Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Son's laptop slow, browser hangs, D/Ls sporadic or fail.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 20th, 2014, 12:04 pm

The laptop seemed to be working much better after running the previous set of instructions but before too long (the next day) it was right back where it was with performance and hanging up instead of d/l web pages, etc.

C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe a variant of Win32/OpenCandy.A potentially unsafe application


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
========== FILES ==========
C:\Users\owner\AppData\LocalLow\Siber Systems\RoboForm\UserData\(Conduit).rfb moved successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@apps.conduit[2].txt moved successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@search.conduit[1].txt moved successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\specialed@search.conduit[1].txt moved successfully.
File\Folder C:\Users\owner\Documents\My RoboForm Data\Default Profile\(Conduit).rfb not found.
C:\Users\owner\NTUSER.DAT.iobit moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit moved successfully.
C:\Users\owner\Favorites\IObit Freeware.url moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: owner
->Temp folder emptied: 21567421 bytes
->Temporary Internet Files folder emptied: 726576 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 59178687 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23349 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 4287156281 bytes

Total Files Cleaned = 4,166.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09202014_013159

Files\Folders moved on Reboot...
C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am
Advertisement
Register to Remove

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 20th, 2014, 2:34 pm

Please post the complete ESET log located here: C:\Program Files\ESET\EsetOnlineScanner\log.txt

If you have not run the ESET scan, go back to my last post on the previous page for instructions.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 20th, 2014, 4:45 pm

Sorry about that.

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8c77d1776f42424ba638652514ac7ed2
# engine=20235
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-20 03:55:38
# local_time=2014-09-20 11:55:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777213 100 95 0 102535006 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162771988 0 0
# scanned=176065
# found=1
# cleaned=0
# scan_time=2798
sh=7EAFB97F8335D2304E9711DFA9B6D168BC80F663 ft=1 fh=d41bf3951b621b5e vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8c77d1776f42424ba638652514ac7ed2
# engine=20238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-20 08:33:04
# local_time=2014-09-20 04:33:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777213 100 95 0 102551652 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162788634 0 0
# scanned=176437
# found=1
# cleaned=0
# scan_time=2784
sh=7EAFB97F8335D2304E9711DFA9B6D168BC80F663 ft=1 fh=d41bf3951b621b5e vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe"
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 20th, 2014, 8:26 pm

Hi SpecialEd19,

Your logs are not showing any signs of malware so lets try a few more things.
Please run the following:

TDSSKiller

Please goto Bleepingcomputer TDSSKiller Download.
Click on the .exe version download button.
  • Move this file to your desktop from the folder that your browser saved it in. Most likely here: C:\Users\???????\Downloads
  • Once on your desktop, double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 22nd, 2014, 11:19 pm

Hi SpecialEd19.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 23rd, 2014, 1:24 am

23:13:10.0805 0x1648 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:13:20.0427 0x1648 ============================================================
23:13:20.0427 0x1648 Current date / time: 2014/09/20 23:13:20.0427
23:13:20.0427 0x1648 SystemInfo:
23:13:20.0427 0x1648
23:13:20.0427 0x1648 OS Version: 6.1.7601 ServicePack: 1.0
23:13:20.0427 0x1648 Product type: Workstation
23:13:20.0427 0x1648 ComputerName: PHOENIX-ASUS
23:13:20.0427 0x1648 UserName: owner
23:13:20.0427 0x1648 Windows directory: C:\Windows
23:13:20.0427 0x1648 System windows directory: C:\Windows
23:13:20.0427 0x1648 Running under WOW64
23:13:20.0427 0x1648 Processor architecture: Intel x64
23:13:20.0427 0x1648 Number of processors: 8
23:13:20.0427 0x1648 Page size: 0x1000
23:13:20.0427 0x1648 Boot type: Normal boot
23:13:20.0427 0x1648 ============================================================
23:13:22.0166 0x1648 KLMD registered as C:\Windows\system32\drivers\98790418.sys
23:13:22.0359 0x1648 System UUID: {A8DB37DE-9839-EE35-F69F-93154CFE7AA8}
23:13:22.0754 0x1648 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:13:22.0756 0x1648 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 ( 931.48 Gb ), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:13:23.0273 0x1648 Drive \Device\Harddisk2\DR2 - Size: 0x1D9C00000 ( 7.40 Gb ), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:13:23.0278 0x1648 ============================================================
23:13:23.0278 0x1648 \Device\Harddisk0\DR0:
23:13:23.0278 0x1648 MBR partitions:
23:13:23.0278 0x1648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:13:23.0278 0x1648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
23:13:23.0278 0x1648 \Device\Harddisk1\DR1:
23:13:23.0279 0x1648 MBR partitions:
23:13:23.0279 0x1648 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
23:13:23.0279 0x1648 \Device\Harddisk2\DR2:
23:13:23.0281 0x1648 MBR partitions:
23:13:23.0281 0x1648 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
23:13:23.0281 0x1648 ============================================================
23:13:23.0309 0x1648 C: <-> \Device\Harddisk0\DR0\Partition2
23:13:23.0329 0x1648 F: <-> \Device\Harddisk1\DR1\Partition1
23:13:23.0329 0x1648 ============================================================
23:13:23.0329 0x1648 Initialize success
23:13:23.0329 0x1648 ============================================================
23:13:33.0467 0x1550 ============================================================
23:13:33.0467 0x1550 Scan started
23:13:33.0467 0x1550 Mode: Manual;
23:13:33.0467 0x1550 ============================================================
23:13:33.0467 0x1550 KSN ping started
23:13:36.0245 0x1550 KSN ping finished: true
23:13:37.0487 0x1550 ================ Scan system memory ========================
23:13:37.0487 0x1550 System memory - ok
23:13:37.0488 0x1550 ================ Scan services =============================
23:13:37.0597 0x1550 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:13:37.0601 0x1550 1394ohci - ok
23:13:37.0627 0x1550 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:13:37.0632 0x1550 ACPI - ok
23:13:37.0635 0x1550 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:13:37.0636 0x1550 AcpiPmi - ok
23:13:37.0710 0x1550 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:13:37.0711 0x1550 AdobeARMservice - ok
23:13:37.0789 0x1550 [ F4BF3ADDDDC1AD372604F13C2B0C1F65, FA37ED5014336A72F778C485226B61BEFECEB861AB754862738795C167F0BAB7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:13:37.0793 0x1550 AdobeFlashPlayerUpdateSvc - ok
23:13:37.0821 0x1550 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:13:37.0830 0x1550 adp94xx - ok
23:13:37.0858 0x1550 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:13:37.0865 0x1550 adpahci - ok
23:13:37.0870 0x1550 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:13:37.0873 0x1550 adpu320 - ok
23:13:37.0894 0x1550 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:13:37.0895 0x1550 AeLookupSvc - ok
23:13:37.0934 0x1550 [ BDF76C3CE993FFB6214287272708364F, C2112D58104DD8FB74530F6DCA4F1261C82F26DE928E0BD764BCB6EF49B59A2D ] AFD C:\Windows\system32\drivers\afd.sys
23:13:37.0942 0x1550 AFD - ok
23:13:37.0962 0x1550 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:13:37.0964 0x1550 agp440 - ok
23:13:37.0980 0x1550 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:13:37.0981 0x1550 ALG - ok
23:13:38.0010 0x1550 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:13:38.0011 0x1550 aliide - ok
23:13:38.0019 0x1550 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:13:38.0020 0x1550 amdide - ok
23:13:38.0042 0x1550 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:13:38.0043 0x1550 AmdK8 - ok
23:13:38.0047 0x1550 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:13:38.0049 0x1550 AmdPPM - ok
23:13:38.0058 0x1550 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:13:38.0061 0x1550 amdsata - ok
23:13:38.0090 0x1550 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:13:38.0094 0x1550 amdsbs - ok
23:13:38.0100 0x1550 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:13:38.0101 0x1550 amdxata - ok
23:13:38.0140 0x1550 [ D6934D14EDAEC74F47C8C6A8026ADA01, 6FC7F30216DD33441702438E7BE49158DB1C62B45B30FA27280FCB8E394E5EA7 ] AppID C:\Windows\system32\drivers\appid.sys
23:13:38.0141 0x1550 AppID - ok
23:13:38.0160 0x1550 [ A66E46C7C869B195EBB2D8F00A210B75, 45E4CD1681DEC199796FD7047485BA65B80200BC6E15B621C674A388B438E7F8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:13:38.0160 0x1550 AppIDSvc - ok
23:13:38.0183 0x1550 [ 9651B55594F10F65D6D4498B89E5A4C5, 0726F44A81298116E61DCF720383C2E295EA96C79364A19B1ED1C274D20B3D77 ] Appinfo C:\Windows\System32\appinfo.dll
23:13:38.0185 0x1550 Appinfo - ok
23:13:38.0212 0x1550 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
23:13:38.0214 0x1550 arc - ok
23:13:38.0218 0x1550 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:13:38.0220 0x1550 arcsas - ok
23:13:38.0275 0x1550 [ E40AF754F43E3B44E2D6DE829267AD52, 5F9427E595A56464807D071205FB4DFD6BB21B68058E67529DC1727D32FAB0AD ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:13:38.0277 0x1550 ASLDRService - ok
23:13:38.0294 0x1550 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:13:38.0295 0x1550 ASMMAP64 - ok
23:13:38.0365 0x1550 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:13:38.0366 0x1550 aspnet_state - ok
23:13:38.0383 0x1550 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:13:38.0384 0x1550 AsyncMac - ok
23:13:38.0407 0x1550 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:13:38.0407 0x1550 atapi - ok
23:13:38.0444 0x1550 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:13:38.0446 0x1550 ATKGFNEXSrv - ok
23:13:38.0502 0x1550 [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:13:38.0503 0x1550 ATKWMIACPIIO - ok
23:13:38.0534 0x1550 [ 5E442C5711272E89AED228523D7F8A1E, 71C44B1907C9466B59BF5613EF9EB725A5AB7A3C2F7C6BADBA838D4547E94C2E ] ATP C:\Windows\system32\DRIVERS\AsusTP.sys
23:13:38.0536 0x1550 ATP - ok
23:13:38.0573 0x1550 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:13:38.0582 0x1550 AudioEndpointBuilder - ok
23:13:38.0607 0x1550 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:13:38.0616 0x1550 AudioSrv - ok
23:13:38.0666 0x1550 [ 7E91655B4947EC1B18B3BC1645839145, 4425326D019A7A6380B71D6710AD94D58A11E1BC5BA42159DD4A17437A296C48 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
23:13:38.0671 0x1550 AVP - ok
23:13:38.0718 0x1550 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:13:38.0720 0x1550 AxInstSV - ok
23:13:38.0752 0x1550 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:13:38.0761 0x1550 b06bdrv - ok
23:13:38.0773 0x1550 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:13:38.0778 0x1550 b57nd60a - ok
23:13:38.0804 0x1550 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:13:38.0806 0x1550 BDESVC - ok
23:13:38.0826 0x1550 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:13:38.0827 0x1550 Beep - ok
23:13:38.0880 0x1550 [ F513F0CE75F873A0050A34379A8E76B5, CB1329CCAE7B8EBB711772F4A4C5ABBC47347C948BBBDEE011A8A25872B0C17D ] BFE C:\Windows\System32\bfe.dll
23:13:38.0890 0x1550 BFE - ok
23:13:38.0924 0x1550 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
23:13:38.0936 0x1550 BITS - ok
23:13:38.0965 0x1550 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:13:38.0967 0x1550 blbdrive - ok
23:13:38.0995 0x1550 [ 369D7E0E01117A1A4A23C9C6A04EED06, 000793ECF7BF88A108A9FF623AF03508AD360854D08BD70DF32C22EBFE78E119 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
23:13:38.0996 0x1550 BootDefragDriver - ok
23:13:39.0010 0x1550 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:13:39.0012 0x1550 bowser - ok
23:13:39.0027 0x1550 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:13:39.0028 0x1550 BrFiltLo - ok
23:13:39.0030 0x1550 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:13:39.0031 0x1550 BrFiltUp - ok
23:13:39.0045 0x1550 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:13:39.0047 0x1550 Browser - ok
23:13:39.0060 0x1550 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:13:39.0065 0x1550 Brserid - ok
23:13:39.0069 0x1550 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:13:39.0071 0x1550 BrSerWdm - ok
23:13:39.0073 0x1550 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:13:39.0074 0x1550 BrUsbMdm - ok
23:13:39.0076 0x1550 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:13:39.0077 0x1550 BrUsbSer - ok
23:13:39.0108 0x1550 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:13:39.0108 0x1550 BthEnum - ok
23:13:39.0112 0x1550 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:13:39.0113 0x1550 BTHMODEM - ok
23:13:39.0142 0x1550 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:13:39.0144 0x1550 BthPan - ok
23:13:39.0164 0x1550 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:13:39.0172 0x1550 BTHPORT - ok
23:13:39.0192 0x1550 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:13:39.0194 0x1550 bthserv - ok
23:13:39.0211 0x1550 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:13:39.0214 0x1550 BTHUSB - ok
23:13:39.0300 0x1550 [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
23:13:39.0318 0x1550 c2cautoupdatesvc - ok
23:13:39.0365 0x1550 [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
23:13:39.0391 0x1550 c2cpnrsvc - ok
23:13:39.0403 0x1550 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:13:39.0405 0x1550 cdfs - ok
23:13:39.0445 0x1550 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:13:39.0448 0x1550 cdrom - ok
23:13:39.0469 0x1550 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:13:39.0471 0x1550 CertPropSvc - ok
23:13:39.0477 0x1550 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
23:13:39.0478 0x1550 circlass - ok
23:13:39.0494 0x1550 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
23:13:39.0501 0x1550 CLFS - ok
23:13:39.0568 0x1550 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:13:39.0570 0x1550 clr_optimization_v2.0.50727_32 - ok
23:13:39.0586 0x1550 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:13:39.0588 0x1550 clr_optimization_v2.0.50727_64 - ok
23:13:39.0651 0x1550 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:13:39.0653 0x1550 clr_optimization_v4.0.30319_32 - ok
23:13:39.0659 0x1550 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:13:39.0661 0x1550 clr_optimization_v4.0.30319_64 - ok
23:13:39.0688 0x1550 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:13:39.0689 0x1550 CmBatt - ok
23:13:39.0705 0x1550 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:13:39.0706 0x1550 cmdide - ok
23:13:39.0740 0x1550 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
23:13:39.0748 0x1550 CNG - ok
23:13:39.0762 0x1550 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:13:39.0763 0x1550 Compbatt - ok
23:13:39.0782 0x1550 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:13:39.0783 0x1550 CompositeBus - ok
23:13:39.0788 0x1550 COMSysApp - ok
23:13:39.0858 0x1550 [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:13:39.0862 0x1550 cphs - ok
23:13:39.0894 0x1550 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:13:39.0895 0x1550 crcdisk - ok
23:13:39.0933 0x1550 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:13:39.0936 0x1550 CryptSvc - ok
23:13:39.0959 0x1550 [ 04199CA5C4A6F6E935906A74EAFCA8E7, F02E807E04DA16117E9E4D183186DF9425E9E1AD7CBC34AEED63A38F7D1E75E6 ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
23:13:39.0961 0x1550 CSCrySec - ok
23:13:40.0036 0x1550 [ 0B7E221689F370C87F640C6D2EED7D3F, 2EBA565DAC2DC7182C43174BAAA373610C7083B57279CAD5EA5765E25EA27BCF ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
23:13:40.0048 0x1550 CSObjectsSrv - ok
23:13:40.0085 0x1550 [ 7D7F90460F1309B5205BF8CDFAD63E42, 885B9EA530E7B6D51DC24A5009F37A2D4CCACAFCA0A7CB693F4320E110AFFA4F ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
23:13:40.0087 0x1550 CSVirtualDiskDrv - ok
23:13:40.0146 0x1550 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:13:40.0158 0x1550 cvhsvc - ok
23:13:40.0198 0x1550 [ F3EF088F45BE326B4EDAC8C1C5A35105, 6A8F992981AB68F811E3EF51545A0B0572A88C746472D24042646329B581F519 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:13:40.0206 0x1550 DcomLaunch - ok
23:13:40.0233 0x1550 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:13:40.0238 0x1550 defragsvc - ok
23:13:40.0257 0x1550 [ A61E76AA38582730CEFA51B78B3184B2, 1E7B401E9765C18CA17F26D796CC77601FC06220C4B88FE5727215B0446BE8BB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:13:40.0259 0x1550 DfsC - ok
23:13:40.0284 0x1550 [ 6D7E8A022DB7DAD500789CBA5C2EF005, FBD3710CDD3690A104486E36FB5A85CFF07D350B99C8302272702D4019E09FC0 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:13:40.0289 0x1550 Dhcp - ok
23:13:40.0334 0x1550 [ 2A312D761AE650B1BF1296733E872AAC, A05BB3B3BF2DA68599E593BB4367774A74141DE327092C77BCDA3C0F36C8D6AD ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
23:13:40.0337 0x1550 DirMngr - ok
23:13:40.0356 0x1550 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:13:40.0357 0x1550 discache - ok
23:13:40.0367 0x1550 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
23:13:40.0369 0x1550 Disk - ok
23:13:40.0389 0x1550 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:13:40.0392 0x1550 Dnscache - ok
23:13:40.0419 0x1550 [ 8DA62036CC6192959D675142A3084916, BA97989D8E047872C54BC517697366741AFBB483906185EDED67C7C5854FCB4F ] dot3svc C:\Windows\System32\dot3svc.dll
23:13:40.0423 0x1550 dot3svc - ok
23:13:40.0439 0x1550 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:13:40.0441 0x1550 DPS - ok
23:13:40.0470 0x1550 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:13:40.0471 0x1550 drmkaud - ok
23:13:40.0543 0x1550 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:13:40.0577 0x1550 DXGKrnl - ok
23:13:40.0635 0x1550 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:13:40.0637 0x1550 EapHost - ok
23:13:40.0731 0x1550 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:13:40.0832 0x1550 ebdrv - ok
23:13:40.0852 0x1550 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
23:13:40.0853 0x1550 EFS - ok
23:13:40.0894 0x1550 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:13:40.0904 0x1550 ehRecvr - ok
23:13:40.0925 0x1550 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:13:40.0927 0x1550 ehSched - ok
23:13:40.0966 0x1550 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:13:40.0976 0x1550 elxstor - ok
23:13:40.0983 0x1550 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:13:40.0984 0x1550 ErrDev - ok
23:13:41.0028 0x1550 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:13:41.0034 0x1550 EventSystem - ok
23:13:41.0046 0x1550 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:13:41.0050 0x1550 exfat - ok
23:13:41.0074 0x1550 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:13:41.0078 0x1550 fastfat - ok
23:13:41.0120 0x1550 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
23:13:41.0130 0x1550 Fax - ok
23:13:41.0134 0x1550 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
23:13:41.0147 0x1550 fdc - ok
23:13:41.0166 0x1550 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:13:41.0167 0x1550 fdPHost - ok
23:13:41.0178 0x1550 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:13:41.0179 0x1550 FDResPub - ok
23:13:41.0206 0x1550 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:13:41.0208 0x1550 FileInfo - ok
23:13:41.0217 0x1550 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:13:41.0218 0x1550 Filetrace - ok
23:13:41.0221 0x1550 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:13:41.0222 0x1550 flpydisk - ok
23:13:41.0230 0x1550 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:13:41.0236 0x1550 FltMgr - ok
23:13:41.0278 0x1550 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
23:13:41.0296 0x1550 FontCache - ok
23:13:41.0329 0x1550 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:13:41.0330 0x1550 FontCache3.0.0.0 - ok
23:13:41.0356 0x1550 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:13:41.0357 0x1550 FsDepends - ok
23:13:41.0376 0x1550 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:13:41.0377 0x1550 Fs_Rec - ok
23:13:41.0409 0x1550 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:13:41.0413 0x1550 fvevol - ok
23:13:41.0416 0x1550 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:13:41.0418 0x1550 gagp30kx - ok
23:13:41.0451 0x1550 [ 030B778F4272DF185E4E2E8EC49D162E, 702E884DC9C56D67A250F2DE4C293A878054F0F0A3BB64944A204445D9D5357F ] gpsvc C:\Windows\System32\gpsvc.dll
23:13:41.0463 0x1550 gpsvc - ok
23:13:41.0476 0x1550 [ 500CBE92D24D21B78120BF0FD0196F58, 62514A8A96AA0092B7327CFF2E1168A5619DCFC947E7995FEE81A32F83AF3AE1 ] GUBootStartup C:\Windows\System32\drivers\GUBootStartup.sys
23:13:41.0477 0x1550 GUBootStartup - ok
23:13:41.0531 0x1550 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:13:41.0533 0x1550 gupdate - ok
23:13:41.0537 0x1550 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:13:41.0539 0x1550 gupdatem - ok
23:13:41.0575 0x1550 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:13:41.0577 0x1550 gusvc - ok
23:13:41.0603 0x1550 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:13:41.0605 0x1550 hcw85cir - ok
23:13:41.0639 0x1550 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:13:41.0646 0x1550 HdAudAddService - ok
23:13:41.0676 0x1550 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:13:41.0678 0x1550 HDAudBus - ok
23:13:41.0681 0x1550 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:13:41.0682 0x1550 HidBatt - ok
23:13:41.0686 0x1550 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:13:41.0688 0x1550 HidBth - ok
23:13:41.0710 0x1550 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
23:13:41.0711 0x1550 HidIr - ok
23:13:41.0732 0x1550 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:13:41.0734 0x1550 hidserv - ok
23:13:41.0776 0x1550 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:13:41.0777 0x1550 HidUsb - ok
23:13:41.0804 0x1550 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:13:41.0806 0x1550 hkmsvc - ok
23:13:41.0831 0x1550 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:13:41.0835 0x1550 HomeGroupListener - ok
23:13:41.0859 0x1550 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:13:41.0863 0x1550 HomeGroupProvider - ok
23:13:41.0887 0x1550 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:13:41.0889 0x1550 HpSAMD - ok
23:13:41.0912 0x1550 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:13:41.0926 0x1550 HTTP - ok
23:13:41.0929 0x1550 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:13:41.0930 0x1550 hwpolicy - ok
23:13:41.0946 0x1550 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:13:41.0949 0x1550 i8042prt - ok
23:13:41.0991 0x1550 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:13:41.0998 0x1550 iaStorV - ok
23:13:42.0039 0x1550 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:13:42.0052 0x1550 idsvc - ok
23:13:42.0066 0x1550 IEEtwCollectorService - ok
23:13:42.0173 0x1550 [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:13:42.0275 0x1550 igfx - ok
23:13:42.0298 0x1550 [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
23:13:42.0302 0x1550 igfxCUIService1.0.0.0 - ok
23:13:42.0327 0x1550 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:13:42.0329 0x1550 iirsp - ok
23:13:42.0363 0x1550 [ 1E2A51DB8B28CD431D2B5C76A71AAEE3, A356E381C155DF7D3E905696D63A652D1C01D524B6B866C2288ECC5F3B3D4AB9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:13:42.0375 0x1550 IKEEXT - ok
23:13:42.0501 0x1550 [ C2F868881D48A568B525255F084EF063, EFB1704AE223CF886EDA5F1411C8178EDE4B5E1F7EE373E3DA89A6EA1A57D91D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:13:42.0604 0x1550 IntcAzAudAddService - ok
23:13:42.0615 0x1550 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:13:42.0616 0x1550 intelide - ok
23:13:42.0647 0x1550 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:13:42.0648 0x1550 intelppm - ok
23:13:42.0711 0x1550 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:13:42.0713 0x1550 IPBusEnum - ok
23:13:42.0751 0x1550 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:42.0763 0x1550 IpFilterDriver - ok
23:13:42.0797 0x1550 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:13:42.0806 0x1550 iphlpsvc - ok
23:13:42.0810 0x1550 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:13:42.0812 0x1550 IPMIDRV - ok
23:13:42.0816 0x1550 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:13:42.0818 0x1550 IPNAT - ok
23:13:42.0843 0x1550 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:13:42.0844 0x1550 IRENUM - ok
23:13:42.0857 0x1550 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:13:42.0858 0x1550 isapnp - ok
23:13:42.0895 0x1550 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:13:42.0900 0x1550 iScsiPrt - ok
23:13:42.0942 0x1550 [ EB56D7AC688BCB1171812EF6CBB32193, 3423D53842CAB2473EECE6EF90ED25765B3DB9D85EA5D3A4D2C59A947A959F4D ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
23:13:42.0943 0x1550 iusb3hcs - ok
23:13:42.0969 0x1550 [ 3DD76F45DA45CEDCDFC7BF7AB93E6216, 11757969FCAA14C1DCD4CF06C11BA9EA528C2CD4C6F0C2F5C4EFFFA82AAA22A6 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
23:13:42.0976 0x1550 iusb3hub - ok
23:13:42.0999 0x1550 [ B0342584DAB73797F584CADD41EEC6BD, 517938881A8395B36847838407E1BDE2C0A982AF544CECC44C86BEEA382E9E63 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
23:13:43.0022 0x1550 iusb3xhc - ok
23:13:43.0057 0x1550 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:13:43.0058 0x1550 kbdclass - ok
23:13:43.0078 0x1550 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:13:43.0079 0x1550 kbdhid - ok
23:13:43.0088 0x1550 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
23:13:43.0089 0x1550 KeyIso - ok
23:13:43.0129 0x1550 [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
23:13:43.0137 0x1550 kl1 - ok
23:13:43.0203 0x1550 [ 70D959CB6DC1F2AC6AFF3AC20891939D, 22EECAD6C8DD9C2691D707950FFCD5DBA929942450B7E2E69F5DDE9DD4E7DBFE ] KLIF C:\Windows\system32\DRIVERS\klif.sys
23:13:43.0214 0x1550 KLIF - ok
23:13:43.0240 0x1550 [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
23:13:43.0241 0x1550 KLIM6 - ok
23:13:43.0262 0x1550 [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
23:13:43.0264 0x1550 klkbdflt - ok
23:13:43.0273 0x1550 [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
23:13:43.0274 0x1550 klmouflt - ok
23:13:43.0288 0x1550 [ 45ECF097BC6330C2054D7D43B7AD822B, 41684ED54E75FE6BEEA322E7CE888DFDD53EE1F45016E01CE10B84ABB02CBDA8 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
23:13:43.0290 0x1550 kltdi - ok
23:13:43.0315 0x1550 [ 1FCB657B581CC4DF17FD6571F93602DE, D5D95773D19AA47BA619D149FD6068198E2AA05C219C3936E327B3DFFDE6B10C ] kneps C:\Windows\system32\DRIVERS\kneps.sys
23:13:43.0319 0x1550 kneps - ok
23:13:43.0335 0x1550 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:13:43.0337 0x1550 KSecDD - ok
23:13:43.0352 0x1550 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:13:43.0355 0x1550 KSecPkg - ok
23:13:43.0381 0x1550 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:13:43.0382 0x1550 ksthunk - ok
23:13:43.0403 0x1550 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:13:43.0408 0x1550 KtmRm - ok
23:13:43.0458 0x1550 [ 5CE3ADEF1C7203DCC0467E084ACE5643, E8A26479F296451310D42215E3E280C80A18BD6E537A854D1702873AC4162382 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:13:43.0462 0x1550 LanmanServer - ok
23:13:43.0477 0x1550 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:13:43.0480 0x1550 LanmanWorkstation - ok
23:13:43.0503 0x1550 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:13:43.0505 0x1550 lltdio - ok
23:13:43.0528 0x1550 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:13:43.0533 0x1550 lltdsvc - ok
23:13:43.0556 0x1550 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:13:43.0558 0x1550 lmhosts - ok
23:13:43.0589 0x1550 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:13:43.0591 0x1550 LSI_FC - ok
23:13:43.0595 0x1550 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:13:43.0597 0x1550 LSI_SAS - ok
23:13:43.0601 0x1550 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:13:43.0603 0x1550 LSI_SAS2 - ok
23:13:43.0607 0x1550 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:13:43.0609 0x1550 LSI_SCSI - ok
23:13:43.0613 0x1550 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:13:43.0616 0x1550 luafv - ok
23:13:43.0674 0x1550 [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:13:43.0675 0x1550 MBAMProtector - ok
23:13:43.0754 0x1550 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:13:43.0799 0x1550 MBAMScheduler - ok
23:13:43.0844 0x1550 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:13:43.0867 0x1550 MBAMService - ok
23:13:43.0895 0x1550 [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:13:43.0897 0x1550 MBAMSwissArmy - ok
23:13:43.0921 0x1550 [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:13:43.0922 0x1550 MBAMWebAccessControl - ok
23:13:43.0952 0x1550 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:13:43.0954 0x1550 Mcx2Svc - ok
23:13:43.0971 0x1550 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
23:13:43.0973 0x1550 megasas - ok
23:13:44.0000 0x1550 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:13:44.0006 0x1550 MegaSR - ok
23:13:44.0027 0x1550 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:13:44.0029 0x1550 MEIx64 - ok
23:13:44.0052 0x1550 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:13:44.0053 0x1550 MMCSS - ok
23:13:44.0078 0x1550 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:13:44.0079 0x1550 Modem - ok
23:13:44.0092 0x1550 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:13:44.0092 0x1550 monitor - ok
23:13:44.0104 0x1550 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:13:44.0106 0x1550 mouclass - ok
23:13:44.0108 0x1550 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\drivers\mouhid.sys
23:13:44.0109 0x1550 mouhid - ok
23:13:44.0113 0x1550 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:13:44.0115 0x1550 mountmgr - ok
23:13:44.0166 0x1550 [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:13:44.0168 0x1550 MozillaMaintenance - ok
23:13:44.0173 0x1550 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:13:44.0176 0x1550 mpio - ok
23:13:44.0188 0x1550 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:13:44.0190 0x1550 mpsdrv - ok
23:13:44.0231 0x1550 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:13:44.0243 0x1550 MpsSvc - ok
23:13:44.0275 0x1550 [ 83A296715A67D696F101130AB44B92A7, 365D984745C38CA6AD2EE038834A02BE03AAAF02BCEB40B4E60E4309C01C3BE2 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:13:44.0278 0x1550 MRxDAV - ok
23:13:44.0283 0x1550 [ 631EC673CD9115AA5A3570E7C092A410, 2FD8525D0BAE43C7D0E8858B65EC2E707734CC59CB642617712C2AA62CF10B04 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:44.0286 0x1550 mrxsmb - ok
23:13:44.0294 0x1550 [ B10A0DF47FB6A1B807617A8EB8CF1045, 6EAD4CD5B6325718143AF46B100E0122C254A7E3EECF87AE8590A783D60DD2D0 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:44.0299 0x1550 mrxsmb10 - ok
23:13:44.0312 0x1550 [ B7D1933C1835A39B55BB59A2190DC858, B594BDEA0FB8CE1C736A2F8487A7EC5353AFB1B2DF80178F21897EFDD6D6C4C5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:44.0315 0x1550 mrxsmb20 - ok
23:13:44.0333 0x1550 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:13:44.0334 0x1550 msahci - ok
23:13:44.0339 0x1550 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:13:44.0342 0x1550 msdsm - ok
23:13:44.0360 0x1550 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:13:44.0363 0x1550 MSDTC - ok
23:13:44.0368 0x1550 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:13:44.0369 0x1550 Msfs - ok
23:13:44.0385 0x1550 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:13:44.0386 0x1550 mshidkmdf - ok
23:13:44.0389 0x1550 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:13:44.0390 0x1550 msisadrv - ok
23:13:44.0403 0x1550 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:13:44.0405 0x1550 MSiSCSI - ok
23:13:44.0408 0x1550 msiserver - ok
23:13:44.0413 0x1550 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:13:44.0414 0x1550 MSKSSRV - ok
23:13:44.0425 0x1550 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:44.0425 0x1550 MSPCLOCK - ok
23:13:44.0428 0x1550 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:13:44.0429 0x1550 MSPQM - ok
23:13:44.0442 0x1550 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:13:44.0449 0x1550 MsRPC - ok
23:13:44.0454 0x1550 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:13:44.0454 0x1550 mssmbios - ok
23:13:44.0465 0x1550 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:13:44.0465 0x1550 MSTEE - ok
23:13:44.0468 0x1550 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:13:44.0469 0x1550 MTConfig - ok
23:13:44.0473 0x1550 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:13:44.0475 0x1550 Mup - ok
23:13:44.0505 0x1550 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:13:44.0512 0x1550 napagent - ok
23:13:44.0561 0x1550 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:13:44.0567 0x1550 NativeWifiP - ok
23:13:44.0607 0x1550 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
23:13:44.0619 0x1550 NDIS - ok
23:13:44.0627 0x1550 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:13:44.0628 0x1550 NdisCap - ok
23:13:44.0649 0x1550 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:44.0650 0x1550 NdisTapi - ok
23:13:44.0671 0x1550 [ 662CBFAA835FFF1A935DD01890AAFC62, 41CD715EF77446E2ECD70A512BF2A5DC8C32C0F38E56F48621461784C28CF914 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:44.0673 0x1550 Ndisuio - ok
23:13:44.0678 0x1550 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:44.0681 0x1550 NdisWan - ok
23:13:44.0685 0x1550 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:13:44.0686 0x1550 NDProxy - ok
23:13:44.0690 0x1550 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:13:44.0691 0x1550 NetBIOS - ok
23:13:44.0697 0x1550 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:13:44.0702 0x1550 NetBT - ok
23:13:44.0715 0x1550 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
23:13:44.0716 0x1550 Netlogon - ok
23:13:44.0746 0x1550 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:13:44.0753 0x1550 Netman - ok
23:13:44.0813 0x1550 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:44.0815 0x1550 NetMsmqActivator - ok
23:13:44.0819 0x1550 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:44.0822 0x1550 NetPipeActivator - ok
23:13:44.0833 0x1550 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:13:44.0841 0x1550 netprofm - ok
23:13:44.0857 0x1550 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:44.0859 0x1550 NetTcpActivator - ok
23:13:44.0864 0x1550 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:13:44.0866 0x1550 NetTcpPortSharing - ok
23:13:45.0147 0x1550 [ 0D4875DD9E869784ABB2760DF01931CF, 913A296EAB37319E1D27BBC719190801A4B725B24A7DCF411F0C4BAA03038714 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwsw00.sys
23:13:45.0417 0x1550 NETwNs64 - ok
23:13:45.0443 0x1550 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:13:45.0445 0x1550 nfrd960 - ok
23:13:45.0468 0x1550 [ 843E337C1CDD282545ED7515345E263B, B0E485856FC1C28DA6C453BF60A04F603BA15D7B0D84896E878049198F2FD1C9 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:13:45.0473 0x1550 NlaSvc - ok
23:13:45.0484 0x1550 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:13:45.0485 0x1550 Npfs - ok
23:13:45.0500 0x1550 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:13:45.0501 0x1550 nsi - ok
23:13:45.0504 0x1550 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:13:45.0505 0x1550 nsiproxy - ok
23:13:45.0569 0x1550 [ 48B6047F82D5A8D0AEC71593F4ACD79B, A96F91C1DFD1CBB17C05B5DAAC4956169380E988FB4223E4588FEF34C2BC5249 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:13:45.0615 0x1550 Ntfs - ok
23:13:45.0631 0x1550 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 23rd, 2014, 1:25 am

C:\Windows\system32\drivers\Null.sys
23:13:45.0632 0x1550 Null - ok
23:13:45.0659 0x1550 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:13:45.0662 0x1550 nvraid - ok
23:13:45.0675 0x1550 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:13:45.0679 0x1550 nvstor - ok
23:13:45.0705 0x1550 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:13:45.0707 0x1550 nv_agp - ok
23:13:45.0711 0x1550 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:13:45.0713 0x1550 ohci1394 - ok
23:13:45.0734 0x1550 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:13:45.0737 0x1550 ose - ok
23:13:45.0883 0x1550 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:13:45.0952 0x1550 osppsvc - ok
23:13:45.0996 0x1550 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:13:46.0002 0x1550 p2pimsvc - ok
23:13:46.0024 0x1550 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:13:46.0031 0x1550 p2psvc - ok
23:13:46.0056 0x1550 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
23:13:46.0058 0x1550 Parport - ok
23:13:46.0081 0x1550 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:13:46.0082 0x1550 partmgr - ok
23:13:46.0102 0x1550 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
23:13:46.0106 0x1550 PcaSvc - ok
23:13:46.0120 0x1550 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:13:46.0124 0x1550 pci - ok
23:13:46.0137 0x1550 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:13:46.0138 0x1550 pciide - ok
23:13:46.0155 0x1550 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:13:46.0160 0x1550 pcmcia - ok
23:13:46.0163 0x1550 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:13:46.0165 0x1550 pcw - ok
23:13:46.0177 0x1550 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:13:46.0189 0x1550 PEAUTH - ok
23:13:46.0264 0x1550 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:13:46.0265 0x1550 PerfHost - ok
23:13:46.0328 0x1550 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
23:13:46.0348 0x1550 pla - ok
23:13:46.0388 0x1550 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:13:46.0395 0x1550 PlugPlay - ok
23:13:46.0400 0x1550 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:13:46.0401 0x1550 PNRPAutoReg - ok
23:13:46.0417 0x1550 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:13:46.0422 0x1550 PNRPsvc - ok
23:13:46.0457 0x1550 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:13:46.0465 0x1550 PolicyAgent - ok
23:13:46.0476 0x1550 [ B2392DBB9085E39AAB5204BE92FB3AB0, BB7741859C9FB5B3DCA98DDC2869C05AD06DA896F5B0CA821D433C46463F8536 ] Power C:\Windows\system32\umpo.dll
23:13:46.0479 0x1550 Power - ok
23:13:46.0516 0x1550 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:13:46.0519 0x1550 PptpMiniport - ok
23:13:46.0527 0x1550 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
23:13:46.0531 0x1550 Processor - ok
23:13:46.0551 0x1550 [ 5CCDC5AECAC81371CCCB77F0556C757F, A7A195C20B7316BDA795B03A1166DAE1892F96F471FBD9595AAACBDF035F42B4 ] ProfSvc C:\Windows\system32\profsvc.dll
23:13:46.0555 0x1550 ProfSvc - ok
23:13:46.0564 0x1550 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:13:46.0565 0x1550 ProtectedStorage - ok
23:13:46.0583 0x1550 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:13:46.0586 0x1550 Psched - ok
23:13:46.0640 0x1550 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:13:46.0707 0x1550 ql2300 - ok
23:13:46.0713 0x1550 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:13:46.0715 0x1550 ql40xx - ok
23:13:46.0743 0x1550 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:13:46.0747 0x1550 QWAVE - ok
23:13:46.0751 0x1550 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:13:46.0752 0x1550 QWAVEdrv - ok
23:13:46.0755 0x1550 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:13:46.0756 0x1550 RasAcd - ok
23:13:46.0788 0x1550 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:13:46.0790 0x1550 RasAgileVpn - ok
23:13:46.0808 0x1550 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:13:46.0810 0x1550 RasAuto - ok
23:13:46.0824 0x1550 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:46.0826 0x1550 Rasl2tp - ok
23:13:46.0846 0x1550 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:13:46.0852 0x1550 RasMan - ok
23:13:46.0856 0x1550 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:46.0858 0x1550 RasPppoe - ok
23:13:46.0862 0x1550 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:13:46.0864 0x1550 RasSstp - ok
23:13:46.0871 0x1550 [ DB854D79B792CBDD51F3072B44D724F0, 0FF84D8ECE098C28596B77F71582BC362FB23C671922544F847B659D52B9F8A9 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:13:46.0877 0x1550 rdbss - ok
23:13:46.0891 0x1550 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:13:46.0892 0x1550 rdpbus - ok
23:13:46.0912 0x1550 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:46.0912 0x1550 RDPCDD - ok
23:13:46.0918 0x1550 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:13:46.0918 0x1550 RDPENCDD - ok
23:13:46.0929 0x1550 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:13:46.0929 0x1550 RDPREFMP - ok
23:13:46.0933 0x1550 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:13:46.0934 0x1550 RdpVideoMiniport - ok
23:13:46.0969 0x1550 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:13:46.0973 0x1550 RDPWD - ok
23:13:47.0010 0x1550 [ 9500266AFA2548D2812DC59D8C1D7BD3, 25FFD440B02D7D651B57133D94C95EB526F7189F3329060D004F28BA179BF89F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:13:47.0014 0x1550 rdyboost - ok
23:13:47.0037 0x1550 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:13:47.0039 0x1550 RemoteAccess - ok
23:13:47.0058 0x1550 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:13:47.0061 0x1550 RemoteRegistry - ok
23:13:47.0092 0x1550 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:13:47.0095 0x1550 RFCOMM - ok
23:13:47.0111 0x1550 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:13:47.0113 0x1550 RpcEptMapper - ok
23:13:47.0128 0x1550 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:13:47.0129 0x1550 RpcLocator - ok
23:13:47.0149 0x1550 [ F3EF088F45BE326B4EDAC8C1C5A35105, 6A8F992981AB68F811E3EF51545A0B0572A88C746472D24042646329B581F519 ] RpcSs C:\Windows\system32\rpcss.dll
23:13:47.0158 0x1550 RpcSs - ok
23:13:47.0186 0x1550 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:13:47.0188 0x1550 rspndr - ok
23:13:47.0211 0x1550 [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:13:47.0215 0x1550 RSUSBSTOR - ok
23:13:47.0254 0x1550 [ 61A04C0C084D560BBEF1D09604608262, 27230BDFB479FBD1B18BB4035059A52F8BE74B19190951EAC95D569E284421B3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:13:47.0275 0x1550 RTL8167 - ok
23:13:47.0283 0x1550 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
23:13:47.0284 0x1550 SamSs - ok
23:13:47.0300 0x1550 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:13:47.0302 0x1550 sbp2port - ok
23:13:47.0325 0x1550 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:13:47.0329 0x1550 SCardSvr - ok
23:13:47.0343 0x1550 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:13:47.0344 0x1550 scfilter - ok
23:13:47.0377 0x1550 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
23:13:47.0393 0x1550 Schedule - ok
23:13:47.0417 0x1550 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:13:47.0418 0x1550 SCPolicySvc - ok
23:13:47.0432 0x1550 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:13:47.0436 0x1550 SDRSVC - ok
23:13:47.0451 0x1550 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:13:47.0452 0x1550 secdrv - ok
23:13:47.0467 0x1550 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
23:13:47.0469 0x1550 seclogon - ok
23:13:47.0481 0x1550 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:13:47.0483 0x1550 SENS - ok
23:13:47.0498 0x1550 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:13:47.0499 0x1550 SensrSvc - ok
23:13:47.0514 0x1550 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:13:47.0515 0x1550 Serenum - ok
23:13:47.0552 0x1550 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
23:13:47.0554 0x1550 Serial - ok
23:13:47.0561 0x1550 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:13:47.0562 0x1550 sermouse - ok
23:13:47.0578 0x1550 [ F8F5016A8021390DFAF8782687B4F226, BF51874E3448F2800DCC74BDDCFD86D55C95B4B076DFAE61DD821A440BB0405E ] SessionEnv C:\Windows\system32\sessenv.dll
23:13:47.0580 0x1550 SessionEnv - ok
23:13:47.0594 0x1550 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:13:47.0595 0x1550 sffdisk - ok
23:13:47.0598 0x1550 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:13:47.0598 0x1550 sffp_mmc - ok
23:13:47.0601 0x1550 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:13:47.0602 0x1550 sffp_sd - ok
23:13:47.0604 0x1550 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:13:47.0605 0x1550 sfloppy - ok
23:13:47.0666 0x1550 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:13:47.0687 0x1550 Sftfs - ok
23:13:47.0759 0x1550 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:13:47.0767 0x1550 sftlist - ok
23:13:47.0785 0x1550 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:13:47.0790 0x1550 Sftplay - ok
23:13:47.0801 0x1550 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:13:47.0803 0x1550 Sftredir - ok
23:13:47.0810 0x1550 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:13:47.0811 0x1550 Sftvol - ok
23:13:47.0821 0x1550 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:13:47.0825 0x1550 sftvsa - ok
23:13:47.0857 0x1550 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:13:47.0863 0x1550 SharedAccess - ok
23:13:47.0891 0x1550 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:13:47.0897 0x1550 ShellHWDetection - ok
23:13:47.0917 0x1550 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:13:47.0918 0x1550 SiSRaid2 - ok
23:13:47.0922 0x1550 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:13:47.0924 0x1550 SiSRaid4 - ok
23:13:47.0958 0x1550 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:13:47.0962 0x1550 SkypeUpdate - ok
23:13:47.0980 0x1550 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:13:47.0982 0x1550 Smb - ok
23:13:48.0017 0x1550 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:13:48.0019 0x1550 SNMPTRAP - ok
23:13:48.0027 0x1550 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:13:48.0028 0x1550 spldr - ok
23:13:48.0056 0x1550 [ B98780FA7839BB6B14823C56A7BDA35C, 7EF79A807DE9940A93BDE9E18CD83940773BCA26CA68646C76BC2F96B6DC2E5B ] Spooler C:\Windows\System32\spoolsv.exe
23:13:48.0065 0x1550 Spooler - ok
23:13:48.0151 0x1550 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:13:48.0202 0x1550 sppsvc - ok
23:13:48.0208 0x1550 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:13:48.0210 0x1550 sppuinotify - ok
23:13:48.0233 0x1550 [ 20735E269DF367C76EF02DDE9C3FA477, 0D794D191A74406CCD62DCC270F9350981EE935488C61ADF168E98A712EE42B6 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:13:48.0241 0x1550 srv - ok
23:13:48.0257 0x1550 [ 6D1173EDC0D5C02ACE4BEA18F48E0746, BCDF818C079B3E90577AEEE7ECDA4DA2E54F0F393F5FFD26FD0D4793CE14038F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:13:48.0264 0x1550 srv2 - ok
23:13:48.0284 0x1550 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:13:48.0288 0x1550 srvnet - ok
23:13:48.0319 0x1550 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:13:48.0323 0x1550 SSDPSRV - ok
23:13:48.0327 0x1550 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:13:48.0329 0x1550 SstpSvc - ok
23:13:48.0379 0x1550 [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:13:48.0391 0x1550 Steam Client Service - ok
23:13:48.0403 0x1550 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:13:48.0404 0x1550 stexstor - ok
23:13:48.0442 0x1550 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:13:48.0452 0x1550 stisvc - ok
23:13:48.0470 0x1550 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:13:48.0471 0x1550 swenum - ok
23:13:48.0498 0x1550 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:13:48.0507 0x1550 swprv - ok
23:13:48.0559 0x1550 [ 25E0900D1B452EDEB09B1F9B71195153, 96F47A96AA3510EBC67579806A679D82CF85709A1E041D026378E8F6DC0EB374 ] SysMain C:\Windows\system32\sysmain.dll
23:13:48.0585 0x1550 SysMain - ok
23:13:48.0590 0x1550 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:13:48.0593 0x1550 TabletInputService - ok
23:13:48.0617 0x1550 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:13:48.0623 0x1550 TapiSrv - ok
23:13:48.0656 0x1550 [ DF56B9F206B99020D79AC560622F8F91, E2F30E1714D0FB1B839122C84C5036FE21CC5231CC6A99E0CCDD63C5A5998BFC ] tapvyprvpn C:\Windows\system32\DRIVERS\tapvyprvpn.sys
23:13:48.0657 0x1550 tapvyprvpn - ok
23:13:48.0672 0x1550 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:13:48.0674 0x1550 TBS - ok
23:13:48.0747 0x1550 [ 4F80944B03112F486212DC20BE166079, B4C1AF42E450A280C8018EF123555F4E3FD943BDC14E4ECD0AB72BB40C22AF94 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:13:48.0793 0x1550 Tcpip - ok
23:13:48.0829 0x1550 [ 4F80944B03112F486212DC20BE166079, B4C1AF42E450A280C8018EF123555F4E3FD943BDC14E4ECD0AB72BB40C22AF94 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:13:48.0856 0x1550 TCPIP6 - ok
23:13:48.0879 0x1550 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:13:48.0880 0x1550 tcpipreg - ok
23:13:48.0906 0x1550 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:13:48.0907 0x1550 TDPIPE - ok
23:13:48.0930 0x1550 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:13:48.0931 0x1550 TDTCP - ok
23:13:48.0949 0x1550 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:13:48.0951 0x1550 tdx - ok
23:13:49.0097 0x1550 [ 5CEF407E235885DB5421DF79C843F2DF, B85D7C8A137B15BDF14DB9588CEDB09C67B0C7965F8E79121E2BA7796B16777C ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
23:13:49.0221 0x1550 TeamViewer9 - ok
23:13:49.0258 0x1550 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:13:49.0260 0x1550 TermDD - ok
23:13:49.0276 0x1550 [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt C:\Windows\system32\drivers\terminpt.sys
23:13:49.0277 0x1550 terminpt - ok
23:13:49.0314 0x1550 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
23:13:49.0325 0x1550 TermService - ok
23:13:49.0334 0x1550 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:13:49.0335 0x1550 Themes - ok
23:13:49.0354 0x1550 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:13:49.0355 0x1550 THREADORDER - ok
23:13:49.0368 0x1550 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:13:49.0371 0x1550 TrkWks - ok
23:13:49.0414 0x1550 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:13:49.0417 0x1550 TrustedInstaller - ok
23:13:49.0440 0x1550 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:13:49.0441 0x1550 tssecsrv - ok
23:13:49.0478 0x1550 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:13:49.0479 0x1550 TsUsbFlt - ok
23:13:49.0498 0x1550 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:13:49.0500 0x1550 TsUsbGD - ok
23:13:49.0537 0x1550 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:13:49.0540 0x1550 tunnel - ok
23:13:49.0543 0x1550 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:13:49.0545 0x1550 uagp35 - ok
23:13:49.0567 0x1550 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:13:49.0574 0x1550 udfs - ok
23:13:49.0621 0x1550 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:13:49.0623 0x1550 UI0Detect - ok
23:13:49.0630 0x1550 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:13:49.0632 0x1550 uliagpkx - ok
23:13:49.0647 0x1550 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:13:49.0649 0x1550 umbus - ok
23:13:49.0652 0x1550 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
23:13:49.0653 0x1550 UmPass - ok
23:13:49.0673 0x1550 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:13:49.0679 0x1550 upnphost - ok
23:13:49.0710 0x1550 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:13:49.0712 0x1550 usbccgp - ok
23:13:49.0749 0x1550 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:13:49.0751 0x1550 usbcir - ok
23:13:49.0763 0x1550 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:13:49.0764 0x1550 usbehci - ok
23:13:49.0779 0x1550 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:13:49.0785 0x1550 usbhub - ok
23:13:49.0814 0x1550 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:13:49.0815 0x1550 usbohci - ok
23:13:49.0820 0x1550 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:13:49.0821 0x1550 usbprint - ok
23:13:49.0838 0x1550 [ ED08C252A0041F8FC0237BAB585BABDC, DF5948BCD5CEB5B69E1A0096465C069E233DB81F5524D7364FF3FCD1E5B28880 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:13:49.0840 0x1550 USBSTOR - ok
23:13:49.0846 0x1550 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:13:49.0847 0x1550 usbuhci - ok
23:13:49.0883 0x1550 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:13:49.0887 0x1550 usbvideo - ok
23:13:49.0904 0x1550 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:13:49.0906 0x1550 UxSms - ok
23:13:49.0918 0x1550 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
23:13:49.0919 0x1550 VaultSvc - ok
23:13:49.0937 0x1550 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:13:49.0938 0x1550 vdrvroot - ok
23:13:49.0958 0x1550 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:13:49.0966 0x1550 vds - ok
23:13:50.0003 0x1550 [ AFAA8992C083A113C9669CC6C5E99D29, 43A5D71FEE6DC984BBC5290AEFDEC3DD39DC9912CFC5368F7EE4F1544FFFC8E2 ] veracrypt C:\Windows\system32\drivers\veracrypt.sys
23:13:50.0008 0x1550 veracrypt - ok
23:13:50.0023 0x1550 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:13:50.0024 0x1550 vga - ok
23:13:50.0027 0x1550 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:13:50.0029 0x1550 VgaSave - ok
23:13:50.0041 0x1550 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:13:50.0045 0x1550 vhdmp - ok
23:13:50.0056 0x1550 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:13:50.0057 0x1550 viaide - ok
23:13:50.0072 0x1550 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:13:50.0074 0x1550 volmgr - ok
23:13:50.0092 0x1550 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:13:50.0098 0x1550 volmgrx - ok
23:13:50.0106 0x1550 [ DF83AA1C4278E2C0E36C0479C1555A9C, EA082BE4E38E22FD0C7D0A98DC227E2E33C0D87964D87276A2F56044656CD6F0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:13:50.0111 0x1550 volsnap - ok
23:13:50.0125 0x1550 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:13:50.0128 0x1550 vsmraid - ok
23:13:50.0184 0x1550 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:13:50.0207 0x1550 VSS - ok
23:13:50.0224 0x1550 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:13:50.0225 0x1550 vwifibus - ok
23:13:50.0242 0x1550 [ 274804C8405091526F2AFFDE354D433A, 702E33C998C29A9C448F0C968527C8B769DC1CAB7AFC7D7A1506FBF96741D0FA ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:13:50.0244 0x1550 vwififlt - ok
23:13:50.0269 0x1550 [ 24C754184BECA24C45B3B2CAE399AE9A, 00F7C488832651070328405A451F99BDEB28379707088BCACE10F5178927AAE8 ] VyprVPN C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
23:13:50.0271 0x1550 VyprVPN - ok
23:13:50.0288 0x1550 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:13:50.0294 0x1550 W32Time - ok
23:13:50.0313 0x1550 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:13:50.0314 0x1550 WacomPen - ok
23:13:50.0346 0x1550 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:13:50.0348 0x1550 WANARP - ok
23:13:50.0364 0x1550 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:13:50.0365 0x1550 Wanarpv6 - ok
23:13:50.0423 0x1550 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:13:50.0441 0x1550 WatAdminSvc - ok
23:13:50.0497 0x1550 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:13:50.0519 0x1550 wbengine - ok
23:13:50.0538 0x1550 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:13:50.0542 0x1550 WbioSrvc - ok
23:13:50.0557 0x1550 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:13:50.0563 0x1550 wcncsvc - ok
23:13:50.0579 0x1550 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:13:50.0581 0x1550 WcsPlugInService - ok
23:13:50.0593 0x1550 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
23:13:50.0594 0x1550 Wd - ok
23:13:50.0632 0x1550 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
23:13:50.0633 0x1550 WDC_SAM - ok
23:13:50.0675 0x1550 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:13:50.0697 0x1550 Wdf01000 - ok
23:13:50.0733 0x1550 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:13:50.0735 0x1550 WdiServiceHost - ok
23:13:50.0739 0x1550 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:13:50.0741 0x1550 WdiSystemHost - ok
23:13:50.0772 0x1550 [ 1BABAABCB29B03CFA7BC30833963398E, A354415572EEEB6FD7847F0FAF07BB7772E761EA485CFF3FE7837706515E85A0 ] WebClient C:\Windows\System32\webclnt.dll
23:13:50.0777 0x1550 WebClient - ok
23:13:50.0797 0x1550 [ 2CA323CF5C24A7DA9AC0FC374AED50A4, BAAA6BC43D7D50CE5F95BFE0B5E56B1032883F662A000CB54D361AE0913C325F ] Wecsvc C:\Windows\system32\wecsvc.dll
23:13:50.0802 0x1550 Wecsvc - ok
23:13:50.0816 0x1550 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:13:50.0818 0x1550 wercplsupport - ok
23:13:50.0841 0x1550 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:13:50.0843 0x1550 WerSvc - ok
23:13:50.0875 0x1550 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:13:50.0876 0x1550 WfpLwf - ok
23:13:50.0887 0x1550 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:13:50.0888 0x1550 WIMMount - ok
23:13:50.0906 0x1550 WinDefend - ok
23:13:50.0928 0x1550 WinHttpAutoProxySvc - ok
23:13:50.0968 0x1550 [ 5247036CD851AD73B5FC8E546DF78D4D, 5FC56B1CA516ED9D477AEAC5D06B2F59DF7FA9AFA207616C2E648C8348203F62 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:13:50.0971 0x1550 Winmgmt - ok
23:13:51.0051 0x1550 [ 2639C57F43CDB6B36593083CF3DF92F4, 64EE18B8C344EA67406B51724AC962934275B1769B42A03ECE56895CE8CEF05D ] WinRM C:\Windows\system32\WsmSvc.dll
23:13:51.0089 0x1550 WinRM - ok
23:13:51.0149 0x1550 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:13:51.0163 0x1550 Wlansvc - ok
23:13:51.0198 0x1550 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:13:51.0198 0x1550 WmiAcpi - ok
23:13:51.0223 0x1550 [ 43FA348D871923CC7FD28F82797AC04D, FDC8BD0732C0B11B11A19E16F75F91D09691AA8D28FB928A7918D2B080DF881A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:13:51.0226 0x1550 wmiApSrv - ok
23:13:51.0250 0x1550 WMPNetworkSvc - ok
23:13:51.0271 0x1550 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:13:51.0273 0x1550 WPCSvc - ok
23:13:51.0286 0x1550 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:13:51.0289 0x1550 WPDBusEnum - ok
23:13:51.0309 0x1550 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:13:51.0310 0x1550 ws2ifsl - ok
23:13:51.0324 0x1550 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:13:51.0327 0x1550 wscsvc - ok
23:13:51.0329 0x1550 WSearch - ok
23:13:51.0408 0x1550 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
23:13:51.0445 0x1550 wuauserv - ok
23:13:51.0474 0x1550 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:13:51.0475 0x1550 WudfPf - ok
23:13:51.0502 0x1550 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:13:51.0505 0x1550 WUDFRd - ok
23:13:51.0519 0x1550 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:13:51.0522 0x1550 wudfsvc - ok
23:13:51.0548 0x1550 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:13:51.0552 0x1550 WwanSvc - ok
23:13:51.0586 0x1550 ================ Scan global ===============================
23:13:51.0596 0x1550 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:13:51.0624 0x1550 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:13:51.0633 0x1550 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:13:51.0659 0x1550 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:13:51.0682 0x1550 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:13:51.0688 0x1550 [ Global ] - ok
23:13:51.0688 0x1550 ================ Scan MBR ==================================
23:13:51.0701 0x1550 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:13:51.0913 0x1550 \Device\Harddisk0\DR0 - ok
23:13:51.0916 0x1550 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:13:51.0923 0x1550 \Device\Harddisk1\DR1 - ok
23:13:52.0782 0x1550 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
23:13:52.0793 0x1550 \Device\Harddisk2\DR2 - ok
23:13:52.0793 0x1550 ================ Scan VBR ==================================
23:13:52.0795 0x1550 [ AFCC4AF231335B79504177D95A2F9078 ] \Device\Harddisk0\DR0\Partition1
23:13:52.0871 0x1550 \Device\Harddisk0\DR0\Partition1 - ok
23:13:52.0873 0x1550 [ 1F7F224B107BB0FEC86389CA99A16280 ] \Device\Harddisk0\DR0\Partition2
23:13:52.0931 0x1550 \Device\Harddisk0\DR0\Partition2 - ok
23:13:52.0933 0x1550 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk1\DR1\Partition1
23:13:53.0522 0x1550 \Device\Harddisk1\DR1\Partition1 - ok
23:13:53.0528 0x1550 [ EA20C57C7E86AE6788D524009D1FD43A ] \Device\Harddisk2\DR2\Partition1
23:13:53.0530 0x1550 \Device\Harddisk2\DR2\Partition1 - ok
23:13:53.0530 0x1550 ================ Scan generic autorun ======================
23:13:53.0919 0x1550 [ 834A309C2FDF52FC09353F348CFE1235, FF8D5B0C4D8DEF3B313E11B01D6A2A29758E8721EF2EC0AAC2DB3C9AAF399276 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:13:54.0085 0x1550 RTHDVCPL - ok
23:13:54.0283 0x1550 [ EC1959D9E06D31F72640883F471233BF, 233505A1BFA159676151AEC3C2D47BC338D4E920E563E905661D6F72F29442C8 ] C:\Program Files (x86)\Stardock\Fences\Fences.exe
23:13:54.0337 0x1550 Fences - ok
23:13:54.0371 0x1550 [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:13:54.0375 0x1550 SunJavaUpdateSched - ok
23:13:54.0441 0x1550 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:13:54.0474 0x1550 Adobe ARM - ok
23:13:54.0537 0x1550 [ 2D32F0EF950AED6AD007D042676FD39E, 397B1FBDBCE64CA6B34206CC6DA6A484177C94C84C87FB9A5C457B24C7FAA03F ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
23:13:54.0542 0x1550 ATKOSD2 - ok
23:13:54.0563 0x1550 [ 0B50F07E63EE15383CDFDC26D7A3D3E3, B92316DA431BAF125F80A1B012337D84FBA9260D0C890A6B7BE9E5A8A461A1DA ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
23:13:54.0565 0x1550 ATKMEDIA - ok
23:13:54.0611 0x1550 [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
23:13:54.0613 0x1550 HControlUser - ok
23:13:54.0627 0x1550 [ 51C8885B6A00904C0252704C9FB0F43A, BF2F58E6697DB10F3D6FB3859FADC2CE1D3CDD318E487E02FDC2BE171AF6CA29 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
23:13:54.0628 0x1550 NUSB3MON - ok
23:13:54.0668 0x1550 [ 9166C1276B296BC78FA816CD8448CD32, 1D2BF20F9EA7665281E5F9FFE50A8127E4618CB76C6A47A27E7ACA196327C395 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
23:13:54.0672 0x1550 USB3MON - ok
23:13:54.0717 0x1550 [ 7E91655B4947EC1B18B3BC1645839145, 4425326D019A7A6380B71D6710AD94D58A11E1BC5BA42159DD4A17437A296C48 ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
23:13:54.0722 0x1550 AVP - ok
23:13:54.0802 0x1550 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:13:54.0836 0x1550 Sidebar - ok
23:13:54.0867 0x1550 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:13:54.0869 0x1550 mctadmin - ok
23:13:54.0892 0x1550 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:13:54.0908 0x1550 Sidebar - ok
23:13:54.0913 0x1550 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:13:54.0915 0x1550 mctadmin - ok
23:13:54.0976 0x1550 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
23:13:54.0996 0x1550 Sidebar - ok
23:13:55.0050 0x1550 [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
23:13:55.0066 0x1550 WinPatrol - ok
23:13:55.0110 0x1550 [ 6DBB642F7E171537DAFA07D098DCACDE, C54B10D5DED17A6A92A7B5244EAE965C96AC491474062EE6659E8A57F18F42A3 ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
23:13:55.0112 0x1550 RoboForm - ok
23:13:55.0113 0x1550 Waiting for KSN requests completion. In queue: 337
23:13:56.0113 0x1550 Waiting for KSN requests completion. In queue: 45
23:13:57.0114 0x1550 Waiting for KSN requests completion. In queue: 45
23:13:58.0114 0x1550 Waiting for KSN requests completion. In queue: 29
23:13:59.0114 0x1550 Waiting for KSN requests completion. In queue: 29
23:14:00.0114 0x1550 Waiting for KSN requests completion. In queue: 29
23:14:01.0114 0x1550 Waiting for KSN requests completion. In queue: 29
23:14:02.0188 0x1550 AV detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmiav.exe ( 13.0.2.558 ), 0x40000 ( disabled : updated )
23:14:02.0247 0x1550 FW detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmifw.exe ( 13.0.2.558 ), 0x40010 ( disabled )
23:14:02.0269 0x1550 Win FW state via NFP2: disabled
23:14:04.0738 0x1550 ============================================================
23:14:04.0738 0x1550 Scan finished
23:14:04.0738 0x1550 ============================================================
23:14:04.0745 0x13c8 Detected object count: 0
23:14:04.0745 0x13c8 Actual detected object count: 0
23:14:59.0614 0x05d4 Deinitialize success
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 23rd, 2014, 1:29 am

Hi SpecialEd19,

You wrote this a couple of days ago. Are you still having these issues?
The laptop seemed to be working much better after running the previous set of instructions but before too long (the next day) it was right back where it was with performance and hanging up instead of d/l web pages, etc.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 23rd, 2014, 1:50 am

In regular mode it hangs when trying to access web pages or download files, etc. Usually the home page on a website loads fairly quickly but sub pages hang. Say I went to my local newspapers site it would load quickly but when I click on an article it might hang until I stop and start the download, sometimes that helps. It runs much better in safe mode but still a bit slow.

Thanks,

Ed
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 23rd, 2014, 2:06 am

Hi SpecialEd19,

You should never ever run safe mode with networking on the internet. The built in safegards of the operating system, firewall and antivirus are not active and you leave your machine wide open for hacking or malware infection.

Step 1.
Registry Backup (TCRB)

Skip this if you have the program on your desktop.
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  4. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  6. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Right click the ComboFix.exe icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 23rd, 2014, 4:40 pm

ComboFix 14-09-22.01 - owner 09/23/2014 16:23:06.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8082.6309 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1409937465.bdinstall.bin
c:\programdata\1410018147.bdinstall.bin
c:\programdata\1410018152.bdinstall.bin
c:\users\owner\System
c:\users\owner\System\win_qs8.jqx
c:\users\owner\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2014-08-23 to 2014-09-23 )))))))))))))))))))))))))))))))
.
.
2014-09-23 20:28 . 2014-09-23 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-23 15:09 . 2013-11-11 23:25 64856 ----a-w- c:\windows\system32\klfphc.dll
2014-09-23 15:08 . 2011-06-02 18:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-09-23 15:08 . 2011-06-02 18:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2014-09-23 15:08 . 2014-09-23 15:08 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2014-09-23 15:08 . 2014-09-23 15:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-09-23 15:08 . 2014-09-23 18:13 92768 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-09-23 15:08 . 2014-09-23 18:13 628288 ----a-w- c:\windows\system32\drivers\klif.sys
2014-09-23 08:29 . 2014-09-15 06:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6EEA016-28A3-4609-B6B2-A8000AE7BC4A}\mpengine.dll
2014-09-22 15:47 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-22 15:46 . 2014-09-22 15:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 15:46 . 2014-09-22 15:47 -------- d-----w- c:\program files\iTunes
2014-09-22 15:46 . 2014-09-22 15:47 -------- d-----w- c:\program files (x86)\iTunes
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files\iPod
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files\Common Files\Apple
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files\Bonjour
2014-09-22 15:46 . 2014-09-22 15:46 -------- d-----w- c:\program files (x86)\Bonjour
2014-09-22 03:44 . 2014-09-22 03:44 -------- d-----w- c:\program files (x86)\MetaGeek
2014-09-22 02:46 . 2014-09-22 02:46 -------- d-----w- c:\program files\Angry IP Scanner
2014-09-20 02:54 . 2010-11-21 03:25 1212928 ----a-w- c:\program files\Windows Media Player\WMPDMC.exe
2014-09-20 02:53 . 2010-11-21 03:24 1212416 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll
2014-09-20 02:49 . 2010-11-21 03:25 1456128 ----a-w- c:\program files (x86)\Windows Photo Viewer\PhotoViewer.dll
2014-09-20 02:48 . 2010-01-10 01:34 1828608 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2014-09-20 02:47 . 2009-07-14 01:41 1071616 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwLatin.dll
2014-09-20 02:47 . 2010-11-21 03:23 745472 ----a-w- c:\program files\Common Files\System\Ole DB\msdasql.dll
2014-09-20 02:47 . 2009-07-14 01:15 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2014-09-20 02:47 . 2010-11-21 03:25 1221632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mip.exe
2014-09-20 02:47 . 2009-07-14 01:29 4305408 ----a-w- c:\program files\Microsoft Games\Minesweeper\MineSweeper.dll
2014-09-20 02:46 . 2009-07-14 01:15 1383936 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\micaut.dll
2014-09-20 02:45 . 2010-03-11 04:44 193928 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\LICLUA.EXE
2014-09-20 02:38 . 2010-11-21 03:25 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2014-09-20 02:37 . 2010-11-21 03:25 2484224 ----a-w- c:\program files\Windows Photo Viewer\ImagingEngine.dll
2014-09-20 02:33 . 2010-03-25 00:28 416096 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\C2RICONS.EXE
2014-09-18 03:53 . 2014-09-18 03:53 -------- d-----w- C:\_OTL
2014-09-15 21:53 . 2014-09-15 21:53 -------- d-----w- c:\program files (x86)\Notepad++
2014-09-15 13:43 . 2014-09-15 13:43 -------- d-----w- C:\zoek
2014-09-11 20:30 . 2014-09-18 03:49 -------- d-----w- C:\RegBackup
2014-09-11 20:24 . 2014-09-11 20:24 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-09-11 11:26 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 11:26 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 20:59 . 2014-09-20 03:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-09-10 11:24 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 11:24 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 11:16 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 11:16 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 11:15 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 11:15 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 11:15 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 11:15 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 11:15 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 11:15 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 11:15 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-08 16:23 . 2014-09-12 02:34 -------- d-----w- C:\FRST
2014-09-08 16:12 . 2014-09-08 16:12 -------- d-----w- c:\windows\ERUNT
2014-09-08 15:22 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-08 15:21 . 2014-09-08 15:23 -------- d-----w- C:\AdwCleaner
2014-09-07 17:16 . 2014-09-07 17:16 -------- d-----w- c:\programdata\Crossword Man
2014-09-07 17:16 . 2014-09-07 17:16 -------- d-----w- c:\program files (x86)\Crossword Man
2014-09-06 15:42 . 2014-09-06 15:42 -------- d-----w- c:\programdata\bdch
2014-09-05 20:12 . 2014-09-05 20:13 -------- d-----w- c:\windows\SysWow64\C2MP
2014-09-04 14:51 . 2014-09-23 19:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 12:50 . 2014-09-04 12:50 188304 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-03 18:38 . 2014-09-03 22:44 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-09-03 18:38 . 2014-09-20 02:53 -------- d-----w- c:\program files (x86)\Steam
2014-09-03 15:50 . 2014-09-03 15:50 -------- d-----w- c:\program files (x86)\Ruiware
2014-09-03 05:36 . 2014-09-03 05:36 -------- d-----w- c:\programdata\Golden Frog, GmbH
2014-09-03 05:33 . 2014-09-19 23:19 -------- d-----w- c:\program files (x86)\VyprVPN
2014-09-02 17:33 . 2014-09-02 17:35 -------- d-----r- c:\program files (x86)\Skype
2014-09-02 17:33 . 2014-09-02 17:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-02 17:33 . 2014-09-03 04:50 -------- d-----w- c:\programdata\Skype
2014-09-02 02:49 . 2014-09-02 02:49 -------- d-----w- c:\programdata\GNU
2014-09-02 02:49 . 2014-09-02 02:49 -------- d-----w- c:\program files (x86)\GNU
2014-09-01 20:47 . 2014-09-01 20:47 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia
2014-09-01 20:47 . 2014-09-01 20:47 -------- d-----w- c:\program files (x86)\Solveig Multimedia
2014-09-01 05:49 . 2014-09-01 05:51 -------- d-----w- c:\programdata\VirtualizedApplications
2014-09-01 05:49 . 2014-09-01 05:49 231768 ----a-w- c:\windows\system32\drivers\veracrypt.sys
2014-09-01 05:48 . 2014-09-01 05:49 -------- d-----w- c:\program files\VeraCrypt
2014-09-01 04:54 . 2014-09-01 04:54 -------- d-----w- c:\programdata\Stardock
2014-09-01 04:54 . 2014-09-01 04:54 -------- d-----w- c:\program files (x86)\Stardock
2014-09-01 04:01 . 2014-09-01 04:01 230840 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-09-01 03:50 . 2014-09-01 03:50 -------- d-----w- c:\program files\Axantum
2014-08-31 20:29 . 2014-09-20 02:49 -------- d-----w- c:\program files (x86)\Password Safe
2014-08-31 19:56 . 2014-08-31 19:56 -------- d-----w- c:\programdata\Hewlett-Packard
2014-08-31 19:56 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2014-08-31 18:24 . 2014-09-20 02:49 -------- d-----w- c:\program files (x86)\PhraseExpress
2014-08-31 18:24 . 2014-08-31 18:24 -------- d-----w- c:\programdata\PhraseExpress
2014-08-31 18:08 . 2014-09-20 02:52 -------- d-----w- c:\program files (x86)\Sonos
2014-08-31 18:08 . 2014-09-23 16:00 -------- d-----w- c:\programdata\Sonos,_Inc
2014-08-31 17:58 . 2014-09-23 15:08 -------- dc----w- c:\windows\system32\DRVSTORE
2014-08-31 17:58 . 2014-09-23 15:08 -------- d-----w- c:\windows\ELAMBKUP
2014-08-31 17:58 . 2014-09-23 19:37 -------- d-----w- c:\programdata\Kaspersky Lab
2014-08-31 17:14 . 2014-09-21 03:25 -------- d-----w- c:\program files (x86)\EfficientPIM
2014-08-31 16:36 . 2014-08-31 16:36 -------- d-----w- c:\programdata\RoboForm
2014-08-31 16:36 . 2014-08-31 16:36 -------- d-----w- c:\program files (x86)\Siber Systems
2014-08-30 20:35 . 2014-08-30 20:35 -------- d-----w- c:\programdata\Auslogics
2014-08-28 22:04 . 2013-09-17 14:47 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2014-08-28 21:57 . 2014-08-28 21:57 -------- d-----w- c:\program files (x86)\Renesas Electronics
2014-08-28 21:56 . 2014-08-28 21:56 -------- d-----w- c:\programdata\Downloaded Installations
2014-08-28 21:49 . 2014-08-28 21:49 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2014-08-28 21:39 . 2014-08-28 21:39 -------- d-----w- c:\windows\SysWow64\sda
2014-08-28 21:39 . 2012-06-13 22:24 9888912 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2014-08-28 21:39 . 2012-06-13 22:24 422544 ----a-w- c:\windows\system32\RtsUStor.dll
2014-08-28 21:39 . 2012-06-13 22:24 252048 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2014-08-28 21:31 . 2014-08-28 21:31 -------- d-----w- c:\program files\DIFX
2014-08-28 21:31 . 2014-08-28 21:41 -------- d-----w- c:\program files (x86)\ASUS
2014-08-28 21:28 . 2014-08-28 21:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2014-08-28 21:28 . 2014-08-28 21:39 -------- d-----w- c:\program files (x86)\Realtek
2014-08-28 21:27 . 2014-08-30 20:31 -------- d-----w- c:\windows\Panther
2014-08-28 21:22 . 2012-07-04 14:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2014-08-28 21:03 . 2014-08-30 07:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2014-08-28 21:03 . 2014-08-28 21:03 -------- d-----w- c:\windows\PCHEALTH
2014-08-28 21:03 . 2014-08-28 21:03 -------- d-----w- c:\program files\Microsoft Office
2014-08-28 21:00 . 2014-09-20 17:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-28 21:00 . 2014-08-28 21:00 -------- d-----w- c:\programdata\Malwarebytes
2014-08-28 21:00 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-28 21:00 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-28 21:00 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-28 21:00 . 2014-09-20 02:53 -------- d-----w- c:\program files\CDBurnerXP
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-28 20:59 . 2014-08-28 20:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-08-28 20:59 . 2014-09-22 15:46 -------- d-----w- c:\programdata\Apple Computer
2014-08-28 20:59 . 2014-08-28 20:59 -------- d-----w- c:\program files (x86)\QuickTime
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-23 18:13 . 2013-11-11 23:25 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-09-23 18:13 . 2012-08-02 19:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-09-15 13:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-08-28 18:39 . 2014-08-28 18:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-08-13 17:15 . 2014-08-13 17:15 45384 ----a-w- c:\windows\SysWow64\DiscHandler.exe
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-08-12 06:30 . 2014-08-12 06:30 4009984 ----a-w- c:\windows\system32\ffmpeg.dll
2014-08-12 06:30 . 2014-08-12 06:30 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2014-08-12 06:30 . 2014-08-12 06:30 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2014-08-12 06:30 . 2014-08-12 06:30 4374016 ----a-w- c:\windows\system32\ffdshow.ax
2014-08-12 06:29 . 2014-08-12 06:29 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2014-08-12 06:29 . 2014-08-12 06:29 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2014-08-12 06:29 . 2014-08-12 06:29 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2014-08-12 06:29 . 2014-08-12 06:29 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
2014-08-12 06:29 . 2014-08-12 06:29 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2014-08-12 06:29 . 2014-08-12 06:29 183296 ----a-w- c:\windows\system32\ff_unrar.dll
2014-08-12 06:29 . 2014-08-12 06:29 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2014-08-12 06:29 . 2014-08-12 06:29 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2014-08-12 02:30 . 2014-08-12 02:30 3916288 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2014-08-12 02:30 . 2014-08-12 02:30 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2014-08-12 02:30 . 2014-08-12 02:30 3502080 ----a-w- c:\windows\SysWow64\ffdshow.ax
2014-08-12 02:29 . 2014-08-12 02:29 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2014-08-12 02:29 . 2014-08-12 02:29 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2014-08-12 02:29 . 2014-08-12 02:29 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2014-08-12 02:29 . 2014-08-12 02:29 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2014-08-12 02:29 . 2014-08-12 02:29 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2014-08-12 02:29 . 2014-08-12 02:29 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2014-08-12 02:29 . 2014-08-12 02:29 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2014-08-12 02:29 . 2014-08-12 02:29 136704 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
2014-08-06 21:45 . 2014-08-06 23:31 11530960 ----a-w- c:\windows\system32\drivers\NETwsw00.sys
2014-07-23 04:12 . 2014-07-23 04:12 875680 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-23 01:10 . 2014-07-23 01:10 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-09-23 15:53 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-08-31 111320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-09-14 328064]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-10-17 205184]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-09-17 292088]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2014-9-19 22627624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VyprVPN;VyprVPN;c:\program files (x86)\VyprVPN\VyprVPNService.exe;c:\program files (x86)\VyprVPN\VyprVPNService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 veracrypt;veracrypt;c:\windows\system32\drivers\veracrypt.sys;c:\windows\SYSNATIVE\drivers\veracrypt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tapvyprvpn;TAP-VyprVPN Adapter V9;c:\windows\system32\DRIVERS\tapvyprvpn.sys;c:\windows\SYSNATIVE\DRIVERS\tapvyprvpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-20 03:22 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-28 20:54]
.
2014-09-23 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-08-18 01:05]
.
2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 20:52]
.
2014-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-28 20:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-09-23 16:08 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2014-05-22 3993744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2014-05-22 521872]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{20185106-24BF-49B3-9078-6EF5B190DF33}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\
FF - ExtSQL: 2014-08-31 12:36; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
FF - ExtSQL: 2014-08-31 14:55; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2014-08-31 14:55; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2014-09-05 16:15; {32da2f20-827d-40aa-a3b4-2fc4a294352e}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}
FF - ExtSQL: 2038-01-18 20:14; betteryoutube@ginatrapani.org; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\betteryoutube@ginatrapani.org
FF - ExtSQL: !HIDDEN! 2014-08-31 12:36; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-EfficientPIM - (no file)
AddRemove-Stardock Fences 2 - c:\program files (x86)\Stardock\Fences\uninstall.exe
AddRemove-TeamViewer 9 - c:\program files (x86)\TeamViewer\Version9\uninstall.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-23 16:29:54
ComboFix-quarantined-files.txt 2014-09-23 20:29
.
Pre-Run: 529,126,973,440 bytes free
Post-Run: 528,995,811,328 bytes free
.
- - End Of File - - 8941B506975B3895C21CB2B9803F862E
A36C5E4F47E84449FF07ED3517B43A31
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 26th, 2014, 2:36 pm

Hi SpecialEd19,

I sincerly apologize for the late responce.
Life occasionally happens and it was my turn.

How is the computer operating?
Specifically, how did it operate after running ComboFix;
and how does it operate now?

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:
  • Launch the application.
  • One of 2 things will happen:
    • The program will be so outdated that it will automatically invoke a complete re-install; or
    • The program will check, update the database and then run.
    If it does a complete re-install, be sure to follow the prompts.
  • Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Also if you have run Malwarebytes since running ComboFix prior to this, post those logs please.


Please include in your next reply:
  1. Response to my questions
  2. Contents of any malwarebyte logs since running Combofix including now.
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 26th, 2014, 4:48 pm

No problem, I hope everything is ok. The laptop has been running very badly, at least when trying to make internet connections. Regular offline desk work is fine. My connections are intermittent and ridiculously slow when I do have one. I have to use another laptop to d/l the files you request me to run and transfer them with a thumb drive. Honestly, I don't know if I think it's a malware issue anymore, but my wireless drivers are allegedly correct and working.

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/09/07 11:11:52 -0400</date>

<logfile>mbam-log-2014-09-07 (11-11-50).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.09.07.02</malware-database>

<rootkit-database>v2014.08.21.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>owner</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>301143</objects>

<time>424</time>

<processes>0</processes>

<modules>0</modules>

<keys>7</keys>

<values>0</values>

<datas>1</datas>

<folders>46</folders>

<files>239</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\INPROCSERVER32</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3209393520-565817868-2189237008-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>a42ace1c146738fe66304e6a09f85da3</hash>

</key>


-<key>

<path>HKU\S-1-5-21-3209393520-565817868-2189237008-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection</path>

<vendor>PUP.Optional.MyEmoticons.A</vendor>

<action>success</action>

<hash>27a77f6b2358a591f709041f887bcd33</hash>

</key>


-<data>

<path>HKU\S-1-5-21-3209393520-565817868-2189237008-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>

<valuename>Start Page</valuename>

<vendor>PUP.Optional.Spigot.A</vendor>

<action>replaced</action>

<valuedata>https://search.yahoo.com/?type=888596&fr=spigot-yhp-ie</valuedata>

<baddata>https://search.yahoo.com/?type=888596&fr=spigot-yhp-ie</baddata>

<gooddata>www.google.com</gooddata>

<hash>def0c723cfac4fe76e44598dec1810f0</hash>

</data>


-<folder>

<path>C:\Users\owner\AppData\Roaming\OpenCandy</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>eae4a2487a0166d0ffc0deeb8f739a66</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\OpenCandy\960D03B5A7F243688EEE82E708D746B4</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>eae4a2487a0166d0ffc0deeb8f739a66</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\resources</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales\en-US</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\components</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\META-INF</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Assemblies</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Assemblies\1</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\images</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\inline</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\GAC</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<folder>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Settings</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</folder>


-<file>

<path>C:\Users\owner\AppData\Roaming\Browser Extensions\Coupons64.dll</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Browser Extensions\Coupons.dll</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>0dc164868fec1a1c63610f7430d20bf5</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\OpenCandy\960D03B5A7F243688EEE82E708D746B4\frostwire-5.7.4-premium.exe</path>

<vendor>PUP.Optional.OpenCandy</vendor>

<action>success</action>

<hash>4b83b931275460d6e9093bdb976e2dd3</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Search Protection\Uninstall.exe</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>a42ace1c146738fe66304e6a09f85da3</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Local\Temp\~spF904.tmp</path>

<vendor>PUP.Optional.Spigot</vendor>

<action>success</action>

<hash>f9d5f7f3f6856ccaf6a01a9e778af60a</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Search Protection\SearchProtection.exe</path>

<vendor>PUP.Optional.SearchProtection.A</vendor>

<action>success</action>

<hash>d3fb8268512ac076345a3ceb8c77629e</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Browser Extensions\CouponsHelper.exe</path>

<vendor>PUP.Optional.Spigot.A</vendor>

<action>success</action>

<hash>7e507e6cbbc0d462d6a091c663a1f20e</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\chrome.manifest</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\install.rdf</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\.DS_Store</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser\.background.jsm.swp</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser\background.jsm</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser\bg.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser\browser.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser\browser.xul</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\browser\timer.jsm</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_de.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_en-gb.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_en_us.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_fr.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_he.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_it.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_pt-br.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_ru.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\data\favorites_tr.json</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\crypto-js.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\jquery-2.0.2.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\jquery.autocomplete.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\jquery.balloon.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\jquery.fittext.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\jquery.Jcrop.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\jquery.simplecolorpicker.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\mustache.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\string.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external\underscore-min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab\gallery.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab\gallery.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab\newtab.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab\newtab.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab\search.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\newtab\search.min.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences\prefs-sys.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences\prefs.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\foundation.min.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\indicator.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\Jcrop.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\jquery.autocomplete.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\jquery.Jcrop.min.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\jquery.simplecolorpicker.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\external\normalize.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\arrow-gallery-cat-selected.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\arrow.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\emptyArea.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\gallery.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\gallery_templates.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\icon-gallery-search.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\not_available_32.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\plus.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\Thumbs.db</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\gallery\X.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons\128.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons\16.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons\48.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons\Thumbs.db</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\buttons.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\footer.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\header.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\list.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\newtab.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\search.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\css\themes.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\ajax-loader-2.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\ajax-loader-bar.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\ajax-loader-medium.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\ajax-loader-small.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\ajax-loader.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\arrow-footer.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\arrow-header.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\attachment.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\close.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\edit-button.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\icon-chrome.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\icon-edit.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\icon-layout.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\icon-plus.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\icon-theme.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\menu_v.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\provider.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\Thumbs.db</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\x-button.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\arab_tile.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\batthern_@2X.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\bo_play_pattern_@2X.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\dark_wood_@2X.jpg</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\diagonal_striped_brick.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\escheresque_ste_@2X.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\gold_scale.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\purty_wood_@2X.jpg</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\readme.txt</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\starring_@2X.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\weave_@2X.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\wild_oliva_@2X.jpg</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\images\patterns\woven.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\resources\list.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\newtab\resources\menu.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\activetabs.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\favorites.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\layout.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\modal-fav-add.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\modal-fav-edit.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\modal-fav-group.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\recentlyclosed.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\css\theme.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\bookmarks.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\download.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\downloads.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\downloas.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\extensions.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\history.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\settings.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\chrome\trash.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites\empty.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites\error.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\favorites\shadow.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info\contactus.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info\facebook.ico</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info\rateus.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\images\info\twitter.ico</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\activetabs.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\favorites.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\layout.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\modal-fav-add.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\modal-fav-edit.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\modal-fav-group.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\recentlyclosed.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\plugins\resources\theme.html</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\_locales\en-US\translations.dtd</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>f0de21c9a9d2a4921f56ca05d032e818</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\chrome.manifest</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\install.rdf</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\components\FFDisp.dll</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\dpk.htm</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\hlprs.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\loader.xul</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\mtstart.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.css</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.xul</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\serp.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\tmplt.js</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\arwDwn.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\closeo.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\help_16.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\home.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\icon_seperator.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\logo.PNG</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\privecy_16_hot.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 26th, 2014, 4:49 pm

-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\sign.jpg</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\specialoffer.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\tellafriend.gif</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ae.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\bg.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ch.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cn.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cz.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\de.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\eg.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\en.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\es.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\fr.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\gr.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\he.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\il.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\it.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ja.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\jp.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\nl.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\no.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pl.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pt.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ro.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ru.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sa.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\se.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sv.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\tr.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ua.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\us.png</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\META-INF\manifest.mf</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.rsa</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.sf</path>

<vendor>PUP.Optional.MySearchDial.A</vendor>

<action>success</action>

<hash>13bbfded83f82610d0a63b94a0628a76</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\AuthorizedURLs.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\BHO.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\config.cfg</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\config.json</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Desktop.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\EventLog.txt</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\install.log</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\TabsSearch.txt</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Toolbar.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\usersettings.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\version.txt</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Assemblies\1\BrowserObjects.dll</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Assemblies\1\Inline.dll</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\assemblyConfig.json</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\bg.html</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\content.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\inline.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\inline_content.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\listenerConfig.json</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\manifest.json</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Chrome\settingsConfig.json</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome.manifest</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\FFAboutBlankSearch.txt</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\install.rdf</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\Toolbar.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\browserwindow.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\browserwindow.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\fileio.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\json.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\login.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\menu.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\share_link.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\sidebar.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\sidebar.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\Thumbs.db</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\toolbar.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\toolbar.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\toolbarsidebarshared.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\update_status.xul</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\windows.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\images\hidden.png</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Firefox\playbryte@playbryte.com\chrome\content\inline\inline.js</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\GAC\AxSHDocVw.dll</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\GAC\SHDocVw.dll</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Settings\InstallPixel.txt</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Settings\ping.dat</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Settings\ToolbarPrefs.txt</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\LocalLow\Playbryte\Settings\UpdaterSettings.xml</path>

<vendor>PUP.Optional.PlayBryte</vendor>

<action>success</action>

<hash>f5d9ae3c74073006a275906112f0da26</hash>

</file>


-<file>

<path>C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\prefs.js</path>

<vendor>PUP.Optional.Spigot.A</vendor>

<action>replaced</action>

<baddata>user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=888596&fr=spigot-yhp-ff");</baddata>

<gooddata/>

<hash>ddf1c129aad1e45238c089999471c13f</hash>

</file>

</items>

</mbam-log>

P.S. FYI, on my Windows 7 system the path for the Malwarebytes logs is: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs Documents and Settings and Application Data do not exist.

Thanks,

Ed
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 27th, 2014, 12:52 am

Hi SpecialEd19,

Sorry about the location for logs, I think that was for the XP OS.

Try this location:
C:\Users\Username\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

It is the location on my Windows 7 Home Premium. Post any logs you find in there since running ComboFix. ComboFix 14-09-22.01 - owner 09/23/2014

The .XML file you posted is not something I can use.

After posting the logs, please run FRST in the following manner:


Step 1.
FRST in Recovery Environment
Please download FRST64.exe ... by Farbar. Save it to a FLASH drive.

  1. Plug the flashdrive into the infected PC.
  2. Enter System Recovery Options. Use either A or B.
    1. To enter System Recovery Options from the Boot Menu ....
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
      • Use the arrow keys to select Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    2. To enter System Recovery Options by using Windows installation disk ....
      • Insert the installation disk.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc.
      • If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Choose your language settings, and then click Next.
      • Click Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
  3. In the System Recovery Options Menu you will see the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Scan your computer's memory for errors.
      Command Prompt
    1. Select Command Prompt
      • In the command window type in notepad and press Enter.
      • Notepad will open.
        Under File menu select Open.
      • Select "Computer" and find your flash drive letter.
      • Close Notepad.
    2. In the command window type E:\frst.exe and press Enter. (Note: Replace letter E with the drive letter of your flash drive.)
  4. The tool will start to run.
  5. When the tool opens click Yes to disclaimer.
  6. Press Scan button.
  7. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Step 2.
  • Download MBRfix.zip and save it to your desktop.
  • Open the zipped folder, copy MBRfix and paste to your flash drive that has FRST on it.
  • Open notepad.
  • Copy the words in the quote box below but do not copy the word quote.
    SaveMbr: Drive=0
  • Paste this to the open notepad. Save it as "FIXLIST.TXT to your flash drive.

  1. Plug the flashdrive into the infected PC.
  2. Enter System Recovery Options.
    1. To enter System Recovery Options from the Boot Menu ....
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
      • Use the arrow keys to select Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    2. To enter System Recovery Options by using Windows installation disk ....
      • Insert the installation disk.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc.
      • If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Choose your language settings, and then click Next.
      • Click Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
  3. In the System Recovery Options Menu you will see the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
    1. Select Command Prompt
      • In the command window type in notepad and press Enter.
      • Notepad will open.
        Under File menu select Open.
      • Select "Computer" and find your flash drive letter.
      • Close Notepad.
      • In the command window type E:\frst.exe and press Enter. (Note: Replace letter E with the drive letter of your flash drive.)
    2. The tool will start to run.
    3. When the tool opens click Yes to disclaimer.
    4. Press FIX button.
    5. It will make 2 files; Fixlog.txt and MBRDUMP.txt on the flash drive.
    6. Attach MBRDUMP.txt to your next reply.
    7. Please copy and paste the contents of Fixlog.txt to your reply as well.


What I need back from you:
Post each separately.
  1. Contents of FRST.txt
  2. Contents of Fixlog.txt
  3. MBRDUMP.txt as an attachment.
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware