Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Cannot remove Trojan - Please Help!


Recommended Posts

Hello,

 

Malware has detected Trojan it says it removes it, but it seems it has highjacked my files and pictures. Please help!

 

FRST.txt and ADDITION.txt are included

 

Thanks in advance

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Jason (administrator) on JASON-HP on 03-12-2014 19:29:04
Running from C:\Users\Jason\Downloads
Loaded Profile: Jason (Available profiles: Jason)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Farbar) C:\Users\Jason\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\Run: [Google+ Auto Backup] => C:\Users\Jason\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\Run: [fgrirof] => rundll32 "C:\Users\Jason\AppData\Local\fgrirof.dll",fgrirof <===== ATTENTION
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\Run: [OiyliYaceq] => regsvr32.exe "C:\ProgramData\OiyliYaceq\OiyliYaceq.dat"
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\CurrentVersion\Windows: [Run] C:\Users\Jason\DOCUME~1\ADOBEA~1\ADOBEA~1.COM <===== ATTENTION
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtCyE0BtDtCzzyDtBtByBtN0D0Tzu0SyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=651201568&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6BB50E03-BE41-425E-8864-F6CE64C7570D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6BB50E03-BE41-425E-8864-F6CE64C7570D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> DefaultScope {7B3E13AD-4BFA-40BB-82C2-AA73DB9226DF} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US679D20130817&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtCyE0BtDtCzzyDtBtByBtN0D0Tzu0SyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=651201568&ir=
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {6BB50E03-BE41-425E-8864-F6CE64C7570D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {7B3E13AD-4BFA-40BB-82C2-AA73DB9226DF} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US679D20130817&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {A35732AF-A301-4459-87E9-57F314DFD411} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SaveAs Class -> {07CBAD5F-30D0-9CDE-CD7A-DCCC3920F6C8} -> C:\ProgramData\SaveAs\50d4da974a4b7.ocx ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Rich Media View -> {8fd4941b-631b-47c0-bd6c-337259dc7822} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release542\ie\RichMediaViewV1release542.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\vtusoqdr.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US679D20130817&p=
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3574012919-3848534332-1689751217-1001: @hulu.com/Hulu Desktop -> C:\Users\Jason\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF Plugin HKU\S-1-5-21-3574012919-3848534332-1689751217-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Jason\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-08-17]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtCyE0BtDtCzzyDtBtByBtN0D0Tzu0SyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=651201568&ir=
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FtCyE0BtDtCzzyDtBtByBtN0D0Tzu0SyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=651201568&ir="
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US679D20130817&p={searchTerms}
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-02]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-02]
CHR Extension: (SiteAdvisor) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
CHR HKLM-x32\...\Chrome\Extension: [dgecjgghgfciodpcckdindkboibanoeh] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha224\ch\WebexpEnhancedV1alpha224.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dhcfkemamcfmogepmihobghkmhnbdbbd] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release542\ch\RichMediaViewV1release542.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jekkpgkmligmonmkllcjpahndpaikehe] - C:\ProgramData\SaveAs\jekkpgkmligmonmkllcjpahndpaikehe.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kojmajjbkkijmngajnggjdodmmbbclne] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home70\ch\MediaWatchV1home70.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pnmpmcjaffaejmbfanaclhjcelblkapl] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha53\ch\MediaViewerV1alpha53.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-05] (Hewlett-Packard) [File not signed]
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-09] (Portrait Displays, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-11-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 19:29 - 2014-12-03 19:30 - 00023706 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-12-03 19:28 - 2014-12-03 19:29 - 00000000 ____D () C:\FRST
2014-12-03 19:28 - 2014-12-03 19:28 - 02117632 _____ (Farbar) C:\Users\Jason\Downloads\FRST64(1).exe
2014-12-03 19:25 - 2014-12-03 19:25 - 02117632 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-12-03 19:09 - 2014-12-03 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-25 07:30 - 2014-11-26 17:51 - 00000000 __SHD () C:\Users\Jason\Documents\Adobe AIR
2014-11-21 16:08 - 2014-11-23 21:53 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-21 08:22 - 2014-11-21 08:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\620A44F7.sys
2014-11-19 18:49 - 2014-12-02 09:32 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJason
2014-11-19 18:49 - 2014-12-02 09:32 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJason.job
2014-11-19 16:01 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:01 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:01 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:01 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 06:05 - 2014-10-25 20:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-16 06:05 - 2014-10-25 20:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-16 06:05 - 2014-10-25 20:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-16 06:05 - 2014-10-25 20:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-16 06:05 - 2014-10-25 20:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-16 06:05 - 2014-10-25 20:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-16 06:05 - 2014-10-25 20:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-16 06:05 - 2014-10-25 19:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-16 06:05 - 2014-10-25 19:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-16 06:05 - 2014-10-25 19:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-16 06:05 - 2014-10-25 19:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-16 06:05 - 2014-10-25 19:34 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-16 06:05 - 2014-10-25 19:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-16 06:05 - 2014-10-25 19:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-16 06:05 - 2014-10-25 19:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-16 06:04 - 2014-10-25 20:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-16 06:04 - 2014-10-25 20:56 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-16 06:04 - 2014-10-25 20:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-16 06:04 - 2014-10-25 20:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-16 06:04 - 2014-10-25 20:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-16 06:04 - 2014-10-25 20:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-16 06:04 - 2014-10-25 19:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-16 06:04 - 2014-10-25 19:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-16 06:04 - 2014-10-25 19:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-16 06:04 - 2014-10-25 19:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-16 06:04 - 2014-10-25 19:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-16 06:04 - 2014-10-25 19:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-16 06:04 - 2014-10-25 18:22 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-16 06:04 - 2014-10-25 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-15 13:10 - 2014-11-15 13:40 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Mozilla
2014-11-15 13:10 - 2014-11-15 13:10 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-15 13:10 - 2014-11-15 13:10 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-15 13:10 - 2014-11-15 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-15 12:59 - 2014-11-15 13:01 - 00244120 _____ () C:\Users\Jason\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-14 16:39 - 2014-11-14 16:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 16:38 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 16:32 - 2014-11-14 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-14 16:23 - 2014-11-14 16:23 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-14 16:23 - 2014-11-14 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-14 16:22 - 2014-11-14 16:22 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-14 16:22 - 2014-11-14 16:22 - 00000000 ____D () C:\Program Files\iTunes
2014-11-14 16:22 - 2014-11-14 16:22 - 00000000 ____D () C:\Program Files\iPod
2014-11-14 16:22 - 2014-11-14 16:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-14 13:11 - 2014-11-21 10:25 - 00000000 ____D () C:\ProgramData\YacuvAxips
2014-11-14 13:10 - 2014-11-14 13:10 - 00000000 ____D () C:\ProgramData\SozvAtaja
2014-11-13 12:22 - 2014-11-21 10:25 - 00000000 ____D () C:\ProgramData\OiyliYaceq
2014-11-13 00:34 - 2014-11-13 00:34 - 00000274 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-11-13 00:33 - 2014-11-13 00:33 - 00000274 _____ () C:\Users\Jason\DECRYPT_INSTRUCTION.URL
2014-11-12 07:59 - 2014-11-12 07:59 - 00000274 _____ () C:\Users\Jason\Downloads\DECRYPT_INSTRUCTION.URL
2014-11-12 07:58 - 2014-11-12 07:58 - 00000274 _____ () C:\Users\Jason\Documents\DECRYPT_INSTRUCTION.URL
2014-11-12 07:44 - 2014-11-12 07:44 - 00000000 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-12 07:44 - 2014-11-12 07:44 - 00000000 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-12 07:23 - 2014-11-12 07:23 - 00000000 __SHD () C:\Users\Jason\AppData\Local\EmieBrowserModeList
2014-11-11 19:27 - 2014-11-12 07:28 - 00000274 _____ () C:\Users\Jason\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 19:27 - 2014-11-12 07:28 - 00000274 _____ () C:\Users\Jason\AppData\DECRYPT_INSTRUCTION.URL
2014-11-11 19:22 - 2014-11-11 19:22 - 00000272 _____ () C:\Users\Jason\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-11 19:20 - 2014-11-12 07:44 - 00000274 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-11 19:19 - 2014-11-12 12:28 - 00000256 ____H () C:\ProgramData\@system3.att
2014-11-11 19:18 - 2014-11-21 10:25 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\FrameworkUpdate7
2014-11-11 19:18 - 2014-11-12 12:28 - 00000520 _____ () C:\ProgramData\@system.temp
2014-11-11 19:18 - 2014-11-11 19:18 - 00000896 ____H () C:\Users\Jason\AppData\Roaming\麽鎒駓覜
2014-11-11 19:17 - 2014-12-01 19:57 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-11 18:04 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:04 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 18:04 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 18:04 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 18:04 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:04 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 18:04 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 18:04 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 18:04 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 18:00 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 18:00 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 18:00 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 18:00 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 18:00 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 18:00 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:00 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 18:00 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 18:00 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 18:00 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 18:00 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 18:00 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 18:00 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 18:00 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 18:00 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 17:59 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 17:59 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 17:59 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 17:59 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 17:59 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 17:59 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 17:59 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 17:59 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 17:59 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 17:59 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 17:59 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 17:59 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 17:59 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 17:59 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 17:59 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 17:59 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 17:59 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 17:59 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-05 19:16 - 2014-11-05 19:16 - 00000000 ____D () C:\Users\Jason\AppData\Local\Sonic_Solutions
2014-11-05 19:16 - 2014-11-05 19:16 - 00000000 ____D () C:\ProgramData\Roxio

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 19:02 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 19:02 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 19:00 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 18:57 - 2011-09-19 20:18 - 01229348 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 18:56 - 2014-10-14 15:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 18:56 - 2012-04-24 08:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 18:56 - 2009-07-13 23:51 - 00057573 _____ () C:\Windows\setupact.log
2014-12-03 18:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 17:33 - 2014-03-30 05:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c05f8af6590.job
2014-12-03 08:58 - 2010-11-20 22:47 - 00733298 _____ () C:\Windows\PFRO.log
2014-12-03 07:59 - 2011-04-28 23:05 - 00000000 ____D () C:\Windows\PCHEALTH
2014-11-30 19:14 - 2011-09-23 10:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2014-11-30 16:08 - 2011-09-19 20:19 - 00000000 ____D () C:\Users\Jason
2014-11-26 18:59 - 2012-12-04 12:22 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJASON-HP$
2014-11-26 18:59 - 2012-12-04 12:22 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForJASON-HP$.job
2014-11-26 17:42 - 2013-12-11 19:11 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 21:30 - 2013-08-27 01:48 - 00000000 ____D () C:\Users\Jason\Desktop\Jason resumes
2014-11-23 09:49 - 2013-08-17 09:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-23 09:49 - 2011-04-28 23:06 - 00000000 ____D () C:\Windows\en
2014-11-21 10:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache
2014-11-16 20:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 13:10 - 2014-05-19 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-15 12:44 - 2011-09-25 18:36 - 00000000 ____D () C:\Users\Jason\AppData\Local\Apple Computer
2014-11-15 10:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-15 10:19 - 2011-09-28 09:27 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\SoftGrid Client
2014-11-14 16:22 - 2014-03-27 17:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-14 16:22 - 2011-09-25 18:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-14 13:28 - 2014-03-30 05:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4c05f8af6590
2014-11-14 13:27 - 2012-04-24 08:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 00:33 - 2012-01-17 12:43 - 00000000 ____D () C:\Users\Jason\Winter fun activities
2014-11-12 21:44 - 2013-06-04 10:42 - 00000000 ____D () C:\Users\Jason\Desktop\Alison's Resume
2014-11-12 13:13 - 2011-09-19 20:23 - 00113832 _____ () C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 13:05 - 2013-08-27 01:50 - 00000000 ____D () C:\Users\Jason\Desktop\Stuff
2014-11-12 13:05 - 2012-03-03 17:03 - 00000000 ____D () C:\Users\Jason\Desktop\TAXES
2014-11-12 07:55 - 2012-05-29 13:46 - 00000000 ____D () C:\Users\Jason\Documents\mari_david
2014-11-12 07:55 - 2011-12-13 20:02 - 00000000 ___SD () C:\Users\Jason\Documents\My Data Sources
2014-11-12 07:54 - 2012-01-24 20:48 - 00000000 ____D () C:\Users\Jason\Documents\ENG 111 WI201 E5 auto grade sheets
2014-11-12 07:54 - 2012-01-24 20:41 - 00000000 ____D () C:\Users\Jason\Documents\ENG 111 WI 2012 E5
2014-11-12 07:44 - 2012-03-03 17:07 - 00000000 ____D () C:\ProgramData\Intuit
2014-11-12 07:30 - 2012-08-13 09:02 - 00000000 ____D () C:\Users\Jason\Documents\ENG 111 SU 2012
2014-11-12 07:21 - 2009-07-13 23:45 - 00423168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 19:43 - 2011-11-29 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 19:31 - 2013-08-27 01:58 - 00000000 ____D () C:\Users\Jason\Desktop\Jordyn
2014-11-11 19:29 - 2013-08-27 01:55 - 00000000 ____D () C:\Users\Jason\Desktop\Football
2014-11-11 19:29 - 2012-03-09 16:47 - 00000000 ____D () C:\Users\Jason\Desktop\Baseball
2014-11-11 19:27 - 2013-07-19 09:30 - 00000000 ____D () C:\Users\Jason\Desktop\7-19-2013 iPhone edited
2014-11-11 19:27 - 2011-12-29 21:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Preferences
2014-11-11 19:26 - 2012-04-06 11:32 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Babylon
2014-11-11 19:26 - 2011-12-13 21:09 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\com.Shutterfly.ExpressUploader
2014-11-11 19:26 - 2011-09-25 18:36 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Apple Computer
2014-11-11 19:23 - 2011-09-19 20:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Adobe
2014-11-11 19:22 - 2012-05-03 13:18 - 00000000 ____D () C:\Users\Jason\AppData\Local\Yahoo!
2014-11-11 19:21 - 2014-04-01 18:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\Intuit
2014-11-11 19:21 - 2011-09-19 20:19 - 00000000 ____D () C:\Users\Jason\AppData\Local\Hewlett-Packard
2014-11-11 19:20 - 2012-04-24 08:36 - 00000000 ____D () C:\Users\Jason\AppData\Local\Google
2014-11-11 19:20 - 2012-04-06 11:32 - 00000000 ____D () C:\Users\Jason\AppData\Local\Babylon
2014-11-11 19:20 - 2011-04-28 22:53 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-11-11 19:20 - 2011-04-28 22:45 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-11 19:19 - 2011-04-28 22:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 08:38 - 2014-02-17 11:14 - 00013616 _____ () C:\Users\Jason\Desktop\Bills.xlsx

Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\65175uninstall.exe
C:\Users\Jason\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-28 11:32

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Jason at 2014-12-03 19:30:39
Running from C:\Users\Jason\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.03.021 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Apps Center (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{3D5771E2-EF71-4765-A96F-B80E9DFA3FE9}) (Version: 1.0.4025.15222 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4913 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.4913 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1513D}) (Version: 3.0.4024.33750 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.4928 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3603 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.6 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
R.U.S.E. for TouchSmart (HKLM-x32\...\{E6753FCB-B508-4C74-9686-17032281AF38}_is1) (Version: 1.0.0.0 - Ubisoft)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SaveAs (HKLM-x32\...\{16726771-C380-4280-BAF9-1223B3838786}) (Version:  - SaveAs) <==== ATTENTION
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-3574012919-3848534332-1689751217-1001\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3574012919-3848534332-1689751217-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

03-12-2014 18:03:56 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04F8D8EF-E93A-4E62-8A30-AB7D8504AB29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {1DCE7ED3-F925-4841-A3A1-53B1B1E240DC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {261EB5EA-79B8-4AF2-95EE-6A531C047A94} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4c05f8af6590 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {3EC06EEE-9ABB-41C7-8655-81E3BD5C33DE} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {42A9169B-B3A9-4A0C-8EFF-666424E6D8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4E2F71BB-B739-49F8-B765-5B2737DBAC4B} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {6ABCA3AB-D5BA-4E29-8A09-C76637AEC16D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-12-03] (CyberLink)
Task: {6DF0CA74-539F-49AC-9FB6-EB3CB9EC0076} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6E619CE6-0504-41EC-93E5-9DAA66EFDE17} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-01-18] (Microsoft)
Task: {C276C07A-B73F-48B2-B516-6047231E04DD} - System32\Tasks\HPCeeScheduleForJason => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {D144B285-E9D1-4161-9179-19819B6AEC41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {F3D4FA5C-122F-46F6-BF4C-DB280A5C6213} - System32\Tasks\HPCeeScheduleForJASON-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c05f8af6590.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJASON-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJason.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-12-21 17:26 - 2010-12-21 17:26 - 00444200 ____N () C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-15 13:10 - 2014-11-13 21:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: ccEvtMgr => 2
MSCONFIG\Services: ccSetMgr => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdate => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: SmcService => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Symantec AntiVirus => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP KEYBOARDx => "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3574012919-3848534332-1689751217-500 - Administrator - Disabled)
Guest (S-1-5-21-3574012919-3848534332-1689751217-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3574012919-3848534332-1689751217-1002 - Limited - Enabled)
Jason (S-1-5-21-3574012919-3848534332-1689751217-1001 - Administrator - Enabled) => C:\Users\Jason

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 07:05:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (12/03/2014 06:53:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 05:12:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 04:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 04:58:27 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3920) WebCacheLocal: Database recovery/restore failed with unexpected error -501.

Error: (12/03/2014 09:00:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 08:01:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 07:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 07:34:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (12/02/2014 07:03:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/03/2014 06:57:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 06:56:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%1053

Error: (12/03/2014 06:56:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

Error: (12/03/2014 06:53:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/03/2014 06:52:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:25:18 PM on ‎12/‎3/‎2014 was unexpected.

Error: (12/03/2014 05:39:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7323885B-407F-4839-9695-96F545FF6286}

Error: (12/03/2014 05:37:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/03/2014 05:35:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/03/2014 05:33:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/03/2014 05:31:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/03/2014 07:05:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (12/03/2014 06:53:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 05:12:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 04:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 04:58:27 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost3920WebCacheLocal: -501

Error: (12/03/2014 09:00:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 08:01:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 07:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 07:34:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (12/02/2014 07:03:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 76%
Total physical RAM: 4006.76 MB
Available physical RAM: 947.91 MB
Total Pagefile: 8257.9 MB
Available Pagefile: 4421.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:679.18 GB) (Free:465.89 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:19.35 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (Lexar) (Removable) (Total:59.61 GB) (Free:59.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: AABCE272)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=679.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 59.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

Here are the log reports from what you told me to do:

GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-12-04 18:24:24Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375052 rev.HP40 698.64GBRunning: ofwphz3v.exe; Driver: C:\Users\Jason\AppData\Local\Temp\pgtiypog.sys---- Threads - GMER 2.1 ----Thread  C:\Windows\system32\svchost.exe [968:8772]                                                                                                   000007fefc054af4Thread  C:\Windows\system32\svchost.exe [968:16024]                                                                                                  000007fef1fd2154Thread  C:\Windows\system32\svchost.exe [968:6080]                                                                                                   000007fefc054af4Thread  C:\Windows\System32\svchost.exe [320:1112]                                                                                                   000007fefb432070Thread  C:\Windows\System32\svchost.exe [320:1120]                                                                                                   000007fefb105428Thread  C:\Windows\System32\svchost.exe [320:3416]                                                                                                   000007fef5546b8cThread  C:\Windows\System32\svchost.exe [320:4076]                                                                                                   000007fef5541d88Thread  C:\Windows\system32\svchost.exe [512:1252]                                                                                                   000007fefa101e00Thread  C:\Windows\system32\svchost.exe [512:1344]                                                                                                   000007fef9a21a50Thread  C:\Windows\system32\svchost.exe [512:1696]                                                                                                   000007fefc8a1a70Thread  C:\Windows\system32\svchost.exe [512:2536]                                                                                                   000007fefc8a1a70Thread  C:\Windows\system32\svchost.exe [512:4688]                                                                                                   000007fef6581ab0Thread  C:\Windows\system32\svchost.exe [512:5404]                                                                                                   000007fef571506cThread  C:\Windows\system32\svchost.exe [512:5412]                                                                                                   000007fef70a1c20Thread  C:\Windows\system32\svchost.exe [512:5424]                                                                                                   000007fef70a1c20Thread  C:\Windows\system32\svchost.exe [512:4040]                                                                                                   000007fef84f5124Thread  C:\Windows\system32\svchost.exe [512:11956]                                                                                                  000007fef8334164Thread  C:\Windows\system32\svchost.exe [1080:456]                                                                                                   000007fef877bd88Thread  C:\Windows\system32\svchost.exe [1080:5428]                                                                                                  000007fef5c45170Thread  C:\Windows\system32\svchost.exe [1080:5856]                                                                                                  000007fef84f5124Thread  C:\Windows\System32\spoolsv.exe [1440:2348]                                                                                                  000007fef74010c8Thread  C:\Windows\System32\spoolsv.exe [1440:2620]                                                                                                  000007fef72c6144Thread  C:\Windows\System32\spoolsv.exe [1440:2648]                                                                                                  000007fef8dc5fd0Thread  C:\Windows\System32\spoolsv.exe [1440:2532]                                                                                                  000007fef73c3438Thread  C:\Windows\System32\spoolsv.exe [1440:2084]                                                                                                  000007fef8dc63ecThread  C:\Windows\System32\spoolsv.exe [1440:2508]                                                                                                  000007fef73c3438Thread  C:\Windows\System32\spoolsv.exe [1440:2520]                                                                                                  000007fef8dc63ecThread  C:\Windows\System32\spoolsv.exe [1440:2796]                                                                                                  000007fef74c5e5cThread  C:\Windows\System32\spoolsv.exe [1440:3068]                                                                                                  000007fef7195074Thread  C:\Windows\System32\spoolsv.exe [1440:2356]                                                                                                  000007fef71f4834Thread  C:\Windows\System32\spoolsv.exe [1440:3432]                                                                                                  000007fef7202288Thread  C:\Windows\system32\svchost.exe [1640:1744]                                                                                                  000007fef8dc5fd0Thread  C:\Windows\system32\svchost.exe [1640:1748]                                                                                                  000007fef8dc63ecThread  C:\Windows\system32\svchost.exe [1640:5552]                                                                                                  000007fef82b8470Thread  C:\Windows\system32\svchost.exe [1640:5844]                                                                                                  000007fef82c2418Thread  C:\Windows\system32\svchost.exe [1640:4036]                                                                                                  000007fef228f130Thread  C:\Windows\System32\svchost.exe [5112:4308]                                                                                                  000007fef47c9688Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2580:3388]                                                                               000007fefadc2bf8Thread  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [3132:3156]                                                                    000007fefadc2bf8Thread  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [3132:3804]                                                                    000007feedf012a4Thread  C:\Windows\syswow64\dllhost.exe [2120:4632]                                                                                                  0000000075d412e5Thread  C:\Windows\syswow64\dllhost.exe [2120:4320]                                                                                                  0000000075d412e5Thread  C:\Windows\syswow64\dllhost.exe [2120:5084]                                                                                                  0000000075d412e5Thread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:8124]                                                                    000000005b221ce8Thread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:10620]                                                                   000000005b21faecThread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:6188]                                                                    000000005b221ce8Thread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:5752]                                                                    000000005b221ce8Thread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:10016]                                                                   000000005b221ce8Thread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:13528]                                                                   000000006e1a784bThread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:10144]                                                                   000000005b797152Thread  C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [16100:7260]                                                                    0000000070bd46faThread  C:\Windows\syswow64\dllhst3g.exe [15940:12132]                                                                                               0000000077282e65Thread  C:\Windows\syswow64\dllhst3g.exe [15940:9752]                                                                                                0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:15464]                                                                                               0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:5864]                                                                                                0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:9112]                                                                                                00000000760c20ceThread  C:\Windows\syswow64\dllhst3g.exe [15940:6304]                                                                                                0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:14884]                                                                                               0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:18600]                                                                                               0000000071d462eeThread  C:\Windows\syswow64\dllhst3g.exe [15940:16532]                                                                                               000000006811e0c1Thread  C:\Windows\syswow64\dllhst3g.exe [15940:12112]                                                                                               0000000067cbee9eThread  C:\Windows\syswow64\dllhst3g.exe [15940:5432]                                                                                                0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:10384]                                                                                               0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:276]                                                                                                 0000000067cbee9eThread  C:\Windows\syswow64\dllhst3g.exe [15940:13676]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:9360]                                                                                                0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:14076]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:19076]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:13508]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:15652]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:16464]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:12432]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:18652]                                                                                               0000000067cbee9eThread  C:\Windows\syswow64\dllhst3g.exe [15940:19400]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:19244]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:11928]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:12796]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:14256]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:17312]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:7216]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:14032]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:17112]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:9860]                                                                                                00000000679d8066Thread  C:\Windows\syswow64\dllhst3g.exe [15940:3828]                                                                                                0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:6332]                                                                                                0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:18632]                                                                                               0000000075d412e5Thread  C:\Windows\syswow64\dllhst3g.exe [15940:5012]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:15496]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:19128]                                                                                               00000000749180ebThread  C:\Windows\syswow64\dllhst3g.exe [15940:8476]                                                                                                0000000077287151Thread  C:\Windows\syswow64\dllhst3g.exe [15940:18648]                                                                                               00000000745527e1Thread  C:\Windows\syswow64\dllhst3g.exe [15940:18976]                                                                                               00000000528078a4Thread  C:\Windows\syswow64\dllhst3g.exe [15940:16048]                                                                                               0000000052b3a0b0Thread  C:\Windows\syswow64\dllhst3g.exe [15940:17412]                                                                                               0000000067cbee9eThread  C:\Windows\syswow64\dllhst3g.exe [15940:7524]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:12072]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:6852]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:7400]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:19248]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:8216]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:17384]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:10472]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:15388]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:1528]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:5736]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:14020]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:18552]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:12160]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:10320]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:16832]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:4268]                                                                                                0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:17176]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:7132]                                                                                                0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:12004]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:4356]                                                                                                0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:19068]                                                                                               0000000077283e85Thread  C:\Windows\syswow64\dllhst3g.exe [15940:18124]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:15172]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:7440]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:19436]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:4108]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:4988]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:17728]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:8676]                                                                                                00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:14536]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:18880]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:17288]                                                                                               00000000528006abThread  C:\Windows\syswow64\dllhst3g.exe [15940:4104]                                                                                                00000000528006ab---- Registry - GMER 2.1 ----Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E83157E9-9476-4729-B8D0-EAA492EBA638}\Connection@Name  isatap.{6A7ABBA8-A18C-4D42-9514-45882BF89A27}Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{9C169740-02A7-4C2A-8957-67F597D44610}?\Device\{E83157E9-9476-4729-B8D0-EAA492EBA638}?\Device\{FB39B9B9-7D0C-47AA-AE83-82150D1C8DED}?\Device\{ABFA8AC8-710D-4664-8768-F75772167332}?Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{9C169740-02A7-4C2A-8957-67F597D44610}"?"{E83157E9-9476-4729-B8D0-EAA492EBA638}"?"{FB39B9B9-7D0C-47AA-AE83-82150D1C8DED}"?"{ABFA8AC8-710D-4664-8768-F75772167332}"?Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{9C169740-02A7-4C2A-8957-67F597D44610}?\Device\TCPIP6TUNNEL_{E83157E9-9476-4729-B8D0-EAA492EBA638}?\Device\TCPIP6TUNNEL_{FB39B9B9-7D0C-47AA-AE83-82150D1C8DED}?\Device\TCPIP6TUNNEL_{ABFA8AC8-710D-4664-8768-F75772167332}?Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E83157E9-9476-4729-B8D0-EAA492EBA638}@InterfaceName                       isatap.{6A7ABBA8-A18C-4D42-9514-45882BF89A27}Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E83157E9-9476-4729-B8D0-EAA492EBA638}@ReusableType                        0Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\a4-7a-a4-1d-eb-20@ClientLocalPort                                       60916Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\a4-7a-a4-1d-eb-20@TeredoAddress                                         2001:0:5ef5:79fb:3cb0:120b:9cec:ab51Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                              66805Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                             33067---- Disk sectors - GMER 2.1 ----Disk    \Device\Harddisk0\DR0                                                                                                                        unknown MBR code---- EOF - GMER 2.1 ----
18:30:12.0346 0x1a78  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:3418:30:24.0881 0x1a78  ============================================================18:30:24.0881 0x1a78  Current date / time: 2014/12/04 18:30:24.088118:30:24.0881 0x1a78  SystemInfo:18:30:24.0881 0x1a78  18:30:24.0881 0x1a78  OS Version: 6.1.7601 ServicePack: 1.018:30:24.0881 0x1a78  Product type: Workstation18:30:24.0882 0x1a78  ComputerName: JASON-HP18:30:24.0882 0x1a78  UserName: Jason18:30:24.0882 0x1a78  Windows directory: C:\Windows18:30:24.0882 0x1a78  System windows directory: C:\Windows18:30:24.0882 0x1a78  Running under WOW6418:30:24.0882 0x1a78  Processor architecture: Intel x6418:30:24.0882 0x1a78  Number of processors: 418:30:24.0882 0x1a78  Page size: 0x100018:30:24.0882 0x1a78  Boot type: Normal boot18:30:24.0882 0x1a78  ============================================================18:30:25.0273 0x1a78  KLMD registered as C:\Windows\system32\drivers\69480915.sys18:30:25.0508 0x1a78  System UUID: {1F59777A-B139-1E30-95DE-58163E3E10E5}18:30:25.0840 0x1a78  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004018:30:25.0850 0x1a78  Drive \Device\Harddisk2\DR2 - Size: 0xEE8000000 ( 59.63 Gb ), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'18:30:25.0852 0x1a78  ============================================================18:30:25.0852 0x1a78  \Device\Harddisk0\DR0:18:30:25.0852 0x1a78  MBR partitions:18:30:25.0852 0x1a78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200018:30:25.0852 0x1a78  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x54E5E80018:30:25.0852 0x1a78  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54E91000, BlocksNum 0x26B480018:30:25.0852 0x1a78  \Device\Harddisk2\DR2:18:30:25.0852 0x1a78  MBR partitions:18:30:25.0852 0x1a78  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x773FFE018:30:25.0853 0x1a78  ============================================================18:30:25.0869 0x1a78  C: <-> \Device\Harddisk0\DR0\Partition218:30:25.0917 0x1a78  D: <-> \Device\Harddisk0\DR0\Partition318:30:25.0917 0x1a78  ============================================================18:30:25.0917 0x1a78  Initialize success18:30:25.0917 0x1a78  ============================================================18:30:38.0910 0x1280  ============================================================18:30:38.0910 0x1280  Scan started18:30:38.0910 0x1280  Mode: Manual; 18:30:38.0910 0x1280  ============================================================18:30:38.0910 0x1280  KSN ping started18:30:50.0955 0x1280  KSN ping finished: true18:30:54.0572 0x1280  ================ Scan system memory ========================18:30:54.0572 0x1280  System memory - ok18:30:54.0572 0x1280  ================ Scan services =============================18:30:54.0692 0x1280  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys18:30:54.0702 0x1280  1394ohci - ok18:30:54.0752 0x1280  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys18:30:54.0752 0x1280  ACPI - ok18:30:54.0772 0x1280  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys18:30:54.0772 0x1280  AcpiPmi - ok18:30:54.0862 0x1280  [ 62B7936F9036DD6ED36E6A7EFA805DC0, C58EA1B46CB3595386C9217A7785F2A436916FB1E0BDC0E4BE484292C55AA455 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe18:30:54.0872 0x1280  AdobeARMservice - ok18:30:54.0912 0x1280  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys18:30:54.0932 0x1280  adp94xx - ok18:30:54.0982 0x1280  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys18:30:54.0992 0x1280  adpahci - ok18:30:55.0002 0x1280  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys18:30:55.0012 0x1280  adpu320 - ok18:30:55.0032 0x1280  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll18:30:55.0032 0x1280  AeLookupSvc - ok18:30:55.0072 0x1280  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe18:30:55.0082 0x1280  AESTFilters - ok18:30:55.0132 0x1280  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys18:30:55.0142 0x1280  AFD - ok18:30:55.0162 0x1280  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys18:30:55.0162 0x1280  agp440 - ok18:30:55.0172 0x1280  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe18:30:55.0182 0x1280  ALG - ok18:30:55.0202 0x1280  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys18:30:55.0212 0x1280  aliide - ok18:30:55.0242 0x1280  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys18:30:55.0242 0x1280  amdide - ok18:30:55.0252 0x1280  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys18:30:55.0262 0x1280  AmdK8 - ok18:30:55.0262 0x1280  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys18:30:55.0272 0x1280  AmdPPM - ok18:30:55.0292 0x1280  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys18:30:55.0292 0x1280  amdsata - ok18:30:55.0312 0x1280  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys18:30:55.0322 0x1280  amdsbs - ok18:30:55.0332 0x1280  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys18:30:55.0332 0x1280  amdxata - ok18:30:55.0352 0x1280  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys18:30:55.0352 0x1280  AppID - ok18:30:55.0372 0x1280  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll18:30:55.0372 0x1280  AppIDSvc - ok18:30:55.0402 0x1280  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll18:30:55.0402 0x1280  Appinfo - ok18:30:55.0470 0x1280  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe18:30:55.0470 0x1280  Apple Mobile Device - ok18:30:55.0470 0x1280  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys18:30:55.0470 0x1280  arc - ok18:30:55.0490 0x1280  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys18:30:55.0490 0x1280  arcsas - ok18:30:55.0560 0x1280  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe18:30:55.0590 0x1280  aspnet_state - ok18:30:55.0610 0x1280  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys18:30:55.0620 0x1280  AsyncMac - ok18:30:55.0630 0x1280  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys18:30:55.0630 0x1280  atapi - ok18:30:55.0680 0x1280  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll18:30:55.0690 0x1280  AudioEndpointBuilder - ok18:30:55.0710 0x1280  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll18:30:55.0720 0x1280  AudioSrv - ok18:30:55.0750 0x1280  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll18:30:55.0750 0x1280  AxInstSV - ok18:30:55.0780 0x1280  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys18:30:55.0790 0x1280  b06bdrv - ok18:30:55.0810 0x1280  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys18:30:55.0820 0x1280  b57nd60a - ok18:30:55.0830 0x1280  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll18:30:55.0840 0x1280  BDESVC - ok18:30:55.0850 0x1280  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys18:30:55.0850 0x1280  Beep - ok18:30:55.0890 0x1280  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll18:30:55.0900 0x1280  BFE - ok18:30:55.0950 0x1280  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll18:30:56.0000 0x1280  BITS - ok18:30:56.0020 0x1280  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys18:30:56.0030 0x1280  blbdrive - ok18:30:56.0130 0x1280  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe18:30:56.0150 0x1280  Bonjour Service - ok18:30:56.0160 0x1280  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys18:30:56.0170 0x1280  bowser - ok18:30:56.0180 0x1280  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys18:30:56.0190 0x1280  BrFiltLo - ok18:30:56.0200 0x1280  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys18:30:56.0210 0x1280  BrFiltUp - ok18:30:56.0240 0x1280  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll18:30:56.0250 0x1280  Browser - ok18:30:56.0270 0x1280  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys18:30:56.0280 0x1280  Brserid - ok18:30:56.0300 0x1280  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys18:30:56.0300 0x1280  BrSerWdm - ok18:30:56.0320 0x1280  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys18:30:56.0320 0x1280  BrUsbMdm - ok18:30:56.0330 0x1280  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys18:30:56.0340 0x1280  BrUsbSer - ok18:30:56.0350 0x1280  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys18:30:56.0350 0x1280  BTHMODEM - ok18:30:56.0370 0x1280  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll18:30:56.0380 0x1280  bthserv - ok18:30:56.0430 0x1280  [ C2600EA81C3E0A9B55FD91A55FDB2307, 1DB65E10E95D2A3C81BD87A743C363CC1262D68834AF2E950DDC8E05B33A522C ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe18:30:56.0440 0x1280  CalendarSynchService - ok18:30:56.0470 0x1280  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys18:30:56.0470 0x1280  cdfs - ok18:30:56.0500 0x1280  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys18:30:56.0500 0x1280  cdrom - ok18:30:56.0510 0x1280  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll18:30:56.0520 0x1280  CertPropSvc - ok18:30:56.0560 0x1280  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\Windows\system32\drivers\cfwids.sys18:30:56.0560 0x1280  cfwids - ok18:30:56.0590 0x1280  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys18:30:56.0590 0x1280  circlass - ok18:30:56.0610 0x1280  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys18:30:56.0620 0x1280  CLFS - ok18:30:56.0690 0x1280  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe18:30:56.0700 0x1280  clr_optimization_v2.0.50727_32 - ok18:30:56.0740 0x1280  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe18:30:56.0740 0x1280  clr_optimization_v2.0.50727_64 - ok18:30:56.0810 0x1280  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe18:30:56.0900 0x1280  clr_optimization_v4.0.30319_32 - ok18:30:56.0910 0x1280  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe18:30:56.0950 0x1280  clr_optimization_v4.0.30319_64 - ok18:30:56.0990 0x1280  [ D68D9F4D53010B7E84D4E80A2E485554, B39D7F5737BE7C8EF6BC33595FE4538A90374E148B39BDC618163CBC30719883 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys18:30:57.0000 0x1280  clwvd - ok18:30:57.0021 0x1280  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys18:30:57.0021 0x1280  CmBatt - ok18:30:57.0051 0x1280  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys18:30:57.0051 0x1280  cmdide - ok18:30:57.0101 0x1280  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys18:30:57.0111 0x1280  CNG - ok18:30:57.0121 0x1280  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys18:30:57.0121 0x1280  Compbatt - ok18:30:57.0131 0x1280  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys18:30:57.0141 0x1280  CompositeBus - ok18:30:57.0151 0x1280  COMSysApp - ok18:30:57.0161 0x1280  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys18:30:57.0161 0x1280  crcdisk - ok18:30:57.0201 0x1280  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll18:30:57.0201 0x1280  CryptSvc - ok18:30:57.0271 0x1280  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE18:30:57.0291 0x1280  cvhsvc - ok18:30:57.0351 0x1280  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll18:30:57.0361 0x1280  DcomLaunch - ok18:30:57.0391 0x1280  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll18:30:57.0401 0x1280  defragsvc - ok18:30:57.0421 0x1280  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys18:30:57.0431 0x1280  DfsC - ok18:30:57.0451 0x1280  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll18:30:57.0461 0x1280  Dhcp - ok18:30:57.0471 0x1280  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys18:30:57.0471 0x1280  discache - ok18:30:57.0491 0x1280  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys18:30:57.0501 0x1280  Disk - ok18:30:57.0521 0x1280  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll18:30:57.0521 0x1280  Dnscache - ok18:30:57.0541 0x1280  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll18:30:57.0541 0x1280  dot3svc - ok18:30:57.0561 0x1280  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll18:30:57.0571 0x1280  DPS - ok18:30:57.0611 0x1280  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys18:30:57.0611 0x1280  drmkaud - ok18:30:57.0691 0x1280  [ 0B76F56F2702BF482C3BF89A61D29812, F9A9D696183CC72B7BA0C3462E8D1D0A2989C7138500F8F17B417498C6CAC623 ] DTSRVC          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe18:30:57.0701 0x1280  DTSRVC - ok18:30:57.0751 0x1280  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys18:30:57.0771 0x1280  DXGKrnl - ok18:30:57.0781 0x1280  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll18:30:57.0781 0x1280  EapHost - ok18:30:57.0891 0x1280  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys18:30:58.0021 0x1280  ebdrv - ok18:30:58.0061 0x1280  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe18:30:58.0061 0x1280  EFS - ok18:30:58.0131 0x1280  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe18:30:58.0141 0x1280  ehRecvr - ok18:30:58.0201 0x1280  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe18:30:58.0201 0x1280  ehSched - ok18:30:58.0241 0x1280  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys18:30:58.0251 0x1280  elxstor - ok18:30:58.0291 0x1280  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys18:30:58.0291 0x1280  ErrDev - ok18:30:58.0321 0x1280  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll18:30:58.0321 0x1280  EventSystem - ok18:30:58.0351 0x1280  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys18:30:58.0361 0x1280  exfat - ok18:30:58.0381 0x1280  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys18:30:58.0381 0x1280  fastfat - ok18:30:58.0411 0x1280  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe18:30:58.0431 0x1280  Fax - ok18:30:58.0451 0x1280  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys18:30:58.0451 0x1280  fdc - ok18:30:58.0461 0x1280  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll18:30:58.0461 0x1280  fdPHost - ok18:30:58.0471 0x1280  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll18:30:58.0471 0x1280  FDResPub - ok18:30:58.0481 0x1280  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys18:30:58.0481 0x1280  FileInfo - ok18:30:58.0491 0x1280  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys18:30:58.0491 0x1280  Filetrace - ok18:30:58.0501 0x1280  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys18:30:58.0511 0x1280  flpydisk - ok18:30:58.0531 0x1280  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys18:30:58.0531 0x1280  FltMgr - ok18:30:58.0601 0x1280  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll18:30:58.0621 0x1280  FontCache - ok18:30:58.0651 0x1280  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe18:30:58.0651 0x1280  FontCache3.0.0.0 - ok18:30:58.0671 0x1280  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys18:30:58.0671 0x1280  FsDepends - ok18:30:58.0701 0x1280  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys18:30:58.0711 0x1280  Fs_Rec - ok18:30:58.0751 0x1280  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys18:30:58.0751 0x1280  fvevol - ok18:30:58.0771 0x1280  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys18:30:58.0771 0x1280  gagp30kx - ok18:30:58.0821 0x1280  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe18:30:58.0821 0x1280  GamesAppService - ok18:30:58.0871 0x1280  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys18:30:58.0871 0x1280  GEARAspiWDM - ok18:30:58.0901 0x1280  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll18:30:58.0911 0x1280  gpsvc - ok18:30:59.0032 0x1280  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe18:30:59.0032 0x1280  gupdate - ok18:30:59.0042 0x1280  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe18:30:59.0042 0x1280  gupdatem - ok18:30:59.0122 0x1280  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe18:30:59.0132 0x1280  gusvc - ok18:30:59.0152 0x1280  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys18:30:59.0152 0x1280  hcw85cir - ok18:30:59.0182 0x1280  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys18:30:59.0192 0x1280  HdAudAddService - ok18:30:59.0202 0x1280  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys18:30:59.0202 0x1280  HDAudBus - ok18:30:59.0222 0x1280  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys18:30:59.0232 0x1280  HidBatt - ok18:30:59.0242 0x1280  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys18:30:59.0242 0x1280  HidBth - ok18:30:59.0252 0x1280  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys18:30:59.0252 0x1280  HidIr - ok18:30:59.0272 0x1280  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll18:30:59.0272 0x1280  hidserv - ok18:30:59.0292 0x1280  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys18:30:59.0292 0x1280  HidUsb - ok18:30:59.0332 0x1280  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys18:30:59.0342 0x1280  HipShieldK - ok18:30:59.0352 0x1280  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll18:30:59.0352 0x1280  hkmsvc - ok18:30:59.0372 0x1280  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll18:30:59.0372 0x1280  HomeGroupListener - ok18:30:59.0392 0x1280  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll18:30:59.0402 0x1280  HomeGroupProvider - ok18:30:59.0467 0x1280  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe18:30:59.0477 0x1280  HomeNetSvc - ok18:30:59.0507 0x1280  [ 45A12CACB97B4F15858FCFD59355A1E9, E4D671F1E413D1C45CC797C93FC042FEC9B0AE9F7039C82E516A410AD49100AA ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe18:30:59.0507 0x1280  HP Health Check Service - ok18:30:59.0577 0x1280  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe18:30:59.0587 0x1280  HPClientSvc - ok18:30:59.0597 0x1280  [ F55442690A70A0278A7EED4FAAEBF576, 9BE7A30A08DB05D38994B14F53C9178552DE5898DB016B171E20E3046046B296 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe18:30:59.0607 0x1280  HPDrvMntSvc.exe - ok18:30:59.0637 0x1280  [ 640E51DB253265C3EAC075866B3D2B33, 3408C908AADCA784BA7C0C044CC50B3759E2B142013D4B12B05E97A141036E15 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe18:30:59.0657 0x1280  hpqwmiex - ok18:30:59.0677 0x1280  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys18:30:59.0677 0x1280  HpSAMD - ok18:30:59.0717 0x1280  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys18:30:59.0727 0x1280  HTTP - ok18:30:59.0737 0x1280  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys18:30:59.0747 0x1280  hwpolicy - ok18:30:59.0767 0x1280  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys18:30:59.0767 0x1280  i8042prt - ok18:30:59.0797 0x1280  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\drivers\iaStor.sys18:30:59.0797 0x1280  iaStor - ok18:30:59.0827 0x1280  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys18:30:59.0837 0x1280  iaStorV - ok18:30:59.0897 0x1280  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe18:30:59.0917 0x1280  idsvc - ok18:31:00.0237 0x1280  [ EFE5A0AF39A8E179624117C521F1E012, 185BB1106E42256A6E7C63B09737A7059DD14DEA7C1D85ADF66C50D63CFDA556 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys18:31:00.0557 0x1280  igfx - ok18:31:00.0577 0x1280  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys18:31:00.0587 0x1280  iirsp - ok18:31:00.0637 0x1280  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll18:31:00.0647 0x1280  IKEEXT - ok18:31:00.0667 0x1280  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\drivers\Impcd.sys18:31:00.0667 0x1280  Impcd - ok18:31:00.0697 0x1280  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys18:31:00.0697 0x1280  intelide - ok18:31:00.0707 0x1280  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys18:31:00.0707 0x1280  intelppm - ok18:31:00.0777 0x1280  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe18:31:00.0777 0x1280  IntuitUpdateServiceV4 - ok18:31:00.0797 0x1280  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll18:31:00.0797 0x1280  IPBusEnum - ok18:31:00.0817 0x1280  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys18:31:00.0817 0x1280  IpFilterDriver - ok18:31:00.0857 0x1280  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll18:31:00.0867 0x1280  iphlpsvc - ok18:31:00.0897 0x1280  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys18:31:00.0897 0x1280  IPMIDRV - ok18:31:00.0907 0x1280  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys18:31:00.0917 0x1280  IPNAT - ok18:31:00.0987 0x1280  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe18:31:01.0007 0x1280  iPod Service - ok18:31:01.0017 0x1280  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys18:31:01.0017 0x1280  IRENUM - ok18:31:01.0027 0x1280  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys18:31:01.0027 0x1280  isapnp - ok18:31:01.0067 0x1280  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys18:31:01.0077 0x1280  iScsiPrt - ok18:31:01.0097 0x1280  [ 8D990A44B4F2B68E2C56A3724EC3EB84, 5768FC5B156FC9CEEA735C933B50ADD8AE018F5609B83634F001E847E3101ACA ] itecir          C:\Windows\system32\DRIVERS\itecir.sys18:31:01.0097 0x1280  itecir - ok18:31:01.0117 0x1280  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys18:31:01.0117 0x1280  kbdclass - ok18:31:01.0127 0x1280  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys18:31:01.0127 0x1280  kbdhid - ok18:31:01.0137 0x1280  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe18:31:01.0137 0x1280  KeyIso - ok18:31:01.0147 0x1280  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys18:31:01.0147 0x1280  KSecDD - ok18:31:01.0177 0x1280  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys18:31:01.0187 0x1280  KSecPkg - ok18:31:01.0197 0x1280  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys18:31:01.0197 0x1280  ksthunk - ok18:31:01.0217 0x1280  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll18:31:01.0227 0x1280  KtmRm - ok18:31:01.0267 0x1280  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll18:31:01.0267 0x1280  LanmanServer - ok18:31:01.0297 0x1280  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll18:31:01.0297 0x1280  LanmanWorkstation - ok18:31:01.0317 0x1280  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys18:31:01.0317 0x1280  lltdio - ok18:31:01.0337 0x1280  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll18:31:01.0347 0x1280  lltdsvc - ok18:31:01.0357 0x1280  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll18:31:01.0367 0x1280  lmhosts - ok18:31:01.0397 0x1280  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F, 9BB0A3BE7CCDF62CF0A67CB67019364965F6567BE29BA6D153B8E36F88058302 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe18:31:01.0407 0x1280  LMS - ok18:31:01.0424 0x1280  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys18:31:01.0427 0x1280  LSI_FC - ok18:31:01.0429 0x1280  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys18:31:01.0439 0x1280  LSI_SAS - ok18:31:01.0449 0x1280  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys18:31:01.0449 0x1280  LSI_SAS2 - ok18:31:01.0469 0x1280  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys18:31:01.0469 0x1280  LSI_SCSI - ok18:31:01.0479 0x1280  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys18:31:01.0479 0x1280  luafv - ok18:31:01.0519 0x1280  [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys18:31:01.0519 0x1280  MBAMProtector - ok18:31:01.0639 0x1280  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe18:31:01.0689 0x1280  MBAMScheduler - ok18:31:01.0729 0x1280  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe18:31:01.0749 0x1280  MBAMService - ok18:31:01.0809 0x1280  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys18:31:01.0809 0x1280  MBAMSwissArmy - ok18:31:01.0819 0x1280  [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys18:31:01.0829 0x1280  MBAMWebAccessControl - ok18:31:01.0909 0x1280  [ 0D2664DFF9BE7C34F20E9CEDE666C177, 285FA3A0D6C84C3DBB50E595A6963E3C5948737613F1AB4BFD8F11549425A0B2 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe18:31:01.0919 0x1280  McAfee SiteAdvisor Service - ok18:31:01.0999 0x1280  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe18:31:02.0009 0x1280  McAPExe - ok18:31:02.0029 0x1280  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe18:31:02.0039 0x1280  McMPFSvc - ok18:31:02.0049 0x1280  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe18:31:02.0049 0x1280  McNaiAnn - ok18:31:02.0129 0x1280  [ 1817FCB59F1832BC5387EC10838FC1BF, F0950EEEF5285C1C21E0C5BAFAFA44302E901EB8466427FA6AA3F1709B4D5A21 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe18:31:02.0139 0x1280  McODS - ok18:31:02.0149 0x1280  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe18:31:02.0159 0x1280  mcpltsvc - ok18:31:02.0169 0x1280  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe18:31:02.0169 0x1280  McProxy - ok18:31:02.0209 0x1280  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll18:31:02.0209 0x1280  Mcx2Svc - ok18:31:02.0219 0x1280  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys18:31:02.0229 0x1280  megasas - ok18:31:02.0249 0x1280  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys18:31:02.0259 0x1280  MegaSR - ok18:31:02.0279 0x1280  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys18:31:02.0289 0x1280  MEIx64 - ok18:31:02.0319 0x1280  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys18:31:02.0329 0x1280  mfeapfk - ok18:31:02.0339 0x1280  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys18:31:02.0349 0x1280  mfeavfk - ok18:31:02.0429 0x1280  [ C83EBEE66A2754CEE5B05699A42F728B, 1D739A505AEC1F40CC8CB86D01BDCEC0E29002A609FDA96CEF3531285E8261B9 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe18:31:02.0449 0x1280  mfecore - ok18:31:02.0469 0x1280  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe18:31:02.0469 0x1280  mfefire - ok18:31:02.0509 0x1280  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys18:31:02.0519 0x1280  mfefirek - ok18:31:02.0559 0x1280  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys18:31:02.0569 0x1280  mfehidk - ok18:31:02.0619 0x1280  [ 93712907DEE6FFBD8A4016ECBB250DCD, FB3673BA495EF1301C4BA75B457493D9B1D5AE52642A04473575CABC1EC6EDFD ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys18:31:02.0629 0x1280  mfencbdc - ok18:31:02.0649 0x1280  [ E97EE1F31F7E5349A06CE089658DA8A1, 8136155C734457E422331B3CBE67927C45FAB10B9B34789A612B58CF0E0E3BEC ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys18:31:02.0649 0x1280  mfencrk - ok18:31:02.0679 0x1280  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\Windows\system32\mfevtps.exe18:31:02.0689 0x1280  mfevtp - ok18:31:02.0699 0x1280  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys18:31:02.0709 0x1280  mfewfpk - ok18:31:02.0759 0x1280  Microsoft SharePoint Workspace Audit Service - ok18:31:02.0779 0x1280  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll18:31:02.0789 0x1280  MMCSS - ok18:31:02.0799 0x1280  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys18:31:02.0799 0x1280  Modem - ok18:31:02.0819 0x1280  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys18:31:02.0819 0x1280  monitor - ok18:31:02.0849 0x1280  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys18:31:02.0849 0x1280  mouclass - ok18:31:02.0859 0x1280  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys18:31:02.0859 0x1280  mouhid - ok18:31:02.0869 0x1280  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys18:31:02.0869 0x1280  mountmgr - ok18:31:02.0929 0x1280  [ DFCD29AB147716CA72416FA7D2196D46, ED60BF354347697F69A78C9FBE1ADCBE0C3EB4C2CC8DB97A7FA03A68BD796066 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe18:31:02.0929 0x1280  MozillaMaintenance - ok18:31:02.0949 0x1280  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys18:31:02.0949 0x1280  mpio - ok18:31:02.0989 0x1280  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys18:31:02.0989 0x1280  mpsdrv - ok18:31:03.0019 0x1280  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll18:31:03.0039 0x1280  MpsSvc - ok18:31:03.0059 0x1280  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys18:31:03.0069 0x1280  MRxDAV - ok18:31:03.0089 0x1280  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys18:31:03.0089 0x1280  mrxsmb - ok18:31:03.0109 0x1280  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys18:31:03.0109 0x1280  mrxsmb10 - ok18:31:03.0129 0x1280  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys18:31:03.0129 0x1280  mrxsmb20 - ok18:31:03.0139 0x1280  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys18:31:03.0139 0x1280  msahci - ok18:31:03.0169 0x1280  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys18:31:03.0169 0x1280  msdsm - ok18:31:03.0187 0x1280  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe18:31:03.0189 0x1280  MSDTC - ok18:31:03.0199 0x1280  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys18:31:03.0199 0x1280  Msfs - ok18:31:03.0212 0x1280  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys18:31:03.0212 0x1280  mshidkmdf - ok18:31:03.0222 0x1280  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys18:31:03.0222 0x1280  msisadrv - ok18:31:03.0252 0x1280  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll18:31:03.0262 0x1280  MSiSCSI - ok18:31:03.0262 0x1280  msiserver - ok18:31:03.0292 0x1280  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys18:31:03.0292 0x1280  MSKSSRV - ok18:31:03.0302 0x1280  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys18:31:03.0302 0x1280  MSPCLOCK - ok18:31:03.0312 0x1280  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys18:31:03.0312 0x1280  MSPQM - ok18:31:03.0332 0x1280  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys18:31:03.0342 0x1280  MsRPC - ok18:31:03.0362 0x1280  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys18:31:03.0372 0x1280  mssmbios - ok18:31:03.0372 0x1280  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys18:31:03.0372 0x1280  MSTEE - ok18:31:03.0392 0x1280  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys18:31:03.0392 0x1280  MTConfig - ok18:31:03.0407 0x1280  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys18:31:03.0407 0x1280  Mup - ok18:31:03.0437 0x1280  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll18:31:03.0447 0x1280  napagent - ok18:31:03.0467 0x1280  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys18:31:03.0477 0x1280  NativeWifiP - ok18:31:03.0537 0x1280  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys18:31:03.0557 0x1280  NDIS - ok18:31:03.0577 0x1280  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys18:31:03.0587 0x1280  NdisCap - ok18:31:03.0597 0x1280  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys18:31:03.0607 0x1280  NdisTapi - ok18:31:03.0607 0x1280  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys18:31:03.0617 0x1280  Ndisuio - ok18:31:03.0627 0x1280  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys18:31:03.0637 0x1280  NdisWan - ok18:31:03.0647 0x1280  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys18:31:03.0647 0x1280  NDProxy - ok18:31:03.0657 0x1280  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys18:31:03.0657 0x1280  NetBIOS - ok18:31:03.0677 0x1280  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys18:31:03.0687 0x1280  NetBT - ok18:31:03.0687 0x1280  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe18:31:03.0697 0x1280  Netlogon - ok18:31:03.0717 0x1280  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll18:31:03.0727 0x1280  Netman - ok18:31:03.0757 0x1280  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe18:31:03.0757 0x1280  NetMsmqActivator - ok18:31:03.0767 0x1280  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe18:31:03.0767 0x1280  NetPipeActivator - ok

Thank you!

Link to post
Share on other sites

This computer is infected by ransomware. Let´s remove the malware first...

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.