DptfPolicyLpmService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 br3gmdm; C:\Windows\system32\DRIVERS\br3gmdm.sys [122880 2009-09-23] (BandRich Inc.) [File not signed]
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-23] (Emsisoft GmbH)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-06-06] (Huawei Technologies Co., Ltd.)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-02-04] (Lenovo)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696976 2012-09-06] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1579232 2013-01-04] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-19] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 00:54 - 2014-12-24 00:54 - 00000754 _____ () C:\Users\KengLing\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\EEK
2014-12-23 00:24 - 2014-12-23 00:24 - 00027890 _____ () C:\Users\KengLing\Desktop\MyEsetScan.txt
2014-12-21 00:10 - 2014-12-21 00:10 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-21 00:10 - 2014-12-21 00:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-19 21:49 - 2014-12-19 21:49 - 00000739 _____ () C:\Users\KengLing\Desktop\JRT.txt
2014-12-19 21:42 - 2014-12-19 21:42 - 00000000 ____D () C:\windows\ERUNT
2014-12-19 21:37 - 2014-12-19 21:41 - 00000000 ____D () C:\AdwCleaner
2014-12-19 21:34 - 2014-12-24 01:39 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 21:34 - 2014-12-24 00:46 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 21:34 - 2014-12-19 21:34 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-19 21:34 - 2014-12-19 21:34 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-19 21:34 - 2014-12-19 21:34 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-19 21:34 - 2014-12-19 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 21:01 - 2014-12-19 21:01 - 00001544 _____ () C:\windows\comsetup.log
2014-12-19 20:51 - 2014-12-19 20:51 - 00001231 _____ () C:\Users\KengLing\Desktop\Revo Uninstaller.lnk
2014-12-19 20:51 - 2014-12-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagwrn.xml
2014-12-19 13:47 - 2014-12-19 21:08 - 00024768 _____ () C:\windows\diagerr.xml
2014-12-19 13:32 - 2014-12-24 02:14 - 00000000 ____D () C:\FRST
2014-12-18 15:53 - 2014-10-09 12:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-18 15:53 - 2014-10-09 12:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-18 15:53 - 2014-10-09 12:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-18 15:53 - 2014-10-09 11:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-18 15:21 - 2014-10-11 15:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-18 15:21 - 2014-10-11 13:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-18 15:21 - 2014-10-09 11:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-18 15:21 - 2014-10-09 11:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-18 15:21 - 2014-09-22 13:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-18 15:21 - 2014-09-22 11:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-18 15:20 - 2014-11-06 14:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-18 15:20 - 2014-11-06 13:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-18 15:19 - 2014-11-21 16:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-18 15:19 - 2014-11-21 15:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-18 15:19 - 2014-11-21 15:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-18 15:18 - 2014-11-21 16:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-18 15:18 - 2014-11-21 16:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-18 15:18 - 2014-11-21 16:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 16:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-18 15:18 - 2014-11-21 16:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-18 15:18 - 2014-11-21 15:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-18 15:18 - 2014-11-21 15:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-18 15:18 - 2014-11-21 15:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-18 15:18 - 2014-11-21 15:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 14:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-18 15:18 - 2014-11-21 12:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-11-27 22:52 - 2014-11-19 15:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-27 22:52 - 2014-11-19 15:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-11-24 21:10 - 2014-11-24 21:10 - 00429752 _____ () C:\windows\system32\FNTCACHE.DAT
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 02:02 - 2013-11-01 01:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 02:00 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-24 01:40 - 2013-02-04 15:17 - 01633988 _____ () C:\windows\WindowsUpdate.log
2014-12-24 01:01 - 2013-03-11 18:49 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-336608445-27866453-704810108-1001
2014-12-24 00:52 - 2013-02-04 16:11 - 00444878 _____ () C:\windows\system32\prfh0804.dat
2014-12-24 00:52 - 2013-02-04 16:11 - 00140712 _____ () C:\windows\system32\prfc0804.dat
2014-12-24 00:52 - 2012-07-26 15:28 - 01403652 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-24 00:47 - 2013-11-28 20:33 - 00000000 ___RD () C:\Users\KengLing\Dropbox
2014-12-24 00:47 - 2013-11-28 20:31 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Dropbox
2014-12-24 00:47 - 2013-03-11 18:41 - 00041506 _____ () C:\Users\KengLing\AppData\Local\BTServer.log
2014-12-24 00:46 - 2013-02-04 15:21 - 00000000 ____D () C:\ProgramData\Realtek
2014-12-24 00:46 - 2012-10-10 07:08 - 00203236 _____ () C:\windows\PFRO.log
2014-12-24 00:46 - 2012-07-26 15:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-24 00:45 - 2013-03-11 19:12 - 17127838 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-24 00:45 - 2013-03-11 18:41 - 00000000 ____D () C:\Users\KengLing
2014-12-24 00:45 - 2012-07-26 13:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-12-24 00:33 - 2014-04-21 19:16 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\CloudMedia
2014-12-24 00:09 - 2014-09-26 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 21:34 - 2013-03-11 18:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-19 21:34 - 2013-03-11 18:47 - 00000000 ____D () C:\Users\KengLing\AppData\Local\Deployment
2014-12-19 21:23 - 2014-01-30 15:50 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 21:19 - 2012-07-26 16:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-19 21:17 - 2012-07-26 15:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-19 21:08 - 2012-07-26 15:21 - 00498868 _____ () C:\windows\setupact.log
2014-12-19 21:08 - 2012-07-26 13:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-19 21:07 - 2012-07-26 16:13 - 00003611 _____ () C:\windows\DtcInstall.log
2014-12-19 21:01 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\Registration
2014-12-19 20:57 - 2013-02-04 15:19 - 00174841 _____ () C:\windows\system32\CoInst.log
2014-12-19 20:56 - 2014-09-24 23:57 - 00000000 ___HD () C:\$Windows.~BT
2014-12-19 20:51 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-12-19 20:46 - 2014-01-31 17:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-19 20:46 - 2014-01-31 17:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-19 13:33 - 2012-07-26 16:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-19 13:30 - 2013-11-28 20:33 - 00000999 _____ () C:\Users\KengLing\Desktop\Dropbox.lnk
2014-12-19 13:30 - 2013-11-28 20:32 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 16:34 - 2014-11-20 13:14 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Zoo
2014-12-18 16:04 - 2012-07-26 16:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2014-09-26 22:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 15:24 - 2013-11-01 01:35 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 15:21 - 2014-10-25 18:06 - 00000004 _____ () C:\Users\KengLing\AppData\Roaming\appdataFr2.bin
2014-12-13 02:23 - 2013-07-27 19:34 - 00000000 ____D () C:\Users\KengLing\Desktop\MEMORY STORAGE
2014-12-13 02:14 - 2013-11-28 12:10 - 00000000 ____D () C:\Users\KengLing\Desktop\32 GB MICRO SD
2014-12-10 20:03 - 2013-11-01 01:57 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 20:02 - 2014-09-10 02:07 - 03981488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 05:11 - 2012-07-26 16:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 21:36 - 2014-09-22 23:26 - 00000000 ____D () C:\windows\rescache
2014-11-24 21:08 - 2014-11-22 20:51 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
 
Some content of TEMP:
====================
C:\Users\KengLing\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplfbfgv.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-18 15:48
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2014
Ran by KengLing at 2014-12-24 02:15:19
Running from C:\Users\KengLing\Desktop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.22 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - MicrosoftCorporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - MicrosoftCorporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 -Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - MicrosoftCorporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - MicrosoftCorporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.203 - Huawei Technologies Co.,Ltd)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.43 - Lenovo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-336608445-27866453-704810108-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{82CB9E8F-F4B6-4E17-9D1B-33BF238A5A70}) (Version: 15.0.1681 - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-336608445-27866453-704810108-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KengLing\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-12-2014 03:18:41 Scheduled Checkpoint
13-12-2014 03:16:17 Scheduled Checkpoint
18-12-2014 15:48:22 Windows Update
19-12-2014 21:13:46 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2014-01-31 17:25 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123fporn.info
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07D138E3-3B00-47A3-BB9F-EE706F70C6FC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-19] (Synaptics Incorporated)
Task: {21442F9B-17E5-4A5F-8CEA-BEA1AA9BABF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {91D61CAE-E8B1-4F3B-BA1D-916E87B11A71} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {A4AEF13D-A804-4DE5-A824-6390D326F3DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {AA39E06D-5C0D-46DF-A0C5-0FB24862C7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {C37D08A7-6787-4BB3-BA94-686BE6EE3BA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-04 15:21 - 2012-12-06 07:13 - 00044032 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-08 22:38 - 2012-06-28 10:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00059472 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 14:13 - 2012-07-13 16:52 - 00021312 _____ () C:\windows\SYSTEM32\DptfPolicyLpmDll.dll
2013-02-04 15:19 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-04 15:27 - 2013-02-04 15:27 - 00209488 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-08-27 12:29 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00172112 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-10-08 22:38 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-08 22:38 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-08 22:38 - 2010-07-23 12:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-08 22:38 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-08 22:38 - 2012-06-28 10:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-08 22:38 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-02-04 15:27 - 2013-02-04 15:27 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 01623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-02-04 15:26 - 2013-02-04 15:26 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-24 00:47 - 2014-12-24 00:47 - 00043008 _____ () c:\users\kengling\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplfbfgv.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\KengLing\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-02-04 15:18 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-19 21:34 - 2014-12-06 09:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2013-10-08 22:37 - 2012-06-28 10:45 - 01545088 _____ () C:\Program Files (x86)\Mobile Partner\UpdateDog\LiveUpd.exe
2013-10-08 22:37 - 2009-01-10 18:32 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\UpdateDog\mingwm10.dll
2013-10-08 22:37 - 2009-06-23 02:42 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\UpdateDog\libgcc_s_dw2-1.dll
2013-10-08 22:37 - 2010-07-23 12:58 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\UpdateDog\QtCore4.dll
2013-10-08 22:37 - 2010-02-10 22:43 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\UpdateDog\QtGui4.dll
2013-10-08 22:37 - 2010-02-10 22:10 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\UpdateDog\QtNetwork4.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "Microsoft Office Groove.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "FlashGet 3"
HKU\S-1-5-21-336608445-27866453-704810108-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-336608445-27866453-704810108-500 - Administrator - Disabled)
Guest (S-1-5-21-336608445-27866453-704810108-501 - Limited - Disabled)
KengLing (S-1-5-21-336608445-27866453-704810108-1001 - Administrator - Enabled) => C:\Users\KengLing
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2014 01:56:24 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (5116) {01D86FE3-3A2F-4BF4-8CBC-666E1A1A7950}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 01:53:03 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (3308) {7062B864-EF4F-4E7D-A43A-CBD824C3D07C}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 01:53:03 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (2340) {5CDCBC97-F775-4F35-9B31-B7AF8DE2A9EF}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 01:16:18 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (3656) {05BB039F-30E4-48E4-85BE-3B0F8EE0820B}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 01:11:48 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (2104) {A76A591B-C4A3-4E1D-9698-8FA5C9911477}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 01:11:48 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (948) {A764E167-FE7B-4F70-8CDB-F6A38769F94C}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 01:01:51 AM) (Source: ESENT) (EventID: 474) (User: )
Description: SettingSyncHost (4140) {C372DB5E-6AFE-4E33-B964-42935284CECB}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page SettingSyncHost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 00:50:22 AM) (Source: ESENT) (EventID: 474) (User: )
Description: SettingSyncHost (5112) {14C17C31-8DC7-46FB-9212-07E8C3B9B026}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page SettingSyncHost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 00:50:22 AM) (Source: ESENT) (EventID: 474) (User: )
Description: SettingSyncHost (5112) {14C17C31-8DC7-46FB-9212-07E8C3B9B026}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page SettingSyncHost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (12/24/2014 00:47:30 AM) (Source: ESENT) (EventID: 474) (User: )
Description: taskhost (2104) {B37C85BF-FD6A-423F-BF81-E43BC8BA8C62}: The database page read from the file "C:\Users\KengLing\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\meta.edb" at offset 1245184 (0x0000000000130000) (database page taskhost0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [b62549dac805c925:00be00be68723f41:0000000000000025:0004fffb0910019f] and the computed checksum was [489248920f7a8ebd:ffa90056501a7831:0000000000000025:0004fffb0910019f].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
 
System errors:
=============
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Config TDP Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 00:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 00:34:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053
 
Error: (12/24/2014 00:34:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.
 
Error: (12/24/2014 00:34:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Low Power Mode Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 00:34:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Config TDP Service Application service failed to start due to the following error: 
%%2
 
Error: (12/24/2014 00:34:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application service failed to start due to the following error: 
%%2
 
 
=========================
Error: (10/16/2013 06:32:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39619 seconds with 4440 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 47%
Total physical RAM: 3975.27 MB
Available physical RAM: 2097.53 MB
Total Pagefile: 5575.27 MB
Available Pagefile: 3550.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:100.96 GB) (Free:5.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4B236BD6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

#12 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 December 2014 - 05:45 AM

Hello, 

 

This computer was badly infected. It may not be possible to identify and remove 100% of the malware present. 

 

How is it performing now? 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document. 
    start
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
CHR HomePage: Default -> hxxp://websearch.mocaflix.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.searchsunmy.info/?pid=1091&r=2014/01/05&hid=8402217720576185903&lg=EN&cc=SG&unqvl=45", "hxxp://websearch.fixsearch.info/?pid=3540&r=2014/09/12&hid=8402217720576185903&lg=EN&cc=SG&unqvl=61"
2014-12-18 16:34 - 2014-11-20 13:14 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Zoo
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

#13 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 24 December 2014 - 06:22 AM

Hi again . If i'm using google chrome (not sure about other browsers as i have been using chrome so far) to open this page up , it may lag and hang sometimes in that laptop . 

 

I mean i'm not the user of that laptop . I'm only offering a helping hand to repair it . 

 

If we could keep going till everything is fixed that'll be fantastic . :)

 

Having said that my next reply will be the fixlog.txt


#14 ONewbieO

ONewbieO

    Authentic Member

  • Authentic Member
  • PipPip
  • 148 posts

Posted 24 December 2014 - 06:32 AM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by KengLing at 2014-12-24 20:28:11 Run:3
Running from C:\Users\KengLing\Desktop\Downloads
Loaded Profile: KengLing (Available profiles: KengLing)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff [Not Found]
CHR HomePage: Default -> hxxp://websearch.mocaflix.com/
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://websearch.searchsunmy.info/?pid=1091&r=2014/01/05&hid=8402217720576185903&lg=EN&cc=SG&unqvl=45", "hxxp://websearch.fixsearch.info/?pid=3540&r=2014/09/12&hid=8402217720576185903&lg=EN&cc=SG&unqvl=61"
2014-12-18 16:34 - 2014-11-20 13:14 - 00000000 ____D () C:\Users\KengLing\AppData\Roaming\Zoo
EmptyTemp:
end
*****************
 
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10446\ff not found.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha268\ff not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\KengLing\AppData\Roaming\Zoo => Moved successfully.
EmptyTemp: => Removed 25.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

#15 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 25 December 2014 - 09:43 AM

Merry Christmas. :)
 
------------
 
Lets run through a few more scans. 
 
STEP 1
A50erAh.png Sophos Virus Removal Tool

  • Please download Sophos Virus Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click SophosVirusRemovalTool.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Next.
  • Select I accept the terms in this license agreement, then click Next twice.
  • Click Install.
  • Click Finish to launch the programme.
  • Once the virus database has been updated click Start scanning
  • If threats are found click Details, followed by View log file.
  • Copy the contents of the log and paste in your next reply.
  • Close the Notepad document, close the Threat Details screen, and click Start cleanup.
  • Click Exit to close the programme. 
     

STEP 2
3GlqbMn.png HitmanPro

  • Please download HitmanPro (x64) and save the file to your Desktop.
  • Right-Click HitmanPro_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Next, and agree to the End User License Agreement (EULA) if prompted. 
  • Place a checkmark next to No, I only want to perform a one-time scan to check this computer.
  • Click Next.
  • The scan will start, and will typically take no longer than 2-3 minutes.
  • Upon completion, click on the drop-down menu of the found entries (if any) and select: Apply to all => Ignore <=.
  • Click Next.
  • Click Save Log, and select your Desktop as the location. Copy the contents of the log and paste in your next reply.

Note: If a drop-down menu is not present after the scan is complete, please do not delete the detected items. Close the HitmanPro window. Navigate to C:\ProgramData\HitmanPro\Logs, open the log, copy the contents and paste in your next reply.
 
 
STEP 3
t0iH38h.png Panda Cloud Cleaner

  • Please download Panda Cloud Cleaner and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click PandaCloudCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Next, followed by Next, followed by Finished.
  • Click Accept and Scan
  • Allow Updates to download, and the scan to commence. 
  • Upon completion, allow the results to be sent to the Cloud.
  • On the Scan finished screen, click vwu1luX.png. Do NOT click Clean.
  • Re-enable your anti-virus software.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.log and click OK
  • A log (PCloudCleaner.log) will open. Copy the contents of the log and paste in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Sophos log
  • HitmanPro log
  • Panda log
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·