a97virago Posted September 28, 2014 ID:883970 Share Posted September 28, 2014 Hi, My name is Larry and I've encounter a very persistent virus that I can't seem to get rid of. I see that you've had success with at least one other person. I was hoping you could help me. The virus is PeeacMem as stated in the subject and it is causing dozens of dllhosts.exe to launch when the computer starts and is connected to the internet, at least wirelessly. It's late here so I'll be starting tomorrow morning. Larry Slosberg Link to post Share on other sites More sharing options...
LiquidTension Posted September 28, 2014 ID:883974 Share Posted September 28, 2014 Hello a97virago, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed. ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible.Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.Ensure you are following this topic. Click at the top of the page. ====================================================== STEP 1 Malwarebytes Anti-Malware (MBAM)If you have not downloaded and installed the updated Malwarebytes Anti-Malware 2.0 please do so now.Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 2TDSSKiller ScanPlease download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.MBAM logTDSSKiller log Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884108 Share Posted September 28, 2014 Completed the first set of instructions. Here are the log files Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 9/28/2014Scan Time: 7:58:46 AMLogfile: MBAMScan201409280835.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.09.28.03Rootkit Database: v2014.09.19.01License: TrialMalware Protection: EnabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Sacred Heart Scan Type: Threat ScanResult: CompletedObjects Scanned: 330083Time Elapsed: 25 min, 17 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 197Trojan.FakeGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [661ff8f71c5f082ed50a0af9f21315eb], Trojan.FakeGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [661ff8f71c5f082ed50a0af9f21315eb], PUP.Optional.AudioToAudioToolBar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MapsGalaxy_39Service, Quarantined, [b9cc21ce9ae13afc6289c86dba467d83], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{364EA597-E728-4CE4-BB4A-ED846EF47970}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4b7d0b0c-cff3-49c5-9bc3-ffabc031c822}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{a549a4f7-fa70-421c-b0f2-8f6c0b4b85a8}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{05F5414D-DCD6-4EE6-8C46-20A3F1209E0F}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4F55EE37-30D9-45D6-870F-3EEA6CB9BE9F}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50ADA3A9-20B4-4EE0-8AFA-DE0BCAB94A25}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9193E23B-4182-493F-A38E-682307A7C463}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9D2A3081-70F2-4877-A06D-9BF697A35518}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{05F5414D-DCD6-4EE6-8C46-20A3F1209E0F}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4F55EE37-30D9-45D6-870F-3EEA6CB9BE9F}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50ADA3A9-20B4-4EE0-8AFA-DE0BCAB94A25}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6818868A-1B3D-4E35-A561-FA964A96CD3B}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9193E23B-4182-493F-A38E-682307A7C463}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9D2A3081-70F2-4877-A06D-9BF697A35518}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{a549a4f7-fa70-421c-b0f2-8f6c0b4b85a8}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.SettingsPlugin.1, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.SettingsPlugin, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.SettingsPlugin, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.SettingsPlugin.1, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MapsGalaxy_39bar Uninstall, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{33119133-0854-469d-807A-171568457991}, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{13119113-0854-469d-807A-171568457991}, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.SkinLauncher.1, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.SkinLauncher, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.SkinLauncher, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.SkinLauncher.1, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{03119103-0854-469d-807A-171568457991}, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03119103-0854-469d-807A-171568457991}, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.SkinLauncherSettings.1, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.SkinLauncherSettings, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.SkinLauncherSettings, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.SkinLauncherSettings.1, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}, Quarantined, [8df822cd413a5fd7c6cdf89b3bc751af], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71C1D63A-C944-428A-A5BD-BA513190E5D2}, Quarantined, [8df822cd413a5fd7c6cdf89b3bc751af], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{71C1D63A-C944-428A-A5BD-BA513190E5D2}, Quarantined, [8df822cd413a5fd7c6cdf89b3bc751af], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{71C1D63A-C944-428A-A5BD-BA513190E5D2}, Quarantined, [8df822cd413a5fd7c6cdf89b3bc751af], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MapsGalaxy_39, Quarantined, [74118d62dc9f7db9a1c9ee84788c8080], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@MapsGalaxy_39.com/Plugin, Quarantined, [9beabc33e2996ccadbb31715c2414bb5], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MapsGalaxy_39, Quarantined, [5a2b32bd3348c0768ae11c56758ff50b], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [3c49e20d5328e155c0840323b15258a8], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cae88e60-cea5-4fcb-b611-54ea6305d8ab}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.MultipleButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.MultipleButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.MultipleButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.MultipleButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4369f96e-4071-43e7-8fd2-4d8f96918ef3}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{69d0bac4-a1b1-45ce-944f-9eeb1479f059}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{269D72FF-8629-4DB6-AB4F-86AA3A92F8A9}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{797657A7-D3C7-4D7C-98E3-D0324DDFC4BA}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F8B71C28-069E-406D-8D61-4461B464E37F}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{269D72FF-8629-4DB6-AB4F-86AA3A92F8A9}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{797657A7-D3C7-4D7C-98E3-D0324DDFC4BA}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F8B71C28-069E-406D-8D61-4461B464E37F}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{69d0bac4-a1b1-45ce-944f-9eeb1479f059}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.ToolbarProtector.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.ToolbarProtector, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.ToolbarProtector, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.ToolbarProtector.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4f28fa5f-7d15-4753-b4fc-d548a0f02bfb}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0396d01a-1323-4a15-bd0c-1bc7510f46c6}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8168AFE-9F36-49DE-A80A-00D19FB50207}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B82A91D3-2A13-4BF6-981B-7D9ED152CCED}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9D4AA93-F4C6-480B-8C06-0811F2446943}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8168AFE-9F36-49DE-A80A-00D19FB50207}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B82A91D3-2A13-4BF6-981B-7D9ED152CCED}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9D4AA93-F4C6-480B-8C06-0811F2446943}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0396d01a-1323-4a15-bd0c-1bc7510f46c6}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f3477e9d-d2f6-49f0-9b23-854d7958d07e}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{bf78452b-f168-4310-9ec0-4b9b66b845f0}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7A739956-FB82-4379-AF60-E38C48226AA7}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7A739956-FB82-4379-AF60-E38C48226AA7}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{bf78452b-f168-4310-9ec0-4b9b66b845f0}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{a083c35d-61a9-4625-bbb6-fb54e71b8527}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.DynamicBarButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.DynamicBarButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.DynamicBarButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.DynamicBarButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{c4a25b73-8ef5-4282-9d21-c8920dd577a1}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{15106ae4-6bdf-443e-80b0-3e38b59d26ec}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EF88362-131D-48B0-8969-CCC96F897AB8}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF8C6146-8009-4A3F-8CA3-9E932B017099}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EF88362-131D-48B0-8969-CCC96F897AB8}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF8C6146-8009-4A3F-8CA3-9E932B017099}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{15106ae4-6bdf-443e-80b0-3e38b59d26ec}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.FeedManager.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.FeedManager, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.FeedManager, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.FeedManager.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.HTMLMenu.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.HTMLMenu, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.HTMLMenu, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.HTMLMenu.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5e1bdcf6-dd5f-4dd3-8783-b1454aef1830}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{d833690c-6e56-46c2-a19f-cf5fd81c9c9a}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{200F1306-1316-473B-90CE-A777144BBDF5}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E26AE37-A628-496E-B410-5D432F38BD1A}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{200F1306-1316-473B-90CE-A777144BBDF5}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E26AE37-A628-496E-B410-5D432F38BD1A}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{d833690c-6e56-46c2-a19f-cf5fd81c9c9a}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1796ec91-d094-4a5f-b681-e16015d1ceac}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3141fb47-2f0f-417d-a6fe-7047c5d2bbb4}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{16C7BB64-AC8D-4863-92ED-799D20F001DA}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AE0F4663-EAE3-437F-BE60-9EC9B745DBFA}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BAD750C1-F04B-42E6-847F-4F4BA8A7EDE1}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{16C7BB64-AC8D-4863-92ED-799D20F001DA}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AE0F4663-EAE3-437F-BE60-9EC9B745DBFA}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BAD750C1-F04B-42E6-847F-4F4BA8A7EDE1}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3141fb47-2f0f-417d-a6fe-7047c5d2bbb4}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.XMLSessionPlugin.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.XMLSessionPlugin, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.XMLSessionPlugin, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.XMLSessionPlugin.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1796EC91-D094-4A5F-B681-E16015D1CEAC}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{37ed966d-4d0e-4d66-9633-bea542c92860}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{87792411-b73a-435e-86f3-ae633a690e84}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E2DAE1A4-09EE-4209-AD3B-1C96330EDCEF}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E2DAE1A4-09EE-4209-AD3B-1C96330EDCEF}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{87792411-b73a-435e-86f3-ae633a690e84}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.RadioSettings.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.RadioSettings, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.RadioSettings, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.RadioSettings.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7d4dfaf7-f2ce-4c91-91a4-514c9612914d}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.Radio.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.Radio, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.Radio, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.Radio.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{db1384d8-1bda-4c8d-a743-e9ca671feb00}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.ScriptButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.ScriptButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.ScriptButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.ScriptButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1241cebd-9777-4bc6-aae5-2a77e25db246}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{64fbf8b6-c770-401a-8b84-f630edaf4448}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D8734DB-7110-4CDB-833F-52BC93865AB2}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41AE59EF-88EE-450B-B60A-F153679E6EE8}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{902E7D34-D421-4766-8191-15A1B52D0BA2}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D8734DB-7110-4CDB-833F-52BC93865AB2}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41AE59EF-88EE-450B-B60A-F153679E6EE8}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{902E7D34-D421-4766-8191-15A1B52D0BA2}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{64fbf8b6-c770-401a-8b84-f630edaf4448}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{173a5778-34bf-48a2-8a5e-6963ce922fed}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.PseudoTransparentPlugin.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.PseudoTransparentPlugin, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.PseudoTransparentPlugin, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.PseudoTransparentPlugin.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{173A5778-34BF-48A2-8A5E-6963CE922FED}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9b58a6ce-b337-43d5-9c2f-8c6d92fba094}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e045df14-bf1d-405c-a37b-a75c1551ad17}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{f9b90065-cd7a-4439-b311-b292299182a9}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DE4CC811-10B7-41F0-AB0E-EC2CFC91A8AD}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DE4CC811-10B7-41F0-AB0E-EC2CFC91A8AD}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{f9b90065-cd7a-4439-b311-b292299182a9}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.ThirdPartyInstaller.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.ThirdPartyInstaller, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.ThirdPartyInstaller, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.ThirdPartyInstaller.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E045DF14-BF1D-405C-A37B-A75C1551AD17}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{b70e008c-967b-4104-bc7b-6f7c77dbc38d}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.UrlAlertButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.UrlAlertButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.UrlAlertButton, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.UrlAlertButton.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{a35ff019-6dbe-4044-b080-6f3fa78a947f}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{8feeda9e-8f71-45df-a797-468226d1d35b}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C285FFF4-DE32-402D-B8FD-6F34F1D5920C}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CDDB17CD-7A6B-4887-8EE6-68A43F532197}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C285FFF4-DE32-402D-B8FD-6F34F1D5920C}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CDDB17CD-7A6B-4887-8EE6-68A43F532197}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8feeda9e-8f71-45df-a797-468226d1d35b}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.HTMLPanel.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\MapsGalaxy_39.HTMLPanel, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.HTMLPanel, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MapsGalaxy_39.HTMLPanel.1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A35FF019-6DBE-4044-B080-6F3FA78A947F}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A35FF019-6DBE-4044-B080-6F3FA78A947F}, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], Registry Values: 13Trojan.FakeGoog, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleUpdate, C:\Users\Sacred Heart\AppData\Roaming\GoogleUpdate.exe, Quarantined, [661ff8f71c5f082ed50a0af9f21315eb]PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{364EA597-E728-4CE4-BB4A-ED846EF47970}, â??Â¥N6(çäL»JÃâ??nôyp, Quarantined, [2c59bc33205bed49c8c6ade67989b64a]PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{364EA597-E728-4CE4-BB4A-ED846EF47970}, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{364EA597-E728-4CE4-BB4A-ED846EF47970}, Quarantined, [4f36599686f52c0a0d83deb5649e5aa6], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}, Quarantined, [5b2a539c7407be783e5112817092db25], PUP.Optional.MindSpark.A, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{26842A09-FFA8-4E2C-AE12-0C80F01C3295}, Quarantined, [5b2a539c7407be783e5112817092db25], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{364ea597-e728-4ce4-bb4a-ed846ef47970}, Quarantined, [642176799fdcc86e157b801353af6b95], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|39ffxtbr@MapsGalaxy_39.com, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [f68fb23df28993a3fcca84ac847f9868]Trojan.Agent.EV, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe", Quarantined, [e4a1db14cead00360b4c6ea459aaed13]Hijack.Autorun, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe", Quarantined, [88fdba35116a0f27db28043df3107b85]Trojan.Agent.EVGen, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xwizard, "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe", Quarantined, [aadb04ebd2a9072f114741d1dc279070]Backdoor.Bot, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svchost86x.sys, "C:\Users\SACRED~1\AppData\Local\Temp\conhost41.exe", Quarantined, [add814db4b30231338546afb010204fc]Trojan.Agent.EVGen, HKU\S-1-5-21-639415932-1215857684-1316868989-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|xwizard, "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe", Quarantined, [88fd8d6286f55fd7db7e1cf65ba8b34d] Registry Data: 0(No malicious items detected) Folders: 49Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\46113357, Quarantined, [691c19d6cbb0ab8bea9bd6f72bd708f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\2739811445, Quarantined, [b5d0cb24a0db0a2ca9dd88454eb408f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\4121640743, Quarantined, [afd60ae5304b10268105aa23d72bc739], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\chrome, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\ThirdPartyInstallers, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\gen1, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\History, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\IE9Mesg, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\Message, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\Settings, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.1.2, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\fonts, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\fonts, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\History, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\MapsGalaxy_39, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\MapsGalaxy_39\Cache, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-21-639415932-1215857684-1316868989-1003\$e832065498a1fb1692b97b2bda927d12\U, Quarantined, [d9ac8b64ec8f082eb73c8878ea16ea16], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\L, Quarantined, [a4e19c534f2c20167382bc44e8183dc3], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-21-639415932-1215857684-1316868989-1003\$e832065498a1fb1692b97b2bda927d12\L, Quarantined, [92f3747b572452e4b14418e8f907d828], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12, Quarantined, [63226c832b502c0a54a248b8ff01619f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-21-639415932-1215857684-1316868989-1003\$e832065498a1fb1692b97b2bda927d12, Quarantined, [75103eb1116a3afc42b4c7394fb105fb], Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884109 Share Posted September 28, 2014 Files: 719Trojan.FakeGoog, C:\Users\Sacred Heart\AppData\Roaming\GoogleUpdate.exe, Quarantined, [661ff8f71c5f082ed50a0af9f21315eb], PUP.Optional.AudioToAudioToolBar.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe, Quarantined, [b9cc21ce9ae13afc6289c86dba467d83], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll, Quarantined, [2c59bc33205bed49c8c6ade67989b64a], PUP.Optional.FunWebProducts.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39sknlcr.dll, Quarantined, [6b1ac12e76059f97090301cafd05c838], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll, Quarantined, [8df822cd413a5fd7c6cdf89b3bc751af], Trojan.FakeMS.ED, C:\ProgramData\EvitpUseyw\EvitpUseyw.dat, Quarantined, [1075ca250c6f6ec8393dbb01936ef907], PUP.Optional.InstallIQ.A, C:\$Recycle.Bin\S-1-5-21-506334461-662739515-669185290-1003\$RA50WN6\7zipap_1320.exe, Quarantined, [0382f6f91b6077bfc752c365f809728e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd80B3.tmp, Quarantined, [d6af10df8bf0d5615a6aa50f88796997], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd80E2.tmp, Quarantined, [c6bfb83786f5f83ef8cc159f3dc4d42c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8239.tmp, Quarantined, [ff86b23d8bf072c4e4e0456fd8291be5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd83CF.tmp, Quarantined, [226305eaed8e43f3f9cbe5cffc05ac54], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd841D.tmp, Quarantined, [394c1ad514671224c400a3114eb35ca4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd847A.tmp, Quarantined, [1c6933bc7605cd693193b5ff71909769], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8545.tmp, Quarantined, [31545d920a71989e5371d5df0af722de], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8593.tmp, Quarantined, [087d5d92502bf442dce87044a75a4eb2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd867D.tmp, Quarantined, [760fd7182a510333962ee2d25aa76997], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd86AC.tmp, Quarantined, [5f2616d9c1ba9e98a71d8f25af524ab6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd878.tmp, Quarantined, [6223af40651654e2279db9fb9c65b14f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd87E4.tmp, Quarantined, [295c1fd0f685ef47cff53c783ac75ea2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd89A8.tmp, Quarantined, [5f2676797b0078be259f3c788d74e31d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8A35.tmp, Quarantined, [64217d72ea91e3536a5a3e76d1306e92], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8B0F.tmp, Quarantined, [582d17d84d2ed462a91b8a2a23de20e0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8BCA.tmp, Quarantined, [e99cf0ff7605e353b70d7a3a669b39c7], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8C47.tmp, Quarantined, [8df8af401269b680d4f0961e3ac78b75], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8C6.tmp, Quarantined, [7a0b5996b6c542f4e1e39420f50c5da3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8C85.tmp, Quarantined, [c8bd5b94fb801c1a0bb95e56b24ff40c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8CC4.tmp, Quarantined, [9ce9f9f6017a2412c400b20234cd2dd3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8DAE.tmp, Quarantined, [3154ea05b8c3e84e9133f5bf44bdb050], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8EF5.tmp, Quarantined, [7f06f9f68cefac8a2c98e4d09c65db25], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd8F72.tmp, Quarantined, [bfc6618ea1da81b51ca89c1826dbb44c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd901E.tmp, Quarantined, [1f6634bb0a71ab8bbf0543718879c23e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd904D.tmp, Quarantined, [2d58658a4833a294f5cfd8dc45bce719], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd90E9.tmp, Quarantined, [93f2d9169ae18aaca024d4e0c73aca36], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9221.tmp, Quarantined, [d6afa04fec8f02347c4805af2fd207f9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd925F.tmp, Quarantined, [f293f8f7d1aadc5ab90b22921be6b050], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC2B2.tmp, Quarantined, [a7deec03d3a8072f4b79a60ed32e41bf], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC2F0.tmp, Quarantined, [691c3db23c3f61d5d5efd5df54ad847c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC37D.tmp, Quarantined, [5134717e007b57dfdee62094c43d0ff1], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC3FA.tmp, Quarantined, [95f0f8f7f685bb7bb50fefc514ed54ac], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC438.tmp, Quarantined, [493c2bc44d2e0e2811b3d3e1936eaa56], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC4B5.tmp, Quarantined, [1570767985f61323d6eefcb84ab70000], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC560.tmp, Quarantined, [6f16747b87f42f076460902411f0fb05], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC5DD.tmp, Quarantined, [d7aeb13e6f0c989e81439d17827f60a0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC679.tmp, Quarantined, [e79e6b845625df573f850fa535cc14ec], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC8BA.tmp, Quarantined, [b9cc0ce3f685b185b50f169e7e83be42], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC947.tmp, Quarantined, [7d0831be176442f48d378b298081748c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC9D.tmp, Quarantined, [dea704eb7605b482754f3381a75aab55], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC9F2.tmp, Quarantined, [65205b945823cf671ea6f3c19c6502fe], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCA21.tmp, Quarantined, [fb8abe31cbb00333facad1e325dc847c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCA8F.tmp, Quarantined, [99ec5f90017a6ec8f1d3159f907139c7], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCB2A.tmp, Quarantined, [01848e61611a6acc289cd6de59a8857b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCBC.tmp, Quarantined, [196cee01116ad165467ef7bd827fb848], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCC53.tmp, Quarantined, [7a0b628d1f5c76c0774d486cfa0757a9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCE07.tmp, Quarantined, [7b0a49a685f6ab8b10b44c6834cd58a8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCE94.tmp, Quarantined, [463feb0405764beb368e6f45758c4cb4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCF11.tmp, Quarantined, [cdb801ee611a96a0f3d17440c041ea16], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updCF12.tmp, Quarantined, [1c699659b9c276c0ffc5f2c2cf32d62a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD058.tmp, Quarantined, [cabbe00f94e77bbbae16496b43bec838], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD068.tmp, Quarantined, [067f43aca1daa29416aeeec6ba4744bc], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD097.tmp, Quarantined, [7e079b54df9c2016873d2c88837e50b0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD0B6.tmp, Quarantined, [117402ed6a118da95e66efc543beae52], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD22D.tmp, Quarantined, [afd6d51a6b10ca6ce2e23c78f8097c84], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD46E.tmp, Quarantined, [cabb905fadceba7c03c1bbf95da41ae6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd252C.tmp, Quarantined, [a1e434bb4c2f0f279232971dff023ec2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd25D7.tmp, Quarantined, [bec709e64f2c3402279de6cecf3212ee], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2809.tmp, Quarantined, [e3a22ac52457d6607b49575d8c75f10f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2847.tmp, Quarantined, [d2b3cc23bfbc2e08e2e2d7dd07faf50b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2876.tmp, Quarantined, [a3e217d81962d2646f55575dd22f60a0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd28D4.tmp, Quarantined, [4342589780fbf0468d37fbb93dc426da], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd29E.tmp, Quarantined, [c6bfae41bebd68cebd07773dd62b6997], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2AD6.tmp, Quarantined, [0a7b66892655a1959e260ca828d9a957], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2B05.tmp, Quarantined, [176e38b77803979f8143852fa55c5aa6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2D28.tmp, Quarantined, [077eb738ed8e83b301c38c287c852bd5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2E02.tmp, Quarantined, [8bfac8273d3e76c0e1e33a7ad42d56aa], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2E21.tmp, Quarantined, [e2a3ba358af1b77f4f753381a06157a9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd2E50.tmp, Quarantined, [6f16f9f6aad14beb31937f3557aad828], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3033.tmp, Quarantined, [0a7b46a90f6c0531339172423ec33ac6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3052.tmp, Quarantined, [0f76cb24bebdee4812b2ad07748d30d0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd30A0.tmp, Quarantined, [5530b43b4e2d1f176064bbf92cd530d0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd30DF.tmp, Quarantined, [dda80ee1fe7d88ae4e76f7bd6e93f010], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3255.tmp, Quarantined, [d6afe20de695d75ffec61a9a36cbae52], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3340.tmp, Quarantined, [7510559acbb0171f2d970ba9d52c19e7], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd33CC.tmp, Quarantined, [186d7778f28937ff09bb862ee21f817f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd33EB.tmp, Quarantined, [493cd9161e5dd85e11b3843024dd56aa], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3429.tmp, Quarantined, [c5c0a44b95e6aa8c0aba6c48ee13ec14], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd368A.tmp, Quarantined, [770e44abaccf7eb8a123823204fdd030], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd383F.tmp, Quarantined, [2d582ac54f2ce1551ba991236e9317e9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3938.tmp, Quarantined, [ff865897cdae0036daea5e562cd530d0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd39A5.tmp, Quarantined, [23621cd3bdbeb08672524f65a9585ba5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd39B5.tmp, Quarantined, [cdb8559abfbcfb3b269e377d758cf10f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3A41.tmp, Quarantined, [8500d21d0b70c274586c852f6b966a96], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3B5A.tmp, Quarantined, [ceb7c32c7803f5412d97e8cc936ee61a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3C63.tmp, Quarantined, [7411549b4e2d8ea81aaa84300cf59769], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3D4D.tmp, Quarantined, [711410dfd2a98bab299bddd703fe728e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3E18.tmp, Quarantined, [b3d29956e2992313e1e3f7bd15ec27d9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3F31.tmp, Quarantined, [63220ae5106b77bf6e56c1f32dd4926e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE61A.tmp, Quarantined, [d5b02bc4c5b62016774da212ec15629e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE6F4.tmp, Quarantined, [0b7a628dc7b4181ed5ef7f35e61ba759], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE713.tmp, Quarantined, [6d18c9261764c1759034932105fc22de], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE732.tmp, Quarantined, [9aeba748c3b81521e3e1bcf83bc60ff1], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE7BF.tmp, Quarantined, [c1c4b13ec9b2c076bd073c78c0418e72], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE7C0.tmp, Quarantined, [86ff0ee1c4b750e68f352391659c0ef2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE945.tmp, Quarantined, [80059a5503786bcba123ac084ab7f709], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEA.tmp, Quarantined, [9ce9c629ed8e55e143812d872ad7c13f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEABB.tmp, Quarantined, [c2c3d916562558de3a8a496bbf429868], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEACB.tmp, Quarantined, [d2b336b9e09b88ae3391f3c139c8a858], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEB38.tmp, Quarantined, [8302aa453546b87e685cc3f1b0511fe1], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEC41.tmp, Quarantined, [7510b13eaecd55e1cef6179d629fe51b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updECE.tmp, Quarantined, [e3a2a64981fa39fd8d377e3655ac2ed2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updECED.tmp, Quarantined, [018432bd433895a10bb9c7eddd24f010], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updED89.tmp, Quarantined, [6f1614db304b76c04c78753f08f9f50b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEDA8.tmp, Quarantined, [72130de2b1ca37ffb80c91238a774fb1], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEE73.tmp, Quarantined, [3352fcf3fd7eba7ca123d9db6e9308f8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEE92.tmp, Quarantined, [e5a040af4c2fe74fd5efebc9df229d63], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updEF1F.tmp, Quarantined, [1c6915da7cff181e655f42723ac7b64a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF095.tmp, Quarantined, [f5901ed17dfed264378d93215ba647b9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF121.tmp, Quarantined, [1b6a9b548fec1422467e308436cbc63a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF2C.tmp, Quarantined, [87fe816e97e411253391169e1be66c94], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF2C6.tmp, Quarantined, [4144ba3553286accb60e5262a160e41c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF372.tmp, Quarantined, [087dfbf4e4972b0b3f85c8ecb74afa06], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF373.tmp, Quarantined, [cabb5b94d8a379bd52720ca8e819ad53], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF43D.tmp, Quarantined, [52333fb085f639fdfcc8edc77e83a15f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF45C.tmp, Quarantined, [d2b3905fe497a98d269ef7bdc43d54ac], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF537.tmp, Quarantined, [03829a55661586b0ab19b20201007789], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF66F.tmp, Quarantined, [295ca74854277cbac400a60e4cb5ec14], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA256.tmp, Quarantined, [008543acd0ab1422b212e6ced22f55ab], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA3AE.tmp, Quarantined, [fb8ada153f3c3204f9cb763ecd34e51b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA3C.tmp, Quarantined, [d3b204ebb6c5ab8b23a1377dc938bc44], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA42A.tmp, Quarantined, [b3d2ec03b9c2ff37893b654f10f1669a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA572.tmp, Quarantined, [741122cd43383ff72a9a8331da2735cb], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA5B0.tmp, Quarantined, [671ed21da0db270f3292872d70919e62], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA65C.tmp, Quarantined, [dbaad6197a019e98ae1602b2ef12748c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA69A.tmp, Quarantined, [067fba35a0dbcd69d9eb3381cb36f60a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA717.tmp, Quarantined, [1a6b2ec144378bab7e467e3627dab947], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA830.tmp, Quarantined, [0c798669b7c4e74fbc082d8702ff22de], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA831.tmp, Quarantined, [e79ed6196615ea4c7c48d6de12ef6b95], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA978.tmp, Quarantined, [ec99ea051d5e4ceacbf9e0d49a67d030], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA9A7.tmp, Quarantined, [671e47a8304b84b22b996f4541c020e0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA9D5.tmp, Quarantined, [5134ec03156692a42a9a6a4a22df5ea2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAB7A.tmp, Quarantined, [b4d130bf6e0d9c9ab90b526243be38c8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAC45.tmp, Quarantined, [1f667e71bfbc51e52b99dada768b3cc4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAC74.tmp, Quarantined, [077e07e8b1ca251192324b69a160e11f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAD10.tmp, Quarantined, [4441ed02057666d0f6ce852fdd24639d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAD9.tmp, Quarantined, [1f665a9599e2eb4b933107ad9c6550b0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updADFA.tmp, Quarantined, [99ecfdf269128ea8eada30840cf53cc4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAEE4.tmp, Quarantined, [8005ac43bdbe66d0a51f7440867b0bf5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updAF51.tmp, Quarantined, [86ff56991e5d66d0576d357fc63bee12], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB154.tmp, Quarantined, [75100de23a415cda16ae0fa5e31e5ba5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB1A2.tmp, Quarantined, [562fdf108dee3afc6163a60e768b4ab6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB20F.tmp, Quarantined, [dea702ed483355e15b69447024ddd927], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB23E.tmp, Quarantined, [4441747baad11323566edbd9c43d36ca], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB26.tmp, Quarantined, [00856f8099e249edf8cc1a9af1103dc3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5550.tmp, Quarantined, [5f26c02f601b142213b10fa533cea858], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd56C6.tmp, Quarantined, [642144ab2c4f50e69d273282e81905fb], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd56D6.tmp, Quarantined, [22638966691245f1a4203e76ec15639d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5705.tmp, Quarantined, [3f46a9463249fa3c0cb8516306fbd729], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd57DF.tmp, Quarantined, [fd8822cd3b400630982cdfd523dea957], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5994.tmp, Quarantined, [e79e27c896e5ed49ae16694bfc05db25], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5B0A.tmp, Quarantined, [b8cd28c715668bab01c3dbd9da2721df], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5C90.tmp, Quarantined, [95f0d41b9be0f343d0f4f0c4dd24b44c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5CA0.tmp, Quarantined, [1c6937b884f79b9bfcc8d8dcd031bf41], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5D0D.tmp, Quarantined, [bcc905ea52291422e7dd684c13ee39c7], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5D99.tmp, Quarantined, [91f49659fa811620853f2b893cc5ab55], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5DA9.tmp, Quarantined, [ff868e61b8c3d660774da2121ee3c838], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5DB9.tmp, Quarantined, [c0c531be433845f1cbf9e2d242bf639d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5F5E.tmp, Quarantined, [b0d53eb12f4cc07602c2f3c12cd522de], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd60D4.tmp, Quarantined, [c5c0c02ff08b1d19ccf87b393ac7f808], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd625A.tmp, Quarantined, [592c38b7d6a56cca05bfecc840c107f9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd626A.tmp, Quarantined, [03829f50ed8e6cca24a0417319e8e41c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6306.tmp, Quarantined, [3253df10ef8cd95d6d575064b74ac53b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6325.tmp, Quarantined, [d3b25c93334877bfe9db852fa45d649c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6392.tmp, Quarantined, [315420cf64174ceadaea09ab5aa750b0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6528.tmp, Quarantined, [4243866916652b0beed6dfd5a35e857b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd66AE.tmp, Quarantined, [ef9649a68bf09b9b279d6c485aa7ee12], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6824.tmp, Quarantined, [d3b23bb48cefd165754f437199681de3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6843.tmp, Quarantined, [a8dd45aa49329b9b279d694b47ba837d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd692E.tmp, Quarantined, [55307976d2a9e74f24a0239131d0e61a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd694D.tmp, Quarantined, [8bfa7976a2d9013532929024bb4646ba], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd699B.tmp, Quarantined, [2164f4fbf18a85b1665ee8cc06fb847c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6A37.tmp, Quarantined, [86ff07e89be084b2596bb10327da6d93], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6AF2.tmp, Quarantined, [a3e2d81781fa2610fcc8f4c0d03147b9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6C3.tmp, Quarantined, [6e17e30cbfbcd95d12b29f15c1405ea2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6C78.tmp, Quarantined, [3e47bd32e794c86ef0d411a331d06f91], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6D.tmp, Quarantined, [473e7b7465169f97f8ccc1f3c839d927], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6DFE.tmp, Quarantined, [fe877c735b20a6904b799321d03133cd], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd12E4.tmp, Quarantined, [55302ec1df9c2412ad17cce89a67de22], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1370.tmp, Quarantined, [6e171ed12655b0868440b202ba47ac54], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd139F.tmp, Quarantined, [aadbf1fecbb0d462259fc9eba25f37c9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd141C.tmp, Quarantined, [0f762fc07a011d19566eb7fd8978c53b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd14F6.tmp, Quarantined, [bdc8e50ae2997db9863ea60e3cc546ba], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd15C1.tmp, Quarantined, [a1e4a24d81faf5413490edc715ec38c8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd16DA.tmp, Quarantined, [0184c42be69543f3ae169321ea179868], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd16F9.tmp, Quarantined, [80054ea17407fa3cae16c4f0e41d06fa], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd194A.tmp, Quarantined, [d8ad6986710a8babd1f37d37659c817f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1979.tmp, Quarantined, [4342a34cfd7e91a5388cb6fe4db46997], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1A05.tmp, Quarantined, [dbaa02ed79026acc0fb5585c21e008f8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1A82.tmp, Quarantined, [bbca0ce37b0039fd16aed0e429d8d52b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1B7B.tmp, Quarantined, [176ebc3390eb87afc1038f25db26aa56], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1C65.tmp, Quarantined, [3550c22d2b50280eb80ccde756ab30d0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1C75.tmp, Quarantined, [3f4606e9087395a18044d3e16d941ee2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1CB3.tmp, Quarantined, [8005d91636451c1a4b79f4c06c959b65], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1D11.tmp, Quarantined, [9de8c22d39424fe718acbafa43beda26], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1D12.tmp, Quarantined, [e5a07f70a8d30c2a5371c1f3c938c23e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1DCC.tmp, Quarantined, [b2d338b73e3df244cdf75163956c748c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1E97.tmp, Quarantined, [d0b5a94656259e98952f476d27da649c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1F23.tmp, Quarantined, [7411b13e1665f145398bdbd951b021df], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1F52.tmp, Quarantined, [dda8eb042d4ee353b014298be71a6e92], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1F62.tmp, Quarantined, [c9bc737c3e3d76c0398b4470e021f010], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1FDE.tmp, Quarantined, [a4e1539c3546c175537100b432cf55ab], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1FDF.tmp, Quarantined, [087d935c3645ae885d67cce84eb352ae], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd201D.tmp, Quarantined, [daab17d83447d95d497b06ae13eeb947], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd20D8.tmp, Quarantined, [98ed32bd83f891a521a34470e21fc838], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd222.tmp, Quarantined, [24618a6537441b1bb50f0ea648b914ec], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd227D.tmp, Quarantined, [a5e0bc331b6049ed16aeb202be431be5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd22CB.tmp, Quarantined, [1f66945b7a011a1c527222922ed329d7], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd250C.tmp, Quarantined, [a1e48a6569127bbbfcc8fcb8ae531ee2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD4DC.tmp, Quarantined, [7f062ec1bfbcd75fffc5288cb44d1be5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD4DD.tmp, Quarantined, [8ff636b9bebd76c08e36189cad54e917], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD632.tmp, Quarantined, [aed7fcf3fb80ed49a1232f858978857b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD642.tmp, Quarantined, [9ee75f905a2145f1388c82322fd2fc04], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD75A.tmp, Quarantined, [7d080be456255bdb3b897e369c65e31d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD77.tmp, Quarantined, [e5a0c12e780358de1fa5f4c0659c9a66], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD7F7.tmp, Quarantined, [ee97f2fdf289a393dbe9af0537ca659b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD87.tmp, Quarantined, [681dbc333f3c989e3f85dcd81be6748c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD8B2.tmp, Quarantined, [483df8f7f7841b1b329233813cc5b64a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD90F.tmp, Quarantined, [f0957877fc7f66d0b014ebc9d62b758b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDA6.tmp, Quarantined, [7a0b5c931566999d4084694b41c0a55b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDA76.tmp, Quarantined, [95f0707f13683afcb60e159fe71a47b9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDAB4.tmp, Quarantined, [5f26b33c1b6051e5a81c8430010002fe], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDAD4.tmp, Quarantined, [1b6ab13e7803fb3b3c885a5a6c95e719], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDBFC.tmp, Quarantined, [acd98c63522962d4497b3d779d640af6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDC0B.tmp, Quarantined, [2065dd1235464fe70aba892b629fbd43], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDC1B.tmp, Quarantined, [95f0bc335b20a6907d479d17af52cc34], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDC5.tmp, Quarantined, [6c1943aca5d6043214b03381bb4636ca], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDD53.tmp, Quarantined, [493c648b76059b9b12b28c2839c82ad6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updDFD3.tmp, Quarantined, [1f6642ad354696a08242496bef121be5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE040.tmp, Quarantined, [097c6b84c7b40036d9eb9e16c140f20e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE06F.tmp, Quarantined, [1075549b6e0d88aefcc82d8717ea6997], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE070.tmp, Quarantined, [582d9e51d1aa3402b70d5a5ab74af50b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE09E.tmp, Quarantined, [4b3ace21fd7e043205bf5c5845bc3ec2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE1E5.tmp, Quarantined, [bbca42ad89f259ddab19892b37cae61a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE1F5.tmp, Quarantined, [295cad420b701422358f5e5641c0b54b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE35C.tmp, Quarantined, [75100ce37cff47efdfe52b8954adb14f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE3B9.tmp, Quarantined, [c4c118d7d5a6a88ee0e404b0f40de21e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE3BA.tmp, Quarantined, [9ce914dbadce350160648331629fd927], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE52.tmp, Quarantined, [d9acd718dc9f072feada1b9913ee8878], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE56E.tmp, Quarantined, [12737976dc9f0333d4f00fa5a35eae52], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF890.tmp, Quarantined, [dbaaa24d03785adc8440f7bd2ed30cf4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF8BF.tmp, Quarantined, [9bea6689fc7f1422e0e4af05c140d52b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF9.tmp, Quarantined, [8bfa87680e6d1422f2d26450f01155ab], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF95B.tmp, Quarantined, [6025846b76050531cbf9575dcd34cf31], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF96B.tmp, Quarantined, [e0a5bd326a118ea8d3f113a11de4e719], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF9F7.tmp, Quarantined, [cdb8c629611aa4920abaae0659a8fa06], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFB01.tmp, Quarantined, [0085a8473348f046b70d09ab4ab77f81], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFC48.tmp, Quarantined, [6e17dd12e2990a2cd0f413a123de41bf], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFCB5.tmp, Quarantined, [dea7bd325625c76f388c12a2c73a6d93], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFD51.tmp, Quarantined, [84011bd41368bb7b7f45b6fe29d88878], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFE6A.tmp, Quarantined, [f293816e2952fa3cdee64173e31ee21e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFE7.tmp, Quarantined, [3a4b1fd017649e98dce8f2c2cd343bc5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFF35.tmp, Quarantined, [f88ddc13225948eefaca5262e21f7a86], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updFF45.tmp, Quarantined, [572e67888af1ed49319363516d949070], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6F17.tmp, Quarantined, [d3b2806f512a88ae6f55eaca827fe818], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6F26.tmp, Quarantined, [4f36747b394246f0358f615338c921df], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6F74.tmp, Quarantined, [8ef7678895e67cba695b3f75b74a7d83], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd70CB.tmp, Quarantined, [b3d2ba35b3c8af87764e813306fb2ed2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7242.tmp, Quarantined, [abdaed0206752f0784402b89eb160ef2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd729F.tmp, Quarantined, [ceb76b84d8a32d09d9ebb7fded147f81], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd730.tmp, Quarantined, [d8adea05ff7cbf771aaaae06e021df21], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd73C8.tmp, Quarantined, [6a1be609bfbc979f6361595bb8497d83], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd73E7.tmp, Quarantined, [dfa637b8136894a2f5cfb7fdea17c63a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd750F.tmp, Quarantined, [364fb23d156640f64e76773ddc25d927], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7619.tmp, Quarantined, [b4d112dd2e4d3ff7368e3d771fe2817f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd76A5.tmp, Quarantined, [4a3b41aed5a670c616aea70d08f97987], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd76A6.tmp, Quarantined, [582d727ddaa1d363566e763eac55fc04], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd77CE.tmp, Quarantined, [8401955a007bca6c90340ca82dd4bc44], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd77E.tmp, Quarantined, [176e9857bfbc72c4863eb5ffe31e1ee2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd781C.tmp, Quarantined, [d6af4ea1de9d8ea8fbc97440c53c9070], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd79A1.tmp, Quarantined, [6d1845aa572472c44381704427da0df3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd79A2.tmp, Quarantined, [85005f9024571c1ac7fda80c966bf10f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7ACA.tmp, Quarantined, [374ed51aed8eb2849133cbe9659c21df], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7B08.tmp, Quarantined, [5332b6394734fd3974501d9720e14cb4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7C50.tmp, Quarantined, [176e7a755328a195f5cf664e15ecfb05], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7C5F.tmp, Quarantined, [aed7b7388eed9c9adfe5c1f329d8cb35], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7D2A.tmp, Quarantined, [f392876802798babb410dadabc45619f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7DF5.tmp, Quarantined, [d0b5f2fdf289f244dbe921934db4be42], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7E53.tmp, Quarantined, [d6afac439cdfa88edce808ac2bd6629e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7EA1.tmp, Quarantined, [c8bd2bc4354660d64381c9eb24dd4ab6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7EC.tmp, Quarantined, [770e6f80d0ab2b0b9e26476d2dd42ad6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd7F6C.tmp, Quarantined, [99ecc6296219e155fbc9783c867baf51], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9491.tmp, Quarantined, [6b1a6f80daa151e504c07b39bd44e31d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd950D.tmp, Quarantined, [f88d0be4b4c7c86ea123951f2ed32cd4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd953C.tmp, Quarantined, [7c09c02f314a6dc9dfe5bafa31d0d12f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd95C9.tmp, Quarantined, [f78e747b6219a6904f75179d27da0000], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd96B3.tmp, Quarantined, [364fd619354695a19232b10361a0f808], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd96F1.tmp, Quarantined, [94f16b84d6a54aec1ba98f259c6537c9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd97FA.tmp, Quarantined, [e99c7a75fe7d5fd7b113694ba45d2fd1], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd981.tmp, Quarantined, [661f00efec8f02349b29a0141ce5e61a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9839.tmp, Quarantined, [f68f35baaecde254547093218c7553ad], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9AC8.tmp, Quarantined, [0d7837b8daa181b5f4d074402dd4ab55], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9B06.tmp, Quarantined, [ccb9da15aad1b2841ea6b9fb6d94be42], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9B45.tmp, Quarantined, [dca9b7389eddf83e477d763e33cec63a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9B46.tmp, Quarantined, [daabc12ee09bce6881435f55847d20e0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9B73.tmp, Quarantined, [364f30bf334859ddbc08585cb150bb45], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9B83.tmp, Quarantined, [9ee7b43b9ae176c015af3e761ee337c9], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9C8C.tmp, Quarantined, [b3d28c63b2c9bb7bffc512a243be52ae], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9DD4.tmp, Quarantined, [c1c4618e067587afb2128e268b76946c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9E12.tmp, Quarantined, [8104c728df9c12248f35ad07ca3702fe], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9EE.tmp, Quarantined, [30553ab5e596c670695b5a5a03fe7888], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9F6A.tmp, Quarantined, [2f563cb3b0cb88ae05bff9bbe21f35cb], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd9FB7.tmp, Quarantined, [d2b37f70205bbd79c301d9db15eccc34], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA092.tmp, Quarantined, [285dbe31e59661d512b22c8851b00af6], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA0D0.tmp, Quarantined, [bec706e93b40d462fbc912a29869d52b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA0E.tmp, Quarantined, [91f4da15443794a219abf9bba65b28d8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA13D.tmp, Quarantined, [770e628daad16ec8428203b146bbf20e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB2E9.tmp, Quarantined, [c7bef7f80d6e8bab4183cee6b24f48b8], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB4DD.tmp, Quarantined, [3e4733bc2c4fac8a1fa58d27cd349769], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB4DE.tmp, Quarantined, [bdc81ad5ff7c3105f8cc456fcd3449b7], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB51B.tmp, Quarantined, [dda828c780fbff37675df9bbd82943bd], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB559.tmp, Quarantined, [0a7b2bc4b9c2e5511fa5a70d7b860df3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB73D.tmp, Quarantined, [51340fe09edd44f211b3298b43be45bb], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB7D9.tmp, Quarantined, [bfc6a24d4b30ac8af1d36e4660a1916f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB818.tmp, Quarantined, [d3b2e40bd9a285b1a3214173e71ade22], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB865.tmp, Quarantined, [364fbf30f883bd79eed6783cda2725db], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB8A4.tmp, Quarantined, [592cac43304b59ddab197b399071758b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB8F2.tmp, Quarantined, [a1e4ba35e3984fe73d874e6630d1639d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB96F.tmp, Quarantined, [364f03ecc8b3cf67e3e1268e58a9a45c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBAF5.tmp, Quarantined, [88fd14db87f40531368e625212efbd43], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBB81.tmp, Quarantined, [34515e916318ec4ae8dccee617ea4cb4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBBC0.tmp, Quarantined, [93f2f3fc0f6c59dd42822b89bd444bb5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBCF7.tmp, Quarantined, [f49111de116a72c47351823248b98d73], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBD17.tmp, Quarantined, [1a6b13dca1dae45252725d57976ac63a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBDA3.tmp, Quarantined, [75109a55146764d2dce8c4f014edd52b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBE2.tmp, Quarantined, [1e6743acb0cb4cea3292f5bf20e110f0], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBE20.tmp, Quarantined, [553040af196244f25f65dbd9c43d2cd4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBE6E.tmp, Quarantined, [0f761fd062194bebc5ffd5df45bc9f61], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBEDB.tmp, Quarantined, [2c59c827344760d68e364b69719053ad], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updBEFA.tmp, Quarantined, [394ce807d4a7a98defd540740df46a96], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC042.tmp, Quarantined, [cbba26c9aad172c4f7cdbafaa859867a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC0AF.tmp, Quarantined, [661fc22d1d5e1323bf0563513ec37b85], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC0DE.tmp, Quarantined, [84018f6077042115dbe9961ea45d649c], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3F80.tmp, Quarantined, [8afb4aa55526ab8b1ca88e2642bfe719], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd401B.tmp, Quarantined, [e69f5d92ec8f85b15c68496b19e8af51], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd415.tmp, Quarantined, [a7de8b644833d66017ad377dcb3622de], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd424C.tmp, Quarantined, [9ce9935c80fb51e502c2feb6c33eaf51], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd43C3.tmp, Quarantined, [9ce9707f99e2cb6b299b7143d130b947], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd43E2.tmp, Quarantined, [d6af14db7902fa3c962e2c88ab56758b], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd444.tmp, Quarantined, [5530de11accf0b2b0db78a2a51b06d93], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd451A.tmp, Quarantined, [6223509f1665c1756d5711a3f40d7f81], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4549.tmp, Quarantined, [3451648b6a11ea4c8044b103768b827e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4559.tmp, Quarantined, [5431ea051c5fe155f7cda2123fc2768a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4623.tmp, Quarantined, [f392618e59220e282e96fdb7d42d5da3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4836.tmp, Quarantined, [8ef7fcf31e5df541a123466eaf529868], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd49AC.tmp, Quarantined, [88fddd122655cb6b0bb96153db26de22], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4B13.tmp, Quarantined, [760f1fd072095ed8269e9123e819f808], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4B23.tmp, Quarantined, [cabb42adc1ba2313cbf9e2d232cf3cc4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4B24.tmp, Quarantined, [65206b84532813231ea60ea61ee305fb], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4C1C.tmp, Quarantined, [077e89664c2f56e0a71dbbf97b86867a], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4C4B.tmp, Quarantined, [a3e26a8599e2e650695b684c1ee31de3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4DC1.tmp, Quarantined, [d1b4a34c93e8b97d12b2852f49b85ea2], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4E0F.tmp, Quarantined, [a0e5c22d5b202610764e516334cdb24e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd4F86.tmp, Quarantined, [0580707f28534de9c0043f753fc2fe02], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd50E.tmp, Quarantined, [b0d5c22d017a4beb4d776b498c750cf4], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd50F.tmp, Quarantined, [acd903ecf08bb87eefd5bbf9a45dfb05], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd50FC.tmp, Quarantined, [95f0f6f9c8b3d16510b4377d2dd4a060], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd50FD.tmp, Quarantined, [cfb62bc4d2a9d75f596bf9bbae53af51], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd510C.tmp, Quarantined, [fb8a3db293e8dc5abd0773418f7204fc], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5205.tmp, Quarantined, [c1c4b639cbb03600d7ed6f4548b96b95], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd535D.tmp, Quarantined, [a3e2a946e992f73f42827c3805fc6f91], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd53CA.tmp, Quarantined, [4c39549b7ffc4fe711b301b3c33ec33d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1006.tmp, Quarantined, [5f264fa04833ab8beed6367e0ff2a15f], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd10B2.tmp, Quarantined, [c4c1eb04ee8dfe381fa5b004b74ab050], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd10B3.tmp, Quarantined, [4d3809e64e2db97d3e86f1c303fedf21], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd116D.tmp, Quarantined, [3352ae4181faaf87378d526230d1af51], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd1238.tmp, Quarantined, [9bea6f801a61ac8aa222bafa6b96b947], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd251C.tmp, Quarantined, [780d68872c4f4cea873d159f24dd827e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd3F7F.tmp, Quarantined, [186d529da5d6bf77368e2490ac551de3], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd5437.tmp, Quarantined, [65202cc3fd7e64d27f45f1c33bc6d32d], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd6E1D.tmp, Quarantined, [c0c58f60aad185b1c103694b41c042be], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd80B.tmp, Quarantined, [8cf9717eccafc3735a6ab8fc68991be5], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\upd927E.tmp, Quarantined, [751007e828530c2ab60e437128d914ec], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updA1CA.tmp, Quarantined, [8ef7b837df9c0135675d32825ca5f808], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updB26D.tmp, Quarantined, [63228c63bcbf84b2a51ffeb6fd04bc44], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updC254.tmp, Quarantined, [ceb7747bb7c442f43f85fcb8f40db24e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updD4DB.tmp, Quarantined, [5134ae417dfef73f07bd8a2a1ee336ca], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updE61.tmp, Quarantined, [b1d45a954b3095a181437e369a67a25e], Trojan.Agent, C:\Users\Sacred Heart\AppData\Local\Temp\updF6EB.tmp, Quarantined, [acd9e20deb909d995b69dada9a67dc24], PUP.Optional.InstallIQ.A, C:\Users\Sacred Heart\Downloads\7zipap_1320.exe, Quarantined, [1e678a65314ac37372a7d15739c8cf31], Backdoor.Bot.ED, C:\Windows\Installer\{460C2466-BAE8-40B3-83A1-0D69F50307F7}\api-ms-win-system-ndishc-l1-1-0.dll, Quarantined, [dbaad01f3a410a2c28a6338a748dd828], Spyware.Zbot.VXGen, C:\Windows\Installer\{7DB4B18B-298F-4F2C-B979-E1D154AB7232}\msiexec.exe, Quarantined, [a9dc2fc0e09bcd695104dedcc938936d], Exploit.Drop.GS, C:\Users\Sacred Heart\AppData\Local\Temp\wiupdat.exe, Quarantined, [fd88cf20ee8d999d8c519ac5c142dc24], Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3072967456.job, Quarantined, [6e173db2eb905cdafd9d9ba84db712ee], Trojan.Agent.WUGen, C:\Users\Sacred Heart\windowsupdate.exe, Quarantined, [3b4a6e81fa8150e6dd1f015043c1ca36], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\46113357\3148552758.js, Quarantined, [691c19d6cbb0ab8bea9bd6f72bd708f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\46113357\4244368205.js, Quarantined, [691c19d6cbb0ab8bea9bd6f72bd708f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\46113357\example1.js, Quarantined, [691c19d6cbb0ab8bea9bd6f72bd708f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\46113357\example2.js, Quarantined, [691c19d6cbb0ab8bea9bd6f72bd708f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\46113357\manifest.json, Quarantined, [691c19d6cbb0ab8bea9bd6f72bd708f8], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\4121640743\3148552758.js, Quarantined, [afd60ae5304b10268105aa23d72bc739], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\4121640743\4244368205.js, Quarantined, [afd60ae5304b10268105aa23d72bc739], Rogue.Multiple, C:\Users\Sacred Heart\AppData\Roaming\4121640743\manifest.json, Quarantined, [afd60ae5304b10268105aa23d72bc739], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39mlbtn.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39auxstb.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bprtct.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39datact.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dlghk.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39dyn.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39feedmg.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39highin.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39hkstub.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39htmlmu.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39httpct.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39idle.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39ieovr.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39impipe.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39msg.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39Plugin.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39radio.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regfft.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39reghk.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39regiet.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39script.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skin.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39skplay.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39tpinst.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39uabtn.dll, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\BOOTSTRAP.JS, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CHROME.MANIFEST, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CREXT.DLL, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\CrExtP39.exe, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\INSTALL.RDF, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\installKeys.js, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\LOGO.BMP, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTEX.DLL, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8EXTPEX.DLL, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8HTML.DLL, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\T8TICKER.DLL, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\chrome\39ffxtbr.jar, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\gen1\COMMON.T8S, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\IE9Mesg\COMMON.T8S, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\Message\COMMON.T8S, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Program Files (x86)\MapsGalaxy_39\bar\Settings\s_pid.dat, Quarantined, [f590b03ffb80270f7e86a143fa0806fa], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\UrlFolderExtension.uf1, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\UrlFolderExtension.ufm, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\anemone-1.2.7.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\background.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\Date.getWeek.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\hidden-window.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\ie7-fix.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-1.7.2.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-dropdown.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-inputfieldrestrict.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-modal.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\jquery-ui.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\json2.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\manifest.json, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\SignedExtension.cab, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\underscore-1.3.1.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\widget-api-1.2.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\window.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css\dropdown.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css\modal.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\css\widget.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\favicon.ico, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\FBwidget_sprite.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icon.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icon.bmp,hot,flags=none.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icon.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\loading.gif, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F0.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F0.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F1.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F1.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F10.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F10.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F2.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F2.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F3.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F3.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F4.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F4.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F5.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F5.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F6.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F6.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F7.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F7.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884110 Share Posted September 28, 2014 PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F8.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F8.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F9.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\images\icons\F9.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\background.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\hiddenwindow.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\settings.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\91fbdd335935d6fab2f0f46ec3451b3a18a24a23\1.2.3\js\widgetwindow.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\anemone-1.2.7.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\App.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\Background.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\EventManager.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\hogan-2.0.0.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\jquery-1.7.1.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\manifest.json, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\reset.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\SignedExtension.cab, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\underscore-1.3.1.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\widget-messaging-1.0.SNAPSHOT.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\css\App.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\fonts\cabin.eot, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\fonts\cabin.woff, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\arrow.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\close.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\close2.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\delete.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\delete2.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\edit.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\find.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\go.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\logo.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\MapsGalaxy.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\MapsGalaxy.bmp,hot,flags=none.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\MapsGalaxy.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\MapsGalaxy2.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\MapsGalaxy2.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\save.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\save2.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\settings.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\images\stars.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\App.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\App.Test.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Background.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Data.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\FindLocation.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\GetDirections.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\MapsGalaxy.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\MGDropDown.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Modals.Delete.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Modals.Location.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Modals.MaxRecent.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Modals.MaxSaved.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Reporting.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\d0e0492c497d8c260a5e799f8212a9e2b288600a\1.0.2\js\Settings.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\anemone-1.2.7.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\App.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\Background.html, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\hogan-2.0.0.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\jquery-1.7.1.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\json2.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\manifest.json, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\reset.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\SignedExtension.cab, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\underscore-1.4.2.min.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\widget-api-1.2.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\css\App.css, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\fonts\cabin.eot, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\fonts\cabin.woff, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\close.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\MainIcon.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\MainIcon.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\minimize.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\rateUISprite.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\rate_WB.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\search.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\WBlogo.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfRain_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfSnow_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfTstorm_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Dust_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Fog_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Ice_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MainIcon.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MainIcon.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misc_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Misty_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlySunny_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherAdvisory.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherAdvisory.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWarning.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWarning.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWatch.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\SevereWeatherWatch.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\ChanceOfStorm_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Cloudy_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\MostlyCloudy.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Rain_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Showers_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sleet_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Snow_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Sunny_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Thunderstorm_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy.bmp, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy_60x60.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\images\weather\Windy_90x90.png, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\App.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\App.Test.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\Background.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\Settings.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\Local\MapsGalaxy_39\e437a5256462a30d394f92ef7f9b66af4601a2bd\1.1.2\js\WeatherBlink.js, Quarantined, [e79ef3fc5229c472173da3435da55da3], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\00010A5C.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\00010AD8.cab, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\0002421E.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\0005AF80.cab, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\0005B0E7.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\0005B1D1.cab, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\001D9D19.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\00AB891F.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\00AB898C.cab, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DBCED, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DBE06, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DBE83.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DBEB2.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DBF00.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DBF3E.cab, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC17F.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC1BE.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC1FC.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC23A.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC269.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC298.cab, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DC41E.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\010DD241.jhtml, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\0128E583.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\01299996.bmp, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Cache\files.ini, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\History\search3, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\8_step1.gif, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\anemone.js, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\bd_grad.gif, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\hpguard.js, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\hpguard1.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\hpguard2.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\hpp_ok.png, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\hpp_x.png, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\hpp_x2.png, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\index.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\mid_dots.gif, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\mws_logo.gif, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\protect.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\rebut4b.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\shield.png, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\stop.gif, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\systrayp.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Message\COMMON\tp_grad.gif, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\prevcfg2.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\setting3.htm, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\setting3.htm.bak, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\s_w1.dat, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\s_w1.dat.bak, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\s_w2.dat, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\bar\Settings\s_w2.dat.bak, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\MapsGalaxy_39\Cache\PopupProperties210250880.html, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\MapsGalaxy_39\Cache\PopupProperties210250891.html, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], PUP.Optional.MindSpark.A, C:\Users\Sacred Heart\AppData\LocalLow\MapsGalaxy_39\MapsGalaxy_39\Cache\Radio.html, Quarantined, [88fd99565823ef4738bd9e4fd230fa06], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U\00000004.@, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U\00000008.@, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U\000000cb.@, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U\80000000.@, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U\80000032.@, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\U\80000064.@, Quarantined, [671e46a9cfac2d09c13223dd4ab6817f], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\L\00000004.@, Quarantined, [a4e19c534f2c20167382bc44e8183dc3], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\L\201d3dde, Quarantined, [a4e19c534f2c20167382bc44e8183dc3], Trojan.Siredef.C, C:\$Recycle.Bin\S-1-5-18\$e832065498a1fb1692b97b2bda927d12\L\76603ac3, Quarantined, [a4e19c534f2c20167382bc44e8183dc3], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884111 Share Posted September 28, 2014 08:35:29.0063 0x1254 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:5808:35:34.0087 0x1254 ============================================================08:35:34.0087 0x1254 Current date / time: 2014/09/28 08:35:34.008708:35:34.0087 0x1254 SystemInfo:08:35:34.0087 0x1254 08:35:34.0087 0x1254 OS Version: 6.1.7601 ServicePack: 1.008:35:34.0087 0x1254 Product type: Workstation08:35:34.0087 0x1254 ComputerName: SACREDHEART-PC08:35:34.0087 0x1254 UserName: Sacred Heart08:35:34.0087 0x1254 Windows directory: C:\Windows08:35:34.0087 0x1254 System windows directory: C:\Windows08:35:34.0087 0x1254 Running under WOW6408:35:34.0087 0x1254 Processor architecture: Intel x6408:35:34.0087 0x1254 Number of processors: 208:35:34.0087 0x1254 Page size: 0x100008:35:34.0087 0x1254 Boot type: Normal boot08:35:34.0087 0x1254 ============================================================08:35:35.0054 0x1254 KLMD registered as C:\Windows\system32\drivers\16559532.sys08:35:35.0397 0x1254 System UUID: {B6358ACF-C888-981D-34CF-60BE519AA663}08:35:36.0037 0x1254 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x0000004008:35:36.0037 0x1254 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 ( 14.91 Gb ), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'08:35:36.0052 0x1254 ============================================================08:35:36.0052 0x1254 \Device\Harddisk0\DR0:08:35:36.0052 0x1254 MBR partitions:08:35:36.0052 0x1254 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200008:35:36.0052 0x1254 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D320108:35:36.0052 0x1254 \Device\Harddisk1\DR1:08:35:36.0052 0x1254 MBR partitions:08:35:36.0052 0x1254 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1DD06DB08:35:36.0052 0x1254 ============================================================08:35:36.0083 0x1254 C: <-> \Device\Harddisk0\DR0\Partition208:35:36.0083 0x1254 ============================================================08:35:36.0083 0x1254 Initialize success08:35:36.0083 0x1254 ============================================================08:35:58.0875 0x03cc ============================================================08:35:58.0875 0x03cc Scan started08:35:58.0875 0x03cc Mode: Manual; SigCheck; TDLFS; 08:35:58.0875 0x03cc ============================================================08:35:58.0875 0x03cc KSN ping started08:35:58.0953 0x03cc KSN ping finished: false08:35:59.0374 0x03cc ================ Scan system memory ========================08:35:59.0374 0x03cc System memory - ok08:35:59.0374 0x03cc ================ Scan services =============================08:35:59.0561 0x03cc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys08:35:59.0702 0x03cc 1394ohci - ok08:35:59.0764 0x03cc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys08:35:59.0795 0x03cc ACPI - ok08:35:59.0811 0x03cc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys08:35:59.0905 0x03cc AcpiPmi - ok08:36:00.0014 0x03cc [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe08:36:00.0061 0x03cc AdobeARMservice - ok08:36:00.0170 0x03cc [ 6C40D5ED8951AB7B90D08AF655224EE4, 6603CD10A35EB9B13F77F767A729A0C97665252C51CEBD96C551DFAA3B22DDE9 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe08:36:00.0201 0x03cc AdobeFlashPlayerUpdateSvc - ok08:36:00.0263 0x03cc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys08:36:00.0295 0x03cc adp94xx - ok08:36:00.0341 0x03cc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys08:36:00.0373 0x03cc adpahci - ok08:36:00.0388 0x03cc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys08:36:00.0404 0x03cc adpu320 - ok08:36:00.0466 0x03cc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll08:36:00.0622 0x03cc AeLookupSvc - ok08:36:00.0669 0x03cc [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys08:36:00.0763 0x03cc AFD - ok08:36:00.0809 0x03cc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys08:36:00.0841 0x03cc agp440 - ok08:36:00.0856 0x03cc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe08:36:00.0919 0x03cc ALG - ok08:36:00.0950 0x03cc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys08:36:00.0950 0x03cc aliide - ok08:36:00.0997 0x03cc [ B3B263B419FC9E7B1D41E61FDAE45BD9, AB4BA2472BB56B4BEB8B18D95B9F44BBF0B7FBF3C3914F5549CD24C5E4428664 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe08:36:01.0075 0x03cc AMD External Events Utility - ok08:36:01.0153 0x03cc AMD FUEL Service - ok08:36:01.0153 0x03cc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys08:36:01.0184 0x03cc amdide - ok08:36:01.0215 0x03cc [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys08:36:01.0262 0x03cc amdiox64 - ok08:36:01.0277 0x03cc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys08:36:01.0355 0x03cc AmdK8 - ok08:36:01.0699 0x03cc [ 9A6E9363F7A5E5A06629D9DDC76EE6B5, F97553FF6D79CDA5A1B445E4A8F8799D9F5EE8BF31B11869DE0294C562845F7E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys08:36:02.0120 0x03cc amdkmdag - ok08:36:02.0182 0x03cc [ 957A4C13E1981B1701E600EF1E823C68, F8760C09F09F347D607FBE8A4F67E8B35CB82B5168954B04E8EB10B73412A609 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys08:36:02.0229 0x03cc amdkmdap - ok08:36:02.0260 0x03cc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys08:36:02.0291 0x03cc AmdPPM - ok08:36:02.0369 0x03cc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys08:36:02.0401 0x03cc amdsata - ok08:36:02.0463 0x03cc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys08:36:02.0494 0x03cc amdsbs - ok08:36:02.0494 0x03cc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys08:36:02.0510 0x03cc amdxata - ok08:36:02.0541 0x03cc [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys08:36:02.0557 0x03cc amd_sata - ok08:36:02.0572 0x03cc [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys08:36:02.0588 0x03cc amd_xata - ok08:36:02.0619 0x03cc [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys08:36:02.0635 0x03cc AODDriver4.1 - ok08:36:02.0681 0x03cc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys08:36:02.0853 0x03cc AppID - ok08:36:02.0884 0x03cc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll08:36:02.0947 0x03cc AppIDSvc - ok08:36:02.0978 0x03cc [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll08:36:03.0040 0x03cc Appinfo - ok08:36:03.0103 0x03cc [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe08:36:03.0134 0x03cc Apple Mobile Device - ok08:36:03.0196 0x03cc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys08:36:03.0212 0x03cc arc - ok08:36:03.0259 0x03cc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys08:36:03.0290 0x03cc arcsas - ok08:36:03.0352 0x03cc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys08:36:03.0446 0x03cc AsyncMac - ok08:36:03.0493 0x03cc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys08:36:03.0508 0x03cc atapi - ok08:36:03.0586 0x03cc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll08:36:03.0711 0x03cc AudioEndpointBuilder - ok08:36:03.0742 0x03cc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll08:36:03.0789 0x03cc AudioSrv - ok08:36:04.0007 0x03cc [ B2B3FCBA37671C853879DF7DDE8A839A, B4EF6EA7CC2ED7DE545622CFA7000C9CB29B3886BDEC8AD41554417B4D472AC5 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe08:36:04.0039 0x03cc AVP - ok08:36:04.0085 0x03cc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll08:36:04.0132 0x03cc AxInstSV - ok08:36:04.0195 0x03cc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys08:36:04.0226 0x03cc b06bdrv - ok08:36:04.0273 0x03cc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys08:36:04.0319 0x03cc b57nd60a - ok08:36:04.0366 0x03cc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll08:36:04.0413 0x03cc BDESVC - ok08:36:04.0444 0x03cc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys08:36:04.0491 0x03cc Beep - ok08:36:04.0553 0x03cc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll08:36:04.0616 0x03cc BFE - ok08:36:04.0741 0x03cc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll08:36:04.0803 0x03cc BITS - ok08:36:04.0850 0x03cc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys08:36:04.0881 0x03cc blbdrive - ok08:36:04.0975 0x03cc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe08:36:05.0006 0x03cc Bonjour Service - ok08:36:05.0037 0x03cc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys08:36:05.0068 0x03cc bowser - ok08:36:05.0099 0x03cc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys08:36:05.0162 0x03cc BrFiltLo - ok08:36:05.0177 0x03cc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys08:36:05.0209 0x03cc BrFiltUp - ok08:36:05.0224 0x03cc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll08:36:05.0255 0x03cc Browser - ok08:36:05.0302 0x03cc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys08:36:05.0333 0x03cc Brserid - ok08:36:05.0365 0x03cc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys08:36:05.0380 0x03cc BrSerWdm - ok08:36:05.0396 0x03cc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys08:36:05.0411 0x03cc BrUsbMdm - ok08:36:05.0427 0x03cc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys08:36:05.0458 0x03cc BrUsbSer - ok08:36:05.0505 0x03cc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys08:36:05.0536 0x03cc BTHMODEM - ok08:36:05.0599 0x03cc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll08:36:05.0708 0x03cc bthserv - ok08:36:05.0770 0x03cc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys08:36:05.0848 0x03cc cdfs - ok08:36:05.0895 0x03cc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys08:36:05.0911 0x03cc cdrom - ok08:36:05.0957 0x03cc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll08:36:05.0989 0x03cc CertPropSvc - ok08:36:06.0020 0x03cc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys08:36:06.0051 0x03cc circlass - ok08:36:06.0082 0x03cc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys08:36:06.0098 0x03cc CLFS - ok08:36:06.0160 0x03cc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe08:36:06.0160 0x03cc clr_optimization_v2.0.50727_32 - ok08:36:06.0207 0x03cc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe08:36:06.0223 0x03cc clr_optimization_v2.0.50727_64 - ok08:36:06.0332 0x03cc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe08:36:06.0410 0x03cc clr_optimization_v4.0.30319_32 - ok08:36:06.0441 0x03cc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe08:36:06.0457 0x03cc clr_optimization_v4.0.30319_64 - ok08:36:06.0503 0x03cc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys08:36:06.0535 0x03cc CmBatt - ok08:36:06.0581 0x03cc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys08:36:06.0581 0x03cc cmdide - ok08:36:06.0613 0x03cc [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys08:36:06.0659 0x03cc CNG - ok08:36:06.0675 0x03cc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys08:36:06.0691 0x03cc Compbatt - ok08:36:06.0722 0x03cc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys08:36:06.0753 0x03cc CompositeBus - ok08:36:06.0769 0x03cc COMSysApp - ok08:36:06.0800 0x03cc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys08:36:06.0815 0x03cc crcdisk - ok08:36:06.0831 0x03cc [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc C:\Windows\system32\cryptsvc.dll08:36:06.0878 0x03cc CryptSvc - ok08:36:07.0049 0x03cc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll08:36:07.0127 0x03cc DcomLaunch - ok08:36:07.0190 0x03cc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll08:36:07.0283 0x03cc defragsvc - ok08:36:07.0346 0x03cc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys08:36:07.0424 0x03cc DfsC - ok08:36:07.0471 0x03cc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll08:36:07.0502 0x03cc Dhcp - ok08:36:07.0549 0x03cc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys08:36:07.0627 0x03cc discache - ok08:36:07.0642 0x03cc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys08:36:07.0658 0x03cc Disk - ok08:36:07.0689 0x03cc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll08:36:07.0720 0x03cc Dnscache - ok08:36:07.0783 0x03cc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll08:36:07.0829 0x03cc dot3svc - ok08:36:07.0876 0x03cc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll08:36:07.0907 0x03cc DPS - ok08:36:07.0954 0x03cc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys08:36:07.0970 0x03cc drmkaud - ok08:36:08.0001 0x03cc [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys08:36:08.0048 0x03cc DXGKrnl - ok08:36:08.0079 0x03cc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll08:36:08.0126 0x03cc EapHost - ok08:36:08.0266 0x03cc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys08:36:08.0407 0x03cc ebdrv - ok08:36:08.0469 0x03cc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe08:36:08.0500 0x03cc EFS - ok08:36:08.0609 0x03cc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe08:36:08.0672 0x03cc ehRecvr - ok08:36:08.0703 0x03cc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe08:36:08.0750 0x03cc ehSched - ok08:36:08.0843 0x03cc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys08:36:08.0875 0x03cc elxstor - ok08:36:08.0890 0x03cc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys08:36:08.0906 0x03cc ErrDev - ok08:36:08.0968 0x03cc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll08:36:09.0031 0x03cc EventSystem - ok08:36:09.0077 0x03cc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys08:36:09.0140 0x03cc exfat - ok08:36:09.0171 0x03cc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys08:36:09.0218 0x03cc fastfat - ok08:36:09.0296 0x03cc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe08:36:09.0374 0x03cc Fax - ok08:36:09.0405 0x03cc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys08:36:09.0452 0x03cc fdc - ok08:36:09.0483 0x03cc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll08:36:09.0545 0x03cc fdPHost - ok08:36:09.0577 0x03cc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll08:36:09.0608 0x03cc FDResPub - ok08:36:09.0623 0x03cc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys08:36:09.0639 0x03cc FileInfo - ok08:36:09.0655 0x03cc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys08:36:09.0701 0x03cc Filetrace - ok08:36:09.0748 0x03cc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys08:36:09.0764 0x03cc flpydisk - ok08:36:09.0795 0x03cc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys08:36:09.0826 0x03cc FltMgr - ok08:36:09.0920 0x03cc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll08:36:09.0998 0x03cc FontCache - ok08:36:10.0045 0x03cc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe08:36:10.0076 0x03cc FontCache3.0.0.0 - ok08:36:10.0076 0x03cc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys08:36:10.0091 0x03cc FsDepends - ok08:36:10.0123 0x03cc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys08:36:10.0138 0x03cc Fs_Rec - ok08:36:10.0169 0x03cc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys08:36:10.0185 0x03cc fvevol - ok08:36:10.0201 0x03cc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys08:36:10.0216 0x03cc gagp30kx - ok08:36:10.0232 0x03cc [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys08:36:10.0247 0x03cc GEARAspiWDM - ok08:36:10.0310 0x03cc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll08:36:10.0388 0x03cc gpsvc - ok08:36:10.0481 0x03cc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe08:36:10.0497 0x03cc gusvc - ok08:36:10.0544 0x03cc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys08:36:10.0575 0x03cc hcw85cir - ok08:36:10.0637 0x03cc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys08:36:10.0669 0x03cc HdAudAddService - ok08:36:10.0731 0x03cc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys08:36:10.0762 0x03cc HDAudBus - ok08:36:10.0793 0x03cc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys08:36:10.0840 0x03cc HidBatt - ok08:36:10.0871 0x03cc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys08:36:10.0903 0x03cc HidBth - ok08:36:10.0918 0x03cc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys08:36:10.0949 0x03cc HidIr - ok08:36:10.0996 0x03cc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll08:36:11.0074 0x03cc hidserv - ok08:36:11.0121 0x03cc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys08:36:11.0137 0x03cc HidUsb - ok08:36:11.0168 0x03cc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll08:36:11.0199 0x03cc hkmsvc - ok08:36:11.0215 0x03cc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll08:36:11.0261 0x03cc HomeGroupListener - ok08:36:11.0293 0x03cc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll08:36:11.0339 0x03cc HomeGroupProvider - ok08:36:11.0386 0x03cc [ 0570A17A2E5001B97E20C15B4FC516AE, 6F963EB216B71C0FAFA2AFEB8D78312154AF23AC6C54C5E411F77B7B4C60DC9D ] HP1210FAX C:\Windows\system32\Drivers\HPM1210FAX.sys08:36:11.0402 0x03cc HP1210FAX - ok08:36:11.0480 0x03cc [ F8F686D62121549377D9E1CDF6BC3441, CE4F2C31A35ED0679D0D21529782C3A2B10C5B929F539C35157351B3B50179E3 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe08:36:11.0511 0x03cc HPM1210RcvFaxSrvc - ok08:36:11.0527 0x03cc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys08:36:11.0542 0x03cc HpSAMD - ok08:36:11.0558 0x03cc [ 4E9CAE3200A46135DE01CE22BAF832BE, 722A14BEB3FC6BBD5700CE6901FA0C47305ED61FFB0E9604C369BC9366B1E16C ] HPSIService C:\Windows\system32\HPSIsvc.exe08:36:11.0573 0x03cc HPSIService - ok08:36:11.0651 0x03cc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys08:36:11.0714 0x03cc HTTP - ok08:36:11.0714 0x03cc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys08:36:11.0729 0x03cc hwpolicy - ok08:36:11.0776 0x03cc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys08:36:11.0792 0x03cc i8042prt - ok08:36:11.0823 0x03cc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys08:36:11.0854 0x03cc iaStorV - ok08:36:12.0026 0x03cc [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe08:36:12.0104 0x03cc IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )08:36:12.0182 0x03cc IconMan_R ( UnsignedFile.Multi.Generic ) - warning08:36:12.0244 0x03cc [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe08:36:12.0275 0x03cc IDriverT - detected UnsignedFile.Multi.Generic ( 1 )08:36:12.0275 0x03cc IDriverT ( UnsignedFile.Multi.Generic ) - warning08:36:12.0385 0x03cc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe08:36:12.0416 0x03cc idsvc - ok08:36:12.0431 0x03cc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys08:36:12.0447 0x03cc iirsp - ok08:36:12.0556 0x03cc [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll08:36:12.0634 0x03cc IKEEXT - ok08:36:12.0650 0x03cc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys08:36:12.0665 0x03cc intelide - ok08:36:12.0697 0x03cc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys08:36:12.0728 0x03cc intelppm - ok08:36:12.0775 0x03cc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll08:36:12.0837 0x03cc IPBusEnum - ok08:36:12.0868 0x03cc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys08:36:12.0931 0x03cc IpFilterDriver - ok08:36:13.0024 0x03cc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll08:36:13.0071 0x03cc iphlpsvc - ok08:36:13.0087 0x03cc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys08:36:13.0118 0x03cc IPMIDRV - ok08:36:13.0180 0x03cc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys08:36:13.0258 0x03cc IPNAT - ok08:36:13.0336 0x03cc [ A9AB99EE7D39725EAFEC82732D2B3271, 962F231608C36BA0B2EAE5981BB9BAC85B6CAA3A5F656D786B97D9B421A831A6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe08:36:13.0367 0x03cc iPod Service - ok08:36:13.0399 0x03cc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys08:36:13.0430 0x03cc IRENUM - ok08:36:13.0461 0x03cc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys08:36:13.0477 0x03cc isapnp - ok08:36:13.0508 0x03cc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys08:36:13.0523 0x03cc iScsiPrt - ok08:36:13.0555 0x03cc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys08:36:13.0555 0x03cc kbdclass - ok08:36:13.0601 0x03cc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys08:36:13.0664 0x03cc kbdhid - ok08:36:13.0695 0x03cc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe08:36:13.0711 0x03cc KeyIso - ok08:36:13.0742 0x03cc [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys08:36:13.0757 0x03cc KSecDD - ok08:36:13.0773 0x03cc [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys08:36:13.0789 0x03cc KSecPkg - ok08:36:13.0789 0x03cc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys08:36:13.0820 0x03cc ksthunk - ok08:36:13.0898 0x03cc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll08:36:13.0976 0x03cc KtmRm - ok08:36:14.0023 0x03cc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll08:36:14.0085 0x03cc LanmanServer - ok08:36:14.0116 0x03cc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll08:36:14.0163 0x03cc LanmanWorkstation - ok08:36:14.0210 0x03cc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys08:36:14.0288 0x03cc lltdio - ok08:36:14.0303 0x03cc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll08:36:14.0366 0x03cc lltdsvc - ok08:36:14.0397 0x03cc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll08:36:14.0444 0x03cc lmhosts - ok08:36:14.0491 0x03cc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys08:36:14.0522 0x03cc LSI_FC - ok08:36:14.0553 0x03cc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys08:36:14.0569 0x03cc LSI_SAS - ok08:36:14.0600 0x03cc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys08:36:14.0600 0x03cc LSI_SAS2 - ok08:36:14.0615 0x03cc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys08:36:14.0631 0x03cc LSI_SCSI - ok08:36:14.0647 0x03cc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys08:36:14.0693 0x03cc luafv - ok08:36:14.0740 0x03cc [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys08:36:14.0756 0x03cc MBAMProtector - ok08:36:14.0881 0x03cc [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe08:36:14.0943 0x03cc MBAMScheduler - ok08:36:14.0990 0x03cc [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe08:36:15.0021 0x03cc MBAMService - ok08:36:15.0068 0x03cc [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys08:36:15.0068 0x03cc MBAMSwissArmy - ok08:36:15.0115 0x03cc [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys08:36:15.0130 0x03cc MBAMWebAccessControl - ok08:36:15.0161 0x03cc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll08:36:15.0224 0x03cc Mcx2Svc - ok08:36:15.0255 0x03cc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys08:36:15.0271 0x03cc megasas - ok08:36:15.0380 0x03cc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys08:36:15.0395 0x03cc MegaSR - ok08:36:15.0442 0x03cc Microsoft SharePoint Workspace Audit Service - ok08:36:15.0536 0x03cc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll08:36:15.0598 0x03cc MMCSS - ok08:36:15.0645 0x03cc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys08:36:15.0692 0x03cc Modem - ok08:36:15.0723 0x03cc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys08:36:15.0770 0x03cc monitor - ok08:36:15.0801 0x03cc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys08:36:15.0817 0x03cc mouclass - ok08:36:15.0832 0x03cc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys08:36:15.0863 0x03cc mouhid - ok08:36:15.0926 0x03cc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys08:36:15.0957 0x03cc mountmgr - ok08:36:15.0973 0x03cc [ 46297FA8E30A6007F14118FC2B942FBC, 40785B7121DBFA411EA922ECF6008BA4A94BC742662E271BFD6B31288ECC1BA4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe08:36:15.0988 0x03cc MozillaMaintenance - ok08:36:16.0004 0x03cc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys08:36:16.0019 0x03cc mpio - ok08:36:16.0035 0x03cc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys08:36:16.0097 0x03cc mpsdrv - ok08:36:16.0222 0x03cc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll08:36:16.0269 0x03cc MpsSvc - ok08:36:16.0285 0x03cc [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys08:36:16.0331 0x03cc MRxDAV - ok08:36:16.0363 0x03cc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys08:36:16.0441 0x03cc mrxsmb - ok08:36:16.0472 0x03cc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys08:36:16.0503 0x03cc mrxsmb10 - ok08:36:16.0519 0x03cc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys08:36:16.0550 0x03cc mrxsmb20 - ok08:36:16.0597 0x03cc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys08:36:16.0597 0x03cc msahci - ok08:36:16.0612 0x03cc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys08:36:16.0628 0x03cc msdsm - ok08:36:16.0643 0x03cc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe08:36:16.0659 0x03cc MSDTC - ok08:36:16.0690 0x03cc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys08:36:16.0737 0x03cc Msfs - ok08:36:16.0768 0x03cc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys08:36:16.0831 0x03cc mshidkmdf - ok08:36:16.0877 0x03cc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys08:36:16.0877 0x03cc msisadrv - ok08:36:16.0940 0x03cc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll08:36:17.0018 0x03cc MSiSCSI - ok08:36:17.0018 0x03cc msiserver - ok08:36:17.0065 0x03cc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys08:36:17.0111 0x03cc MSKSSRV - ok08:36:17.0127 0x03cc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys08:36:17.0158 0x03cc MSPCLOCK - ok08:36:17.0174 0x03cc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys08:36:17.0221 0x03cc MSPQM - ok08:36:17.0267 0x03cc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys08:36:17.0299 0x03cc MsRPC - ok08:36:17.0314 0x03cc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys08:36:17.0314 0x03cc mssmbios - ok08:36:17.0330 0x03cc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys08:36:17.0377 0x03cc MSTEE - ok08:36:17.0408 0x03cc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys08:36:17.0439 0x03cc MTConfig - ok08:36:17.0486 0x03cc [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor C:\Windows\system32\drivers\ASACPI.sys08:36:17.0533 0x03cc MTsensor - ok08:36:17.0579 0x03cc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys08:36:17.0611 0x03cc Mup - ok08:36:17.0642 0x03cc [ 09818558C2579B45D78AB18A759B0CA8, 3A4A01004A75D7C768ADB388EADE875841A8E40C81997880E602D8881BB0F8F5 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys08:36:17.0657 0x03cc mvusbews - ok08:36:17.0720 0x03cc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll08:36:17.0798 0x03cc napagent - ok08:36:17.0860 0x03cc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884113 Share Posted September 28, 2014 08:36:17.0907 0x03cc NativeWifiP - ok08:36:18.0001 0x03cc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys08:36:18.0047 0x03cc NDIS - ok08:36:18.0079 0x03cc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys08:36:18.0141 0x03cc NdisCap - ok08:36:18.0172 0x03cc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys08:36:18.0235 0x03cc NdisTapi - ok08:36:18.0266 0x03cc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys08:36:18.0313 0x03cc Ndisuio - ok08:36:18.0344 0x03cc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys08:36:18.0406 0x03cc NdisWan - ok08:36:18.0453 0x03cc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys08:36:18.0500 0x03cc NDProxy - ok08:36:18.0515 0x03cc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys08:36:18.0547 0x03cc NetBIOS - ok08:36:18.0562 0x03cc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys08:36:18.0609 0x03cc NetBT - ok08:36:18.0640 0x03cc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe08:36:18.0640 0x03cc Netlogon - ok08:36:18.0703 0x03cc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll08:36:18.0765 0x03cc Netman - ok08:36:18.0781 0x03cc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll08:36:18.0827 0x03cc netprofm - ok08:36:18.0905 0x03cc [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC, E006494890D8BDB131C10176EB554DF325481F6BC9DF543FD9F82C8DCF389487 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys08:36:18.0968 0x03cc netr28ux - ok08:36:19.0093 0x03cc [ 3B7DE4C730202F6F5B0CB202990AA6EF, 468A3E1C76120624951CC626FE8EC4189C6B7A39584F58DDE9A92490D35C55B5 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys08:36:19.0171 0x03cc netr28x - ok08:36:19.0186 0x03cc [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe08:36:19.0202 0x03cc NetTcpPortSharing - ok08:36:19.0217 0x03cc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys08:36:19.0217 0x03cc nfrd960 - ok08:36:19.0249 0x03cc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll08:36:19.0264 0x03cc NlaSvc - ok08:36:19.0280 0x03cc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys08:36:19.0311 0x03cc Npfs - ok08:36:19.0342 0x03cc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll08:36:19.0389 0x03cc nsi - ok08:36:19.0420 0x03cc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys08:36:19.0467 0x03cc nsiproxy - ok08:36:19.0545 0x03cc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys08:36:19.0623 0x03cc Ntfs - ok08:36:19.0654 0x03cc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys08:36:19.0685 0x03cc Null - ok08:36:20.0044 0x03cc [ DD81FBC57AB9134CDDC5CE90880BFD80, 16DF4D9645238D1014FA9189FF171DCF7B7C7573F759B5AC73025518139D86B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys08:36:20.0465 0x03cc nvlddmkm - ok08:36:20.0543 0x03cc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys08:36:20.0575 0x03cc nvraid - ok08:36:20.0637 0x03cc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys08:36:20.0668 0x03cc nvstor - ok08:36:20.0699 0x03cc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys08:36:20.0715 0x03cc nv_agp - ok08:36:20.0746 0x03cc [ 1E65CFD59DDFA8166D2174DC3E6D4AAE, 739287F30E7E2DACA84F41B19272FC2AA5A175CDE655E8262FEE127983CBC6AF ] NWVoltron C:\Windows\system32\DRIVERS\NWVoltron.sys08:36:20.0762 0x03cc NWVoltron - ok08:36:20.0777 0x03cc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys08:36:20.0824 0x03cc ohci1394 - ok08:36:20.0902 0x03cc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE08:36:20.0933 0x03cc ose - ok08:36:21.0136 0x03cc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE08:36:21.0261 0x03cc osppsvc - ok08:36:21.0308 0x03cc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll08:36:21.0339 0x03cc p2pimsvc - ok08:36:21.0386 0x03cc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll08:36:21.0401 0x03cc p2psvc - ok08:36:21.0448 0x03cc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys08:36:21.0464 0x03cc Parport - ok08:36:21.0479 0x03cc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys08:36:21.0479 0x03cc partmgr - ok08:36:21.0511 0x03cc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll08:36:21.0542 0x03cc PcaSvc - ok08:36:21.0573 0x03cc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys08:36:21.0589 0x03cc pci - ok08:36:21.0620 0x03cc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys08:36:21.0620 0x03cc pciide - ok08:36:21.0651 0x03cc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys08:36:21.0667 0x03cc pcmcia - ok08:36:21.0682 0x03cc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys08:36:21.0698 0x03cc pcw - ok08:36:21.0729 0x03cc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys08:36:21.0791 0x03cc PEAUTH - ok08:36:21.0869 0x03cc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe08:36:21.0916 0x03cc PerfHost - ok08:36:22.0088 0x03cc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll08:36:22.0197 0x03cc pla - ok08:36:22.0259 0x03cc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll08:36:22.0291 0x03cc PlugPlay - ok08:36:22.0337 0x03cc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll08:36:22.0353 0x03cc PNRPAutoReg - ok08:36:22.0384 0x03cc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll08:36:22.0400 0x03cc PNRPsvc - ok08:36:22.0431 0x03cc [ 32D374C60778253B81FA76C2FE19E155, 6BD6B360EAC4F9988921281B52B4B1A29DDD287C6DB18688B4CEA5B1B4F22106 ] Point64 C:\Windows\system32\DRIVERS\point64.sys08:36:22.0447 0x03cc Point64 - ok08:36:22.0493 0x03cc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll08:36:22.0556 0x03cc PolicyAgent - ok08:36:22.0649 0x03cc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll08:36:22.0727 0x03cc Power - ok08:36:22.0759 0x03cc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys08:36:22.0821 0x03cc PptpMiniport - ok08:36:22.0837 0x03cc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys08:36:22.0868 0x03cc Processor - ok08:36:22.0930 0x03cc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll08:36:22.0946 0x03cc ProfSvc - ok08:36:22.0961 0x03cc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe08:36:22.0977 0x03cc ProtectedStorage - ok08:36:23.0008 0x03cc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys08:36:23.0055 0x03cc Psched - ok08:36:23.0086 0x03cc [ D8589A43B352E7F2317194C98447149F, CFEC6F28FDF946D310133817423FB4FE9C20560B6F89F936913F2C7C9853F4BA ] pwdrvio C:\Windows\system32\pwdrvio.sys08:36:23.0117 0x03cc pwdrvio - ok08:36:23.0164 0x03cc [ 4B8FDA635F4D2E7D638B2B3817B5AFC8, 8B72446B02CC1657785E06DD2E5E199F76778433491765BDE57E9F3C59AA4877 ] pwdspio C:\Windows\system32\pwdspio.sys08:36:23.0195 0x03cc pwdspio - ok08:36:23.0289 0x03cc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys08:36:23.0351 0x03cc ql2300 - ok08:36:23.0398 0x03cc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys08:36:23.0414 0x03cc ql40xx - ok08:36:23.0445 0x03cc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll08:36:23.0461 0x03cc QWAVE - ok08:36:23.0476 0x03cc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys08:36:23.0492 0x03cc QWAVEdrv - ok08:36:23.0570 0x03cc [ 4E033A3D13F2D3611A7DF0A60CE090CB, 545AC55E76A122C7303F074A4733F5363E2C758465E80A0DFBC80E6DA7FBAE35 ] RalinkRegistryWriter C:\Program Files (x86)\Ralink\Common\RaRegistry.exe08:36:23.0632 0x03cc RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )08:36:23.0632 0x03cc RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning08:36:23.0695 0x03cc [ 1222BD405310F8B39D4EC28691E24F7A, CDE37AB98B924A699A4DB193D92FC17F8A76EFED38558102C1537DC265636292 ] RalinkRegistryWriter64 C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe08:36:23.0741 0x03cc RalinkRegistryWriter64 - detected UnsignedFile.Multi.Generic ( 1 )08:36:23.0741 0x03cc RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - warning08:36:23.0851 0x03cc [ 2EEB382F8335327EC50E00D919050BA2, 7B198E5A659E05ACF761B9B13B076549BA48BD88CAB54A232338058AE0DA1291 ] RaMediaServer C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe08:36:23.0944 0x03cc RaMediaServer - detected UnsignedFile.Multi.Generic ( 1 )08:36:23.0944 0x03cc RaMediaServer ( UnsignedFile.Multi.Generic ) - warning08:36:23.0975 0x03cc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys08:36:24.0007 0x03cc RasAcd - ok08:36:24.0022 0x03cc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys08:36:24.0085 0x03cc RasAgileVpn - ok08:36:24.0116 0x03cc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll08:36:24.0147 0x03cc RasAuto - ok08:36:24.0178 0x03cc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys08:36:24.0225 0x03cc Rasl2tp - ok08:36:24.0256 0x03cc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll08:36:24.0303 0x03cc RasMan - ok08:36:24.0319 0x03cc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys08:36:24.0350 0x03cc RasPppoe - ok08:36:24.0365 0x03cc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys08:36:24.0412 0x03cc RasSstp - ok08:36:24.0459 0x03cc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys08:36:24.0490 0x03cc rdbss - ok08:36:24.0521 0x03cc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys08:36:24.0553 0x03cc rdpbus - ok08:36:24.0599 0x03cc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys08:36:24.0662 0x03cc RDPCDD - ok08:36:24.0677 0x03cc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys08:36:24.0709 0x03cc RDPENCDD - ok08:36:24.0755 0x03cc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys08:36:24.0787 0x03cc RDPREFMP - ok08:36:24.0818 0x03cc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys08:36:24.0866 0x03cc RDPWD - ok08:36:24.0912 0x03cc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys08:36:24.0928 0x03cc rdyboost - ok08:36:24.0975 0x03cc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll08:36:25.0037 0x03cc RemoteAccess - ok08:36:25.0084 0x03cc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll08:36:25.0162 0x03cc RemoteRegistry - ok08:36:25.0193 0x03cc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll08:36:25.0256 0x03cc RpcEptMapper - ok08:36:25.0302 0x03cc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe08:36:25.0302 0x03cc RpcLocator - ok08:36:25.0443 0x03cc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll08:36:25.0505 0x03cc RpcSs - ok08:36:25.0521 0x03cc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys08:36:25.0552 0x03cc rspndr - ok08:36:25.0599 0x03cc [ 7291CC1B5ECA448B0B9C15E7E987A6B3, 1A61A4E5105354ABF041989044E97F1DEE356D65D77218F2DF97A4D2337177FD ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys08:36:25.0630 0x03cc RSUSBSTOR - ok08:36:25.0692 0x03cc [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys08:36:25.0724 0x03cc RTL8167 - ok08:36:25.0755 0x03cc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe08:36:25.0770 0x03cc SamSs - ok08:36:25.0786 0x03cc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys08:36:25.0802 0x03cc sbp2port - ok08:36:25.0833 0x03cc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll08:36:25.0895 0x03cc SCardSvr - ok08:36:25.0942 0x03cc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys08:36:26.0020 0x03cc scfilter - ok08:36:26.0098 0x03cc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll08:36:26.0223 0x03cc Schedule - ok08:36:26.0285 0x03cc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll08:36:26.0332 0x03cc SCPolicySvc - ok08:36:26.0348 0x03cc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll08:36:26.0363 0x03cc SDRSVC - ok08:36:26.0410 0x03cc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys08:36:26.0457 0x03cc secdrv - ok08:36:26.0504 0x03cc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll08:36:26.0566 0x03cc seclogon - ok08:36:26.0597 0x03cc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll08:36:26.0660 0x03cc SENS - ok08:36:26.0691 0x03cc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll08:36:26.0706 0x03cc SensrSvc - ok08:36:26.0738 0x03cc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys08:36:26.0769 0x03cc Serenum - ok08:36:26.0816 0x03cc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys08:36:26.0878 0x03cc Serial - ok08:36:26.0909 0x03cc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys08:36:26.0940 0x03cc sermouse - ok08:36:27.0003 0x03cc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll08:36:27.0065 0x03cc SessionEnv - ok08:36:27.0096 0x03cc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys08:36:27.0096 0x03cc sffdisk - ok08:36:27.0128 0x03cc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys08:36:27.0143 0x03cc sffp_mmc - ok08:36:27.0159 0x03cc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys08:36:27.0190 0x03cc sffp_sd - ok08:36:27.0206 0x03cc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys08:36:27.0221 0x03cc sfloppy - ok08:36:27.0268 0x03cc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll08:36:27.0330 0x03cc SharedAccess - ok08:36:27.0377 0x03cc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll08:36:27.0424 0x03cc ShellHWDetection - ok08:36:27.0455 0x03cc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys08:36:27.0455 0x03cc SiSRaid2 - ok08:36:27.0486 0x03cc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys08:36:27.0502 0x03cc SiSRaid4 - ok08:36:27.0518 0x03cc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys08:36:27.0580 0x03cc Smb - ok08:36:27.0611 0x03cc SMR322 - ok08:36:27.0674 0x03cc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe08:36:27.0689 0x03cc SNMPTRAP - ok08:36:27.0830 0x03cc [ D56F7986AA56D58A26644B562803970B, 13B21C8425D235282F4A338C4BAD1162CFBBA9E23AB136AEAE060439DF30CE37 ] SophosVirusRemovalTool C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe08:36:27.0861 0x03cc SophosVirusRemovalTool - ok08:36:27.0892 0x03cc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys08:36:27.0892 0x03cc spldr - ok08:36:27.0939 0x03cc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe08:36:27.0986 0x03cc Spooler - ok08:36:28.0126 0x03cc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe08:36:28.0266 0x03cc sppsvc - ok08:36:28.0313 0x03cc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll08:36:28.0391 0x03cc sppuinotify - ok08:36:28.0469 0x03cc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys08:36:28.0563 0x03cc srv - ok08:36:28.0610 0x03cc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys08:36:28.0656 0x03cc srv2 - ok08:36:28.0688 0x03cc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys08:36:28.0703 0x03cc srvnet - ok08:36:28.0734 0x03cc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll08:36:28.0781 0x03cc SSDPSRV - ok08:36:28.0812 0x03cc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll08:36:28.0859 0x03cc SstpSvc - ok08:36:28.0890 0x03cc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys08:36:28.0906 0x03cc stexstor - ok08:36:28.0953 0x03cc [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys08:36:29.0000 0x03cc StillCam - ok08:36:29.0062 0x03cc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll08:36:29.0124 0x03cc stisvc - ok08:36:29.0156 0x03cc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys08:36:29.0171 0x03cc swenum - ok08:36:29.0202 0x03cc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll08:36:29.0249 0x03cc swprv - ok08:36:29.0312 0x03cc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll08:36:29.0374 0x03cc SysMain - ok08:36:29.0405 0x03cc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll08:36:29.0452 0x03cc TabletInputService - ok08:36:29.0483 0x03cc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll08:36:29.0546 0x03cc TapiSrv - ok08:36:29.0577 0x03cc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll08:36:29.0608 0x03cc TBS - ok08:36:29.0686 0x03cc [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip C:\Windows\system32\drivers\tcpip.sys08:36:29.0764 0x03cc Tcpip - ok08:36:29.0842 0x03cc [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys08:36:29.0889 0x03cc TCPIP6 - ok08:36:29.0936 0x03cc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys08:36:29.0951 0x03cc tcpipreg - ok08:36:30.0029 0x03cc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys08:36:30.0060 0x03cc TDPIPE - ok08:36:30.0092 0x03cc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys08:36:30.0107 0x03cc TDTCP - ok08:36:30.0123 0x03cc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys08:36:30.0201 0x03cc tdx - ok08:36:30.0404 0x03cc [ 2BBB318EA9F34FDC508CEA4AAB98D770, AA98BDB7677A452E38DB207E09A522C558F9E09DE43A57D24CD776C6248CC015 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe08:36:30.0466 0x03cc TeamViewer7 - ok08:36:30.0497 0x03cc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys08:36:30.0513 0x03cc TermDD - ok08:36:30.0544 0x03cc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll08:36:30.0638 0x03cc TermService - ok08:36:30.0669 0x03cc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll08:36:30.0700 0x03cc Themes - ok08:36:30.0731 0x03cc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll08:36:30.0778 0x03cc THREADORDER - ok08:36:30.0794 0x03cc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll08:36:30.0825 0x03cc TrkWks - ok08:36:30.0872 0x03cc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe08:36:30.0965 0x03cc TrustedInstaller - ok08:36:31.0012 0x03cc [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys08:36:31.0090 0x03cc tssecsrv - ok08:36:31.0121 0x03cc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys08:36:31.0137 0x03cc TsUsbFlt - ok08:36:31.0184 0x03cc [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys08:36:31.0215 0x03cc TsUsbGD - ok08:36:31.0262 0x03cc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys08:36:31.0324 0x03cc tunnel - ok08:36:31.0386 0x03cc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys08:36:31.0402 0x03cc uagp35 - ok08:36:31.0433 0x03cc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys08:36:31.0480 0x03cc udfs - ok08:36:31.0496 0x03cc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe08:36:31.0527 0x03cc UI0Detect - ok08:36:31.0558 0x03cc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys08:36:31.0574 0x03cc uliagpkx - ok08:36:31.0605 0x03cc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys08:36:31.0636 0x03cc umbus - ok08:36:31.0667 0x03cc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys08:36:31.0683 0x03cc UmPass - ok08:36:31.0698 0x03cc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll08:36:31.0761 0x03cc upnphost - ok08:36:31.0808 0x03cc [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys08:36:31.0839 0x03cc USBAAPL64 - ok08:36:31.0870 0x03cc [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys08:36:31.0917 0x03cc usbccgp - ok08:36:31.0948 0x03cc [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys08:36:31.0979 0x03cc usbcir - ok08:36:31.0995 0x03cc [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys08:36:32.0010 0x03cc usbehci - ok08:36:32.0026 0x03cc [ 5AE9C87A1ED4B243942B3FDDD902134B, E19657C637B354F968099755DD311A159E57C4BD5ED89D81BDA1C70A62DC732E ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys08:36:32.0042 0x03cc usbfilter - ok08:36:32.0057 0x03cc [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys08:36:32.0104 0x03cc usbhub - ok08:36:32.0135 0x03cc [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys08:36:32.0166 0x03cc usbohci - ok08:36:32.0213 0x03cc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys08:36:32.0244 0x03cc usbprint - ok08:36:32.0260 0x03cc [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys08:36:32.0291 0x03cc usbscan - ok08:36:32.0322 0x03cc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS08:36:32.0338 0x03cc USBSTOR - ok08:36:32.0354 0x03cc [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys08:36:32.0369 0x03cc usbuhci - ok08:36:32.0416 0x03cc [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys08:36:32.0432 0x03cc usbvideo - ok08:36:32.0447 0x03cc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll08:36:32.0510 0x03cc UxSms - ok08:36:32.0541 0x03cc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe08:36:32.0541 0x03cc VaultSvc - ok08:36:32.0572 0x03cc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys08:36:32.0588 0x03cc vdrvroot - ok08:36:32.0619 0x03cc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe08:36:32.0697 0x03cc vds - ok08:36:32.0744 0x03cc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys08:36:32.0775 0x03cc vga - ok08:36:32.0806 0x03cc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys08:36:32.0868 0x03cc VgaSave - ok08:36:32.0900 0x03cc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys08:36:32.0915 0x03cc vhdmp - ok08:36:32.0931 0x03cc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys08:36:32.0946 0x03cc viaide - ok08:36:32.0962 0x03cc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys08:36:32.0978 0x03cc volmgr - ok08:36:32.0993 0x03cc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys08:36:33.0009 0x03cc volmgrx - ok08:36:33.0040 0x03cc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys08:36:33.0056 0x03cc volsnap - ok08:36:33.0071 0x03cc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys08:36:33.0087 0x03cc vsmraid - ok08:36:33.0165 0x03cc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe08:36:33.0274 0x03cc VSS - ok08:36:33.0305 0x03cc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys08:36:33.0321 0x03cc vwifibus - ok08:36:33.0352 0x03cc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys08:36:33.0399 0x03cc vwififlt - ok08:36:33.0446 0x03cc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys08:36:33.0477 0x03cc vwifimp - ok08:36:33.0508 0x03cc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll08:36:33.0586 0x03cc W32Time - ok08:36:33.0602 0x03cc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys08:36:33.0617 0x03cc WacomPen - ok08:36:33.0680 0x03cc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys08:36:33.0742 0x03cc WANARP - ok08:36:33.0758 0x03cc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys08:36:33.0773 0x03cc Wanarpv6 - ok08:36:33.0882 0x03cc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe08:36:33.0945 0x03cc WatAdminSvc - ok08:36:34.0038 0x03cc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe08:36:34.0116 0x03cc wbengine - ok08:36:34.0148 0x03cc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll08:36:34.0194 0x03cc WbioSrvc - ok08:36:34.0241 0x03cc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll08:36:34.0288 0x03cc wcncsvc - ok08:36:34.0319 0x03cc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll08:36:34.0350 0x03cc WcsPlugInService - ok08:36:34.0397 0x03cc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys08:36:34.0413 0x03cc Wd - ok08:36:34.0444 0x03cc [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys08:36:34.0491 0x03cc Wdf01000 - ok08:36:34.0506 0x03cc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll08:36:34.0522 0x03cc WdiServiceHost - ok08:36:34.0522 0x03cc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll08:36:34.0538 0x03cc WdiSystemHost - ok08:36:34.0569 0x03cc [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll08:36:34.0600 0x03cc WebClient - ok08:36:34.0662 0x03cc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll08:36:34.0740 0x03cc Wecsvc - ok08:36:34.0772 0x03cc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll08:36:34.0818 0x03cc wercplsupport - ok08:36:34.0850 0x03cc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll08:36:34.0896 0x03cc WerSvc - ok08:36:34.0928 0x03cc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys08:36:34.0974 0x03cc WfpLwf - ok08:36:35.0006 0x03cc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys08:36:35.0021 0x03cc WIMMount - ok08:36:35.0052 0x03cc WinDefend - ok08:36:35.0068 0x03cc WinHttpAutoProxySvc - ok08:36:35.0130 0x03cc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll08:36:35.0224 0x03cc Winmgmt - ok08:36:35.0364 0x03cc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll08:36:35.0474 0x03cc WinRM - ok08:36:35.0552 0x03cc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys08:36:35.0614 0x03cc WinUsb - ok08:36:35.0723 0x03cc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll08:36:35.0786 0x03cc Wlansvc - ok08:36:35.0817 0x03cc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys08:36:35.0864 0x03cc WmiAcpi - ok08:36:35.0926 0x03cc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe08:36:35.0973 0x03cc wmiApSrv - ok08:36:36.0004 0x03cc WMPNetworkSvc - ok08:36:36.0020 0x03cc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll08:36:36.0035 0x03cc WPCSvc - ok08:36:36.0051 0x03cc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll08:36:36.0066 0x03cc WPDBusEnum - ok08:36:36.0082 0x03cc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys08:36:36.0144 0x03cc ws2ifsl - ok08:36:36.0191 0x03cc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll08:36:36.0207 0x03cc wscsvc - ok08:36:36.0207 0x03cc WSearch - ok08:36:36.0363 0x03cc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll08:36:36.0441 0x03cc wuauserv - ok08:36:36.0472 0x03cc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys08:36:36.0488 0x03cc WudfPf - ok08:36:36.0519 0x03cc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys08:36:36.0534 0x03cc WUDFRd - ok08:36:36.0566 0x03cc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll08:36:36.0612 0x03cc wudfsvc - ok08:36:36.0659 0x03cc [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll08:36:36.0722 0x03cc WwanSvc - ok08:36:36.0784 0x03cc ================ Scan global ===============================08:36:36.0815 0x03cc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll08:36:36.0846 0x03cc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll08:36:36.0893 0x03cc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll08:36:36.0940 0x03cc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll08:36:36.0956 0x03cc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe08:36:36.0971 0x03cc [ Global ] - ok08:36:36.0971 0x03cc ================ Scan MBR ==================================08:36:36.0971 0x03cc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR008:36:37.0205 0x03cc \Device\Harddisk0\DR0 - ok08:36:37.0205 0x03cc [ 9BDCD748DDEE745CACF4B8043E944BAF ] \Device\Harddisk1\DR108:36:37.0314 0x03cc \Device\Harddisk1\DR1 - ok08:36:37.0314 0x03cc ================ Scan VBR ==================================08:36:37.0330 0x03cc [ FFCB6774577B928649D912CC48C62198 ] \Device\Harddisk0\DR0\Partition108:36:37.0392 0x03cc \Device\Harddisk0\DR0\Partition1 - ok08:36:37.0392 0x03cc [ 7A55368A334C9562AABF7A1411D55550 ] \Device\Harddisk0\DR0\Partition208:36:37.0455 0x03cc \Device\Harddisk0\DR0\Partition2 - ok08:36:37.0455 0x03cc [ BC93B9A980F02ADAC212E33CFD9E9F22 ] \Device\Harddisk1\DR1\Partition108:36:37.0455 0x03cc \Device\Harddisk1\DR1\Partition1 - ok08:36:37.0470 0x03cc ================ Scan generic autorun ======================08:36:37.0580 0x03cc [ 8476E1C89C9D9834102EF86B651C6F39, 728D025B925FBACB45E31B4531CB05E5CA1662D99FFC97E237C2033030D8FDD7 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe08:36:37.0611 0x03cc StartCCC - ok08:36:37.0642 0x03cc [ 901AA7A38CE13F14B6BBEC38C0595698, 1E95F2048E2A1782807D52E9816ED267355718E24D01FF07ACE73D965EDE388A ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe08:36:37.0658 0x03cc BCSSync - ok08:36:37.0736 0x03cc [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe08:36:37.0751 0x03cc Adobe ARM - ok08:36:37.0876 0x03cc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe08:36:37.0970 0x03cc Sidebar - ok08:36:38.0016 0x03cc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe08:36:38.0048 0x03cc mctadmin - ok08:36:38.0079 0x03cc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe08:36:38.0110 0x03cc Sidebar - ok08:36:38.0126 0x03cc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe08:36:38.0141 0x03cc mctadmin - ok08:36:38.0141 0x03cc [ 59BCE9F07985F8A4204F4D6554CFF708, CA24AEF558647274D019DFB4D7FD1506D84EC278795C30BA53B81BB36130DC57 ] C:\Windows\system32\regsvr32.exe08:36:38.0157 0x03cc CryptoUpdate - ok08:36:38.0266 0x03cc jptlpajahwb - ok08:36:38.0282 0x03cc [ 59BCE9F07985F8A4204F4D6554CFF708, CA24AEF558647274D019DFB4D7FD1506D84EC278795C30BA53B81BB36130DC57 ] C:\Windows\system32\regsvr32.exe08:36:38.0313 0x03cc CryptoUpdate - ok08:36:38.0375 0x03cc Win FW state via NFP2: enabled08:36:38.0375 0x03cc ============================================================08:36:38.0375 0x03cc Scan finished08:36:38.0375 0x03cc ============================================================08:36:38.0391 0x1124 Detected object count: 508:36:38.0391 0x1124 Actual detected object count: 508:36:56.0783 0x1124 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user08:36:56.0783 0x1124 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:36:56.0783 0x1124 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user08:36:56.0783 0x1124 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:36:56.0783 0x1124 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user08:36:56.0783 0x1124 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:36:56.0783 0x1124 RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - skipped by user08:36:56.0783 0x1124 RalinkRegistryWriter64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:36:56.0783 0x1124 RaMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user08:36:56.0783 0x1124 RaMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:37:14.0068 0x11dc Deinitialize success Link to post Share on other sites More sharing options...
LiquidTension Posted September 28, 2014 ID:884114 Share Posted September 28, 2014 Hello, Your computer is heavily infected. Unfortunately, I must issue the following warning. Please have a read, and let me know how you wish to proceed. BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.When should I re-format? How should I reinstall?Help: I Got Hacked. Now What Do I Do?Where to draw the line? When to recommend a format and reinstall?Please let me know how you wish to proceed, and if you have any questions. Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884116 Share Posted September 28, 2014 Sorry the logs had to be broken up into sections. That's the end of them. Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884117 Share Posted September 28, 2014 I understand the risk, let's proceed Link to post Share on other sites More sharing options...
LiquidTension Posted September 28, 2014 ID:884118 Share Posted September 28, 2014 OK. Please do the following. STEP 1 ComboFixNote: Please read through these instructions before running ComboFix.Please download ComboFix and save the file to your Desktop. << Important!Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click ComboFix.exe and select Run as administrator to run the programme.Follow the prompts. Allow ComboFix to complete it's removal routine (please refer to Important Notes:).Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.Re-enable your anti-virus software. Important Notes:Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.Do NOT use your computer whilst ComboFix is running.Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal. If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.ComboFix will disconnect your machine from the Internet as soon as it starts.Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.If you are unable to access the Internet after running ComboFix, please reboot your computer. STEP 2 Farbar Recovery Scan Tool (FRST) ScanPlease download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.Right-Click FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.ComboFix.txtFRST.txtAddition.txt Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884144 Share Posted September 28, 2014 ComboFix 14-09-24.01 - Sacred Heart 09/28/2014 9:21.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3571.2109 [GMT -4:00]Running from: c:\users\Sacred Heart\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\@system.attc:\programdata\@system2.attc:\programdata\wrnhoah.tmpc:\users\Sacred Heart\alg.exec:\users\Sacred Heart\AppData\Roaming\{00004C28-44DC-4899-8259-545237DB241C}.exec:\users\Sacred Heart\AppData\Roaming\2035015489c:\users\Sacred Heart\AppData\Roaming\209053014c:\users\Sacred Heart\AppData\Roaming\2207073097c:\users\Sacred Heart\AppData\Roaming\2880139563c:\users\Sacred Heart\AppData\Roaming\3003501318c:\users\Sacred Heart\AppData\Roaming\3120250656c:\users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tplc:\users\Sacred Heart\Documents\~WRL0001.tmpc:\users\Sacred Heart\Documents\~WRL0002.tmpc:\users\Sacred Heart\Documents\~WRL0003.tmpc:\users\Sacred Heart\Documents\~WRL0004.tmpc:\users\Sacred Heart\Documents\~WRL0005.tmpc:\users\Sacred Heart\Documents\~WRL0006.tmpc:\users\Sacred Heart\Documents\~WRL0007.tmpc:\users\Sacred Heart\Documents\~WRL0008.tmpc:\users\Sacred Heart\Documents\~WRL0009.tmpc:\users\Sacred Heart\Documents\~WRL0010.tmpc:\users\Sacred Heart\Documents\~WRL0011.tmpc:\users\Sacred Heart\Documents\~WRL0012.tmpc:\users\Sacred Heart\Documents\~WRL0013.tmpc:\users\Sacred Heart\Documents\~WRL0014.tmpc:\users\Sacred Heart\Documents\~WRL0015.tmpc:\users\Sacred Heart\Documents\~WRL0016.tmpc:\users\Sacred Heart\Documents\~WRL0017.tmpc:\users\Sacred Heart\Documents\~WRL0018.tmpc:\users\Sacred Heart\Documents\~WRL0019.tmpc:\users\Sacred Heart\Documents\~WRL0020.tmpc:\users\Sacred Heart\Documents\~WRL0021.tmpc:\users\Sacred Heart\Documents\~WRL0022.tmpc:\users\Sacred Heart\Documents\~WRL0023.tmpc:\users\Sacred Heart\Documents\~WRL0029.tmpc:\users\Sacred Heart\Documents\~WRL0078.tmpc:\users\Sacred Heart\Documents\~WRL0186.tmpc:\users\Sacred Heart\Documents\~WRL0261.tmpc:\users\Sacred Heart\Documents\~WRL0295.tmpc:\users\Sacred Heart\Documents\~WRL0323.tmpc:\users\Sacred Heart\Documents\~WRL0355.tmpc:\users\Sacred Heart\Documents\~WRL0411.tmpc:\users\Sacred Heart\Documents\~WRL0597.tmpc:\users\Sacred Heart\Documents\~WRL0602.tmpc:\users\Sacred Heart\Documents\~WRL0643.tmpc:\users\Sacred Heart\Documents\~WRL0686.tmpc:\users\Sacred Heart\Documents\~WRL0936.tmpc:\users\Sacred Heart\Documents\~WRL1034.tmpc:\users\Sacred Heart\Documents\~WRL1061.tmpc:\users\Sacred Heart\Documents\~WRL1158.tmpc:\users\Sacred Heart\Documents\~WRL1186.tmpc:\users\Sacred Heart\Documents\~WRL1322.tmpc:\users\Sacred Heart\Documents\~WRL1326.tmpc:\users\Sacred Heart\Documents\~WRL1349.tmpc:\users\Sacred Heart\Documents\~WRL1471.tmpc:\users\Sacred Heart\Documents\~WRL1506.tmpc:\users\Sacred Heart\Documents\~WRL1507.tmpc:\users\Sacred Heart\Documents\~WRL1519.tmpc:\users\Sacred Heart\Documents\~WRL1597.tmpc:\users\Sacred Heart\Documents\~WRL1899.tmpc:\users\Sacred Heart\Documents\~WRL1917.tmpc:\users\Sacred Heart\Documents\~WRL1941.tmpc:\users\Sacred Heart\Documents\~WRL2015.tmpc:\users\Sacred Heart\Documents\~WRL2291.tmpc:\users\Sacred Heart\Documents\~WRL2304.tmpc:\users\Sacred Heart\Documents\~WRL2583.tmpc:\users\Sacred Heart\Documents\~WRL2801.tmpc:\users\Sacred Heart\Documents\~WRL3048.tmpc:\users\Sacred Heart\Documents\~WRL3228.tmpc:\users\Sacred Heart\Documents\~WRL3321.tmpc:\users\Sacred Heart\Documents\~WRL3324.tmpc:\users\Sacred Heart\Documents\~WRL3485.tmpc:\users\Sacred Heart\Documents\~WRL3596.tmpc:\users\Sacred Heart\Documents\~WRL3615.tmpc:\users\Sacred Heart\Documents\~WRL3665.tmpc:\users\Sacred Heart\Documents\~WRL3713.tmpc:\users\Sacred Heart\Documents\~WRL3739.tmpc:\users\Sacred Heart\Documents\~WRL3839.tmpc:\users\Sacred Heart\GoToAssistDownloadHelper.exec:\users\Sacred Heart\notepad.exec:\windows\SysWow64\SETBEE9.tmpc:\windows\SysWow64\SETC004.tmpc:\windows\SysWow64\u..CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment..((((((((((((((((((((((((( Files Created from 2014-08-28 to 2014-09-28 )))))))))))))))))))))))))))))))..2014-09-28 14:22 . 2014-09-28 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp2014-09-28 12:50 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll2014-09-28 12:50 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe2014-09-28 12:50 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll2014-09-28 12:50 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll2014-09-28 12:49 . 2014-05-14 13:23 198600 ----a-w- c:\windows\system32\wuwebv.dll2014-09-28 12:49 . 2014-05-14 13:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll2014-09-28 12:49 . 2014-05-14 13:20 36864 ----a-w- c:\windows\system32\wuapp.exe2014-09-28 12:49 . 2014-05-14 13:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe2014-09-28 12:42 . 2014-09-28 12:42 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07C4B4FB-A34F-48A1-B174-DA5CB18D12E2}\offreg.dll2014-09-28 11:54 . 2014-09-28 12:31 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-09-28 11:54 . 2014-09-28 12:25 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-09-28 11:54 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-09-28 11:54 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-09-28 11:54 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-09-28 11:53 . 2014-09-28 11:53 -------- d-----w- c:\users\Sacred Heart\AppData\Local\Programs2014-09-27 22:22 . 2014-09-27 22:19 34905600 ----a-w- C:\sp58084.exe2014-09-24 12:32 . 2014-09-24 12:32 -------- d-----w- c:\users\Sacred Heart\AppData\Local\VirtualStore2014-09-23 15:47 . 2014-09-23 15:47 -------- d-----w- c:\users\Sacred Heart\AppData\Roaming\pdfforge2014-09-22 12:19 . 2014-09-22 12:21 -------- d-----w- c:\programdata\Sophos2014-09-22 12:18 . 2014-09-22 12:18 73728 ----a-r- c:\users\Sacred Heart\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-09-22 12:18 . 2014-09-22 12:18 73728 ----a-r- c:\users\Sacred Heart\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-09-22 12:18 . 2014-09-22 12:18 73728 ----a-r- c:\users\Sacred Heart\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2014-09-22 11:59 . 2014-09-22 11:59 -------- d-----w- c:\program files (x86)\Sophos2014-09-16 13:10 . 2014-09-16 13:10 -------- d-sh--w- c:\windows\system32\%APPDATA%2014-09-05 14:40 . 2014-09-28 12:25 -------- d-----w- c:\programdata\EvitpUseyw...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-08-21 17:33 . 2012-07-30 22:30 512000 ----a-w- c:\windows\system32\rpcss.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17416880].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" [2012-07-30 686792].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"Run"= "c:\users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\System32\drivers\SMR322.SYS;c:\windows\SYSNATIVE\drivers\SMR322.SYS [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x]S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 73231332*NewlyCreated* - MBAMWEBACCESSCONTROL*Deregistered* - 73231332.Contents of the 'Scheduled Tasks' folder.2014-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 22:51]..--------- X64 Entries -----------..------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051mLocal Page = c:\windows\system32\blank.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - ..------- File Associations -------.JSEFile=NOTEPAD.EXE "%1".- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-CryptoUpdate - c:\users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tplWow6432Node-HKCU-RunOnce-CryptoUpdate - c:\users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tplc:\users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xwizard.lnk - c:\users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)AddRemove-Critical Security Update - c:\windows\system32\javaws.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-639415932-1215857684-1316868989-1003_Classes\clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]@Allowed: (B) (CreatorAuthority-4).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-09-28 10:25:50ComboFix-quarantined-files.txt 2014-09-28 14:25.Pre-Run: 931,434,491,904 bytes freePost-Run: 931,163,324,416 bytes free.- - End Of File - - 26500675B194D1F299BDA4ACBE2D1D6AA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884145 Share Posted September 28, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014Ran by Sacred Heart (administrator) on SACREDHEART-PC on 28-09-2014 10:52:48Running from C:\Users\Sacred Heart\DesktopLoaded Profile: Sacred Heart (Available profiles: Sacred Heart)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) C:\Windows\System32\HPSIsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Policies\Explorer: [Run] "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.)HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe [686792 2012-07-30] (Adobe Systems Incorporated)HKU\S-1-5-18\...\MountPoints2: D - D:\Programs\nu2menu\nu2menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBAF2A4F8647CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-12]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ruFF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2014-08-12]FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ruFF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2014-08-12] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] ()S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-06-23] ()S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()U3 catchme; \??\C:\ComboFix\catchme.sys [X]S0 SMR322; System32\drivers\SMR322.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:52 - 2014-09-28 10:53 - 00013039 _____ () C:\Users\Sacred Heart\Desktop\FRST.txt2014-09-28 10:52 - 2014-09-28 10:52 - 00000000 ____D () C:\FRST2014-09-28 10:25 - 2014-09-28 10:25 - 00020510 _____ () C:\ComboFix.txt2014-09-28 09:19 - 2014-09-28 10:25 - 00000000 ____D () C:\Qoobox2014-09-28 09:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-09-28 09:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-09-28 09:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-09-28 09:18 - 2014-09-28 10:23 - 00000000 ____D () C:\Windows\erdnt2014-09-28 08:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-09-28 08:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-09-28 08:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-09-28 08:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-09-28 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-09-28 08:33 - 2014-09-28 08:34 - 00148009 _____ () C:\Users\Sacred Heart\Desktop\New Text Document.txt2014-09-28 08:04 - 2014-09-28 07:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sacred Heart\Desktop\mbam-setup-2.0.2.1012.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01699276 _____ (Thisisu) C:\Users\Sacred Heart\Desktop\JRT.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01373475 _____ () C:\Users\Sacred Heart\Desktop\AdwCleaner.exe2014-09-28 08:04 - 2014-09-27 22:33 - 02108928 _____ (Farbar) C:\Users\Sacred Heart\Desktop\FRST64.exe2014-09-28 08:04 - 2014-09-27 22:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sacred Heart\Desktop\tdsskiller.exe2014-09-28 08:04 - 2014-09-27 22:23 - 05580995 ____R (Swearware) C:\Users\Sacred Heart\Desktop\ComboFix.exe2014-09-28 07:54 - 2014-09-28 08:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-28 07:54 - 2014-09-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-09-28 07:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-28 07:54 - 2014-09-28 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-28 07:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-28 07:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-27 21:23 - 2014-09-28 08:30 - 00000964 _____ () C:\Windows\setupact.log2014-09-27 21:23 - 2014-09-27 21:23 - 00000000 _____ () C:\Windows\setuperr.log2014-09-27 20:11 - 2014-09-05 09:56 - 00004130 _____ () C:\Users\Sacred Heart\Downloads\grrr - Copy.TXT2014-09-27 18:22 - 2014-09-27 18:19 - 34905600 _____ (Hewlett-Packard Development Company, L.P. ) C:\sp58084.exe2014-09-27 15:59 - 2014-09-05 09:58 - 00004130 _____ () C:\Users\Grrr.TXT2014-09-24 12:14 - 2014-09-24 12:14 - 00007016 ____N () C:\bootsqm.dat2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\VirtualStore2014-09-23 12:21 - 2014-09-24 08:18 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFCE2EDA-C7EC-46A2-A6B4-FCF23DE328B7}2014-09-23 11:47 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\pdfforge2014-09-22 11:23 - 2014-09-22 11:23 - 00058880 _____ () C:\Users\Sacred Heart\Desktop\9_21_14-SUN_COLLECT.xls2014-09-22 11:19 - 2014-09-22 11:19 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_21_14-SUN_COLLECT.xls2014-09-22 08:19 - 2014-09-22 08:21 - 00000000 ____D () C:\ProgramData\Sophos2014-09-22 08:18 - 2014-09-22 08:18 - 00003237 _____ () C:\Users\Sacred Heart\Desktop\Sophos Virus Removal Tool.lnk2014-09-22 08:18 - 2014-09-22 08:18 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos2014-09-22 07:59 - 2014-09-22 07:59 - 00000000 ____D () C:\Program Files (x86)\Sophos2014-09-17 13:16 - 2014-09-17 13:16 - 00000448 ____H () C:\Users\Sacred Heart\AppData\Roaming\麽鎒駓覜2014-09-17 10:59 - 2014-09-17 14:11 - 00011366 _____ () C:\Users\Sacred Heart\Documents\liturgy 2014.xlsx2014-09-16 20:20 - 2014-09-18 09:16 - 118352120 _____ (Microsoft Corporation) C:\Users\Sacred Heart\Downloads\msert.exe2014-09-16 19:20 - 2014-09-16 19:20 - 00000000 ____D () C:\Windows\pss2014-09-16 15:12 - 2014-09-16 15:12 - 00002052 _____ () C:\Windows\epplauncher.mif2014-09-16 09:10 - 2014-09-16 09:10 - 00000000 __SHD () C:\Windows\system32\%APPDATA%2014-09-15 12:22 - 2014-09-15 12:28 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_14_14-SUN_COLLECT.xls2014-09-05 10:40 - 2014-09-28 08:25 - 00000000 ____D () C:\ProgramData\EvitpUseyw2014-08-29 13:22 - 2014-08-29 13:25 - 00219244 _____ () C:\Users\Sacred Heart\Desktop\fa1131bi.tif2014-08-29 13:21 - 2014-08-29 13:21 - 00000000 _____ () C:\Users\Sacred Heart\Downloads\fa1131bi.tif.en9r1v9.partial ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-09-28 10:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini2014-09-28 10:21 - 2012-08-22 15:55 - 00000000 ____D () C:\Users\Sacred Heart2014-09-28 10:20 - 2012-07-30 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-28 08:57 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-28 08:57 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-28 08:50 - 2012-08-22 15:54 - 01897940 _____ () C:\Windows\WindowsUpdate.log2014-09-28 08:35 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-28 08:31 - 2012-07-31 15:00 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS2014-09-28 08:30 - 2012-07-31 03:17 - 00265226 _____ () C:\Windows\PFRO.log2014-09-28 08:30 - 2012-07-30 22:13 - 00000000 ____D () C:\Windows\Panther2014-09-28 08:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-28 07:55 - 2013-05-30 09:03 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\CrashDumps2014-09-28 07:54 - 2013-05-02 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-28 07:36 - 2013-11-08 11:43 - 00000000 ____D () C:\Program Files\Google2014-09-28 07:36 - 2012-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Google2014-09-27 22:45 - 2013-11-08 11:42 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Google2014-09-27 21:17 - 2012-08-22 17:41 - 00000000 ____D () C:\Users\Sacred Heart\Documents\My Scans2014-09-27 21:10 - 2014-02-21 15:52 - 00000000 ____D () C:\Users\Sacred Heart\Desktop\Publisher Bulletins2014-09-27 21:10 - 2013-05-10 12:18 - 00000000 ___SD () C:\Users\Sacred Heart\Documents\My Data Sources2014-09-27 20:21 - 2012-09-18 12:51 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Microsoft Games2014-09-27 20:21 - 2012-08-28 14:23 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\LPi Express HTD2014-09-27 20:21 - 2012-08-22 17:25 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Adobe2014-09-27 20:12 - 2012-08-22 16:30 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\AMD2014-09-27 20:12 - 2012-07-30 18:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2014-09-27 16:02 - 2014-08-12 09:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-27 16:02 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\fc044c2014-09-27 16:02 - 2012-10-10 10:01 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple Computer2014-09-27 16:02 - 2012-08-22 17:28 - 00000000 ____D () C:\ProgramData\Ralink Driver2014-09-27 16:01 - 2012-12-06 10:29 - 00000000 ____D () C:\ebsword2014-09-27 16:01 - 2012-08-22 16:26 - 00000000 ____D () C:\ATI2014-09-27 16:01 - 2012-08-22 16:21 - 00000000 ____D () C:\AMD2014-09-26 08:42 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-25 13:31 - 2012-08-22 17:41 - 00011858 _____ () C:\Users\Sacred Heart\Documents\WEEKLY2.xlsx2014-09-25 08:44 - 2012-09-18 11:13 - 00001511 _____ () C:\Users\Sacred Heart\AppData\Local\print.ini2014-09-24 08:32 - 2012-07-30 18:30 - 00000000 __SHD () C:\Users\Sacred Heart\AppData\Roaming\dteivvbh2014-09-16 12:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-05 12:03 - 2012-07-31 15:00 - 00000000 ____D () C:\Windows\AutoKMS2014-09-05 12:02 - 2012-08-22 16:04 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple2014-09-05 12:02 - 2012-07-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-05 12:02 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-09-05 12:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-09-05 09:55 - 2013-03-13 12:12 - 14592872 _____ () C:\Users\Sacred Heart\Downloads\IMG_1150.mp42014-09-05 09:55 - 2012-08-22 17:41 - 00578630 _____ () C:\Users\Sacred Heart\Downloads\Palm01c_sc.eps2014-09-05 09:54 - 2013-09-24 10:23 - 00546002 _____ () C:\Users\Sacred Heart\Downloads\bi03fa06_sc.eps2014-09-05 09:54 - 2013-06-03 14:20 - 00636234 _____ () C:\Users\Sacred Heart\Downloads\bi57sp04_sc.eps Files to move or delete:====================C:\Users\Sacred Heart\acrobat.exeC:\Users\Sacred Heart\chrome935539.exeC:\Users\Sacred Heart\ctfmon132343.exeC:\Users\Sacred Heart\flashplayer560745.exeC:\Users\Sacred Heart\googleupdate.exeC:\Users\Sacred Heart\googleupdate27226.exeC:\Users\Sacred Heart\msconfig464447.exeC:\Users\Sacred Heart\mstsc524057.exeC:\Users\Sacred Heart\rundll3238542.exeC:\Users\Sacred Heart\rundll32826958.exeC:\Users\Sacred Heart\spoolsv35736.exeC:\Users\Sacred Heart\vlcplayer.exeC:\Users\Sacred Heart\vlcplayer566390.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-03 11:52 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884148 Share Posted September 28, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014Ran by Sacred Heart at 2014-09-28 10:53:38Running from C:\Users\Sacred Heart\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.268 - Adobe Systems Incorporated)Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) HiddenAMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) HiddenAMD Steady Video Plug-In (Version: 2.06.0000 - AMD) HiddenAMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) HiddenApple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft)Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: - Driver-Soft Inc.)Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)IDS Client (HKLM-x32\...\{01218E3C-86E4-4D70-A36F-69CD41B78DBC}) (Version: 3.2.1.4466 - IDS LLC)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) HiddenJava 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) HiddenKeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl)LPi Express HTD 5.3 (HKLM-x32\...\LPi Express HTD) (Version: 5.3 - Liturgical Publications Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) HiddenMicrosoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MiniTool Partition Wizard Home Edition 7.5 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery)Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.)Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)WordPerfect Office 11 (HKLM-x32\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0.0.233 - Corel Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-09-2014 12:49:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-28 10:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C386C0E-A445-47DA-901A-393EB6C2D382} - System32\Tasks\{297F2293-13B0-4FE3-9198-BB8A93BE8460} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation)Task: {3F39A9C4-19EB-4085-866A-319B46C3831C} - System32\Tasks\{9C20487D-2C01-4F9E-974B-09089469BCF8} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.)Task: {57C34F52-F55D-46A9-BBEC-7FE5497E2771} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)Task: {5E579732-3AE5-4CCE-98D9-C8936BB00502} - System32\Tasks\{153E2278-86B5-49E0-AE94-8AF4E54E5B22} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation)Task: {70B14C0D-C1D5-4F0C-A0AA-4312FA676299} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-31] ()Task: {766E07AE-1135-40DF-846A-958749F829BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {7CC6BFF0-97EA-4DC0-AED0-97DB14A902ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {8F7B41E9-2C26-4938-A4EE-F3BA6442CF6B} - System32\Tasks\{B3E80174-7A15-479A-8CC6-BE56E35E091D} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation)Task: {AD5CF118-9EB3-4AB5-8CBA-2302A1EA732B} - System32\Tasks\{F66C47B5-EAA0-485C-8591-A65C09773112} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.)Task: {B3670107-77A8-46F9-BDD5-6573E06A504B} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)Task: {C105B06E-52C7-4CFA-862C-2A85C608D415} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)Task: {C534DDA7-E6AF-4B97-9A5C-9FF71930D354} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)Task: {CE83A9E3-F3FE-4B66-A10B-BC53E06A8BF4} - System32\Tasks\{1B1556A2-E352-4B56-8363-A1F352A73E81} => Chrome.exe Task: {CF34E322-8BD7-48BB-BD6C-675495149C5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30] (Adobe Systems Incorporated)Task: {F1422699-57D0-4C49-B113-955A814AC852} - System32\Tasks\{2D3E9920-B639-4DE1-AE6E-AE6A472279CA} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-24 10:20 - 2010-03-31 11:51 - 00407040 _____ () C:\Windows\System32\HPM1210LM.DLL2012-08-28 14:22 - 2011-04-29 23:14 - 00083752 _____ () C:\Windows\system32\PuzzlePort64.dll2012-08-24 10:20 - 2010-03-31 11:51 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll2012-08-24 10:19 - 2010-04-28 11:49 - 00222720 _____ () C:\Windows\system32\m1210nwia.dll2012-08-06 12:24 - 2012-08-06 12:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Sacred Heart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^xwizard.lnk => C:\Windows\pss\xwizard.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesMSCONFIG\startupreg: Driver Genius => MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Device Center\itype.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /hMSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exeMSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: xwizard => "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"MSCONFIG\startupreg: {f55de818-9e4d-43d0-0b46-54c71f088e85} => "C:\ProgramData\Microsoft\{f55de818-9e4d-43d0-0b46-54c71f088e85}\{f55de818-9e4d-43d0-0b46-54c71f088e85}.exe"MSCONFIG\startupreg: .tluafed => ========================= Accounts: ========================== Administrator (S-1-5-21-639415932-1215857684-1316868989-500 - Administrator - Disabled)Guest (S-1-5-21-639415932-1215857684-1316868989-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-639415932-1215857684-1316868989-1006 - Limited - Enabled)Sacred Heart (S-1-5-21-639415932-1215857684-1316868989-1003 - Administrator - Enabled) => C:\Users\Sacred Heart ==================== Faulty Device Manager Devices ============= Name: Ethernet ControllerDescription: Ethernet ControllerClass Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 802.11n Wireless LAN CardDescription: 802.11n Wireless LAN CardClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Ralink Technology, Corp.Service: netr28xProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10bException code: 0xc0000005Fault offset: 0x00000000000033c1Faulting process id: 0x710Faulting application start time: 0xFuel.Service.exe0Faulting application path: Fuel.Service.exe1Faulting module path: Fuel.Service.exe2Report Id: Fuel.Service.exe3 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000062c3523Faulting process id: 0x994Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3 Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0000000009263523Faulting process id: 0x870Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3 Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0000000008a83523Faulting process id: 0x64cFaulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000087d3523Faulting process id: 0x878Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000050c3523Faulting process id: 0xaecFaulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0000000009883523Faulting process id: 0xe00Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x00000000062d3523Faulting process id: 0x72cFaulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/28/2014 07:42:50 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0000000007d83523Faulting process id: 0xc70Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/28/2014 07:41:10 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x0000000000000000Faulting process id: 0xbc0Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 System errors:=============Error: (09/28/2014 10:22:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 10:21:16 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/28/2014 09:47:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 08:32:54 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/28/2014 08:31:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 08:30:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 08:25:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: %%1290 Error: (09/28/2014 08:25:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Base Filtering Engine service failed to start due to the following error: %%1290 Error: (09/28/2014 08:25:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Security Center service failed to start due to the following error: %%1314 Microsoft Office Sessions:=========================Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c171001cfdb1081caacc9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllac48dd2a-470a-11e4-bafd-e7a61a1ba403 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: )Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062c352399401cfdb12c6a5c40eC:\Windows\explorer.exeunknown4322818f-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: )Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000926352387001cfdb12aebdab23C:\Windows\explorer.exeunknown01b7cda3-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000008a8352364c01cfdb1246672c35C:\Windows\Explorer.EXEunknownbd28fdcc-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000087d352387801cfdb120b482a89C:\Windows\Explorer.EXEunknown8176d469-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000050c3523aec01cfdb11cfa42258C:\Windows\Explorer.EXEunknown466d3f20-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000009883523e0001cfdb1193ba8589C:\Windows\Explorer.EXEunknown0a94d8a8-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062d352372c01cfdb1157db4911C:\Windows\Explorer.EXEunknownced875fe-4704-11e4-bafd-a6300096e01c Error: (09/28/2014 07:42:50 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000007d83523c7001cfdb111c0a06bbC:\Windows\Explorer.EXEunknown92f21566-4704-11e4-bafd-a6300096e01c Error: (09/28/2014 07:41:10 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000041d0000000000000000bc001cfdb10e04e57d7C:\Windows\Explorer.EXEunknown5723346f-4704-11e4-bafd-a6300096e01c CodeIntegrity Errors:=================================== Date: 2014-09-28 10:21:16.472 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-28 10:21:16.332 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A4-3400 APU with Radeon HD GraphicsPercentage of memory in use: 71%Total physical RAM: 3570.79 MBAvailable physical RAM: 1006.53 MBTotal Pagefile: 7139.75 MBAvailable Pagefile: 5610.53 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:867.21 GB) NTFSDrive e: (WINTOUSB) (Removable) (Total:14.89 GB) (Free:13.76 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58CFF908)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 14.9 GB) (Disk ID: 00005053)Partition 1: (Active) - (Size=14.9 GB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
LiquidTension Posted September 28, 2014 ID:884155 Share Posted September 28, 2014 Hello, What are these? Task: {70B14C0D-C1D5-4F0C-A0AA-4312FA676299} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-31] ()2014-09-28 08:31 - 2012-07-31 15:00 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884157 Share Posted September 28, 2014 I have no idea what that is. Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884160 Share Posted September 28, 2014 The brief research I just did, seems to indicate that it's some sort of Office crack, but I'm "reasonably" sure that the installation of Office on this computer is legitimate. This is a business computer that I've been brought in to clean up. Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884163 Share Posted September 28, 2014 To be on the safe side, I've removed it. Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884194 Share Posted September 28, 2014 Here is the new FRST scan after removing autokms Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014Ran by Sacred Heart (administrator) on SACREDHEART-PC on 28-09-2014 13:05:00Running from C:\Users\Sacred Heart\DesktopLoaded Profile: Sacred Heart (Available profiles: Sacred Heart)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) C:\Windows\System32\HPSIsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Policies\Explorer: [Run] "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.)HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe [686792 2012-07-30] (Adobe Systems Incorporated)HKU\S-1-5-18\...\MountPoints2: D - D:\Programs\nu2menu\nu2menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBAF2A4F8647CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-12]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ruFF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2014-08-12]FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ruFF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2014-08-12] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] ()S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-06-23] ()S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()S3 catchme; \??\C:\ComboFix\catchme.sys [X]S0 SMR322; System32\drivers\SMR322.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:54 - 2014-09-28 10:54 - 00025396 _____ () C:\Users\Sacred Heart\Desktop\FRST201409281056.txt2014-09-28 10:53 - 2014-09-28 13:03 - 00039260 _____ () C:\Users\Sacred Heart\Desktop\Addition.txt2014-09-28 10:52 - 2014-09-28 13:05 - 00013189 _____ () C:\Users\Sacred Heart\Desktop\FRST.txt2014-09-28 10:52 - 2014-09-28 13:05 - 00000000 ____D () C:\FRST2014-09-28 10:25 - 2014-09-28 10:25 - 00020510 _____ () C:\ComboFix.txt2014-09-28 09:19 - 2014-09-28 10:25 - 00000000 ____D () C:\Qoobox2014-09-28 09:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-09-28 09:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-09-28 09:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-09-28 09:18 - 2014-09-28 10:23 - 00000000 ____D () C:\Windows\erdnt2014-09-28 08:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-09-28 08:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-09-28 08:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-09-28 08:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-09-28 08:49 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-09-28 08:49 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-09-28 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-09-28 08:33 - 2014-09-28 08:34 - 00148009 _____ () C:\Users\Sacred Heart\Desktop\New Text Document.txt2014-09-28 08:04 - 2014-09-28 07:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sacred Heart\Desktop\mbam-setup-2.0.2.1012.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01699276 _____ (Thisisu) C:\Users\Sacred Heart\Desktop\JRT.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01373475 _____ () C:\Users\Sacred Heart\Desktop\AdwCleaner.exe2014-09-28 08:04 - 2014-09-27 22:33 - 02108928 _____ (Farbar) C:\Users\Sacred Heart\Desktop\FRST64.exe2014-09-28 08:04 - 2014-09-27 22:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sacred Heart\Desktop\tdsskiller.exe2014-09-28 08:04 - 2014-09-27 22:23 - 05580995 ____R (Swearware) C:\Users\Sacred Heart\Desktop\ComboFix.exe2014-09-28 07:54 - 2014-09-28 13:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-28 07:54 - 2014-09-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-09-28 07:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-28 07:54 - 2014-09-28 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-28 07:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-28 07:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-27 21:23 - 2014-09-28 12:59 - 00001872 _____ () C:\Windows\setupact.log2014-09-27 21:23 - 2014-09-27 21:23 - 00000000 _____ () C:\Windows\setuperr.log2014-09-27 20:11 - 2014-09-05 09:56 - 00004130 _____ () C:\Users\Sacred Heart\Downloads\grrr - Copy.TXT2014-09-27 18:22 - 2014-09-27 18:19 - 34905600 _____ (Hewlett-Packard Development Company, L.P. ) C:\sp58084.exe2014-09-27 15:59 - 2014-09-05 09:58 - 00004130 _____ () C:\Users\Grrr.TXT2014-09-24 12:14 - 2014-09-24 12:14 - 00007016 ____N () C:\bootsqm.dat2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\VirtualStore2014-09-23 12:21 - 2014-09-24 08:18 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFCE2EDA-C7EC-46A2-A6B4-FCF23DE328B7}2014-09-23 11:47 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\pdfforge2014-09-22 11:23 - 2014-09-22 11:23 - 00058880 _____ () C:\Users\Sacred Heart\Desktop\9_21_14-SUN_COLLECT.xls2014-09-22 11:19 - 2014-09-22 11:19 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_21_14-SUN_COLLECT.xls2014-09-22 08:19 - 2014-09-22 08:21 - 00000000 ____D () C:\ProgramData\Sophos2014-09-22 08:18 - 2014-09-22 08:18 - 00003237 _____ () C:\Users\Sacred Heart\Desktop\Sophos Virus Removal Tool.lnk2014-09-22 08:18 - 2014-09-22 08:18 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos2014-09-22 07:59 - 2014-09-22 07:59 - 00000000 ____D () C:\Program Files (x86)\Sophos2014-09-17 13:16 - 2014-09-17 13:16 - 00000448 ____H () C:\Users\Sacred Heart\AppData\Roaming\麽鎒駓覜2014-09-17 10:59 - 2014-09-17 14:11 - 00011366 _____ () C:\Users\Sacred Heart\Documents\liturgy 2014.xlsx2014-09-16 20:20 - 2014-09-18 09:16 - 118352120 _____ (Microsoft Corporation) C:\Users\Sacred Heart\Downloads\msert.exe2014-09-16 19:20 - 2014-09-16 19:20 - 00000000 ____D () C:\Windows\pss2014-09-16 15:12 - 2014-09-16 15:12 - 00002052 _____ () C:\Windows\epplauncher.mif2014-09-16 09:10 - 2014-09-16 09:10 - 00000000 __SHD () C:\Windows\system32\%APPDATA%2014-09-15 12:22 - 2014-09-15 12:28 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_14_14-SUN_COLLECT.xls2014-09-05 10:40 - 2014-09-28 08:25 - 00000000 ____D () C:\ProgramData\EvitpUseyw2014-08-29 13:22 - 2014-08-29 13:25 - 00219244 _____ () C:\Users\Sacred Heart\Desktop\fa1131bi.tif2014-08-29 13:21 - 2014-08-29 13:21 - 00000000 _____ () C:\Users\Sacred Heart\Downloads\fa1131bi.tif.en9r1v9.partial ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 13:04 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-28 13:03 - 2012-08-22 15:54 - 01057297 _____ () C:\Windows\WindowsUpdate.log2014-09-28 12:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-28 12:20 - 2012-07-30 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-28 11:55 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-28 11:55 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-28 11:46 - 2012-07-31 03:17 - 00266026 _____ () C:\Windows\PFRO.log2014-09-28 10:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-09-28 10:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini2014-09-28 10:21 - 2012-08-22 15:55 - 00000000 ____D () C:\Users\Sacred Heart2014-09-28 08:30 - 2012-07-30 22:13 - 00000000 ____D () C:\Windows\Panther2014-09-28 07:55 - 2013-05-30 09:03 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\CrashDumps2014-09-28 07:54 - 2013-05-02 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-28 07:36 - 2013-11-08 11:43 - 00000000 ____D () C:\Program Files\Google2014-09-28 07:36 - 2012-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Google2014-09-27 22:45 - 2013-11-08 11:42 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Google2014-09-27 21:17 - 2012-08-22 17:41 - 00000000 ____D () C:\Users\Sacred Heart\Documents\My Scans2014-09-27 21:10 - 2014-02-21 15:52 - 00000000 ____D () C:\Users\Sacred Heart\Desktop\Publisher Bulletins2014-09-27 21:10 - 2013-05-10 12:18 - 00000000 ___SD () C:\Users\Sacred Heart\Documents\My Data Sources2014-09-27 20:21 - 2012-09-18 12:51 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Microsoft Games2014-09-27 20:21 - 2012-08-28 14:23 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\LPi Express HTD2014-09-27 20:21 - 2012-08-22 17:25 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Adobe2014-09-27 20:12 - 2012-08-22 16:30 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\AMD2014-09-27 20:12 - 2012-07-30 18:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2014-09-27 16:02 - 2014-08-12 09:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-27 16:02 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\fc044c2014-09-27 16:02 - 2012-10-10 10:01 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple Computer2014-09-27 16:02 - 2012-08-22 17:28 - 00000000 ____D () C:\ProgramData\Ralink Driver2014-09-27 16:01 - 2012-12-06 10:29 - 00000000 ____D () C:\ebsword2014-09-27 16:01 - 2012-08-22 16:26 - 00000000 ____D () C:\ATI2014-09-27 16:01 - 2012-08-22 16:21 - 00000000 ____D () C:\AMD2014-09-26 08:42 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-25 13:31 - 2012-08-22 17:41 - 00011858 _____ () C:\Users\Sacred Heart\Documents\WEEKLY2.xlsx2014-09-25 08:44 - 2012-09-18 11:13 - 00001511 _____ () C:\Users\Sacred Heart\AppData\Local\print.ini2014-09-24 08:32 - 2012-07-30 18:30 - 00000000 __SHD () C:\Users\Sacred Heart\AppData\Roaming\dteivvbh2014-09-16 12:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-15 09:06 - 2012-07-30 18:59 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-05 12:02 - 2012-08-22 16:04 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple2014-09-05 12:02 - 2012-07-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-05 12:02 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-09-05 12:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-09-05 09:55 - 2013-03-13 12:12 - 14592872 _____ () C:\Users\Sacred Heart\Downloads\IMG_1150.mp42014-09-05 09:55 - 2012-08-22 17:41 - 00578630 _____ () C:\Users\Sacred Heart\Downloads\Palm01c_sc.eps2014-09-05 09:54 - 2013-09-24 10:23 - 00546002 _____ () C:\Users\Sacred Heart\Downloads\bi03fa06_sc.eps2014-09-05 09:54 - 2013-06-03 14:20 - 00636234 _____ () C:\Users\Sacred Heart\Downloads\bi57sp04_sc.eps Files to move or delete:====================C:\Users\Sacred Heart\acrobat.exeC:\Users\Sacred Heart\chrome935539.exeC:\Users\Sacred Heart\ctfmon132343.exeC:\Users\Sacred Heart\flashplayer560745.exeC:\Users\Sacred Heart\googleupdate.exeC:\Users\Sacred Heart\googleupdate27226.exeC:\Users\Sacred Heart\msconfig464447.exeC:\Users\Sacred Heart\mstsc524057.exeC:\Users\Sacred Heart\rundll3238542.exeC:\Users\Sacred Heart\rundll32826958.exeC:\Users\Sacred Heart\spoolsv35736.exeC:\Users\Sacred Heart\vlcplayer.exeC:\Users\Sacred Heart\vlcplayer566390.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 11:17 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
a97virago Posted September 28, 2014 Author ID:884195 Share Posted September 28, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014Ran by Sacred Heart at 2014-09-28 13:05:26Running from C:\Users\Sacred Heart\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be un
Recommended Posts