# WIFI signals and connection hardships, combined with crash/ freezing issues



## ufah (May 27, 2014)

Hi thanks for taking the time to read this post ,

I've been having trouble whenever I try to connect wirelessly for almost two months.

Here is what happens: It is not easy to connect from a series of available WIFI,due to poor signal and this happens in places where I used to connect rapidly. Also, I get constantly disconnected, again due to poor or non existent WIFI signal. Since all this started to take place I have to connect practically next to a/the modem (in desperate instances, I even have to use an Ethernet cable), whereas previously distance to the router did not seemed to influence the signal I was getting or the possibility of connecting. What I mean is, I could get fairly good signal within the limited possible distance to connect to a modem.
Moreover, the system started to crash often, specially if using a few programs. This is a pretty new machine, so again it is evident that something out of place is occurring. While surfing the net, it may freeze the whole window or tab. Other times the system becomes painfully slow, all of which did not occurred before. All these various malfunctions commenced 45 days ago more or less.

So far I've tried NPE, since I use w8 tried the option of refreshing the computer, but nothing has helped.
Here is all the requested logs
I thank you in advance for your time and consideration.


----------



## ufah (May 27, 2014)

Hi I'm *bumping* after almost a month of posting a first message requesting assistance, sorry I made other two replies before (regarding the very same issue), but forgot to try this 

kind regards,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:15 PM, on 27/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\felicia\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Monitor Ink Alerts - HP Deskjet 2540 series.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7557 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.55.2 Run by felicia at 23:40:44 on 2014-05-27 Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.3525.2361 [GMT 13:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Program Files\CyberLink\Shared files\RichVideo64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer Launch Manager\LMTray.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe C:\Program Files\Acer\Acer Power Management\ePowerTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\felicia\Desktop\b30z2qgr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:Tabs uDefault_Page_URL = hxxp://acer13.msn.com mWinlogon: Userinit = userinit.exe BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coieplg.dll mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" StartupFolder: C:\Users\felicia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MONITO~1.LNK - C:\Windows\System32\RunDll32.exe TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\3486160756C602341666665656 : DHCPNameServer = 203.12.160.35 203.12.160.36 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\8457E676279702A41636B6723702642554540275966496 : DHCPNameServer = 203.134.64.66 203.134.65.66 SSODL: WebCheck - <orphaned> x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\7wx59cmx.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-23 752672] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-23 335784] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1503000.00C\symds64.sys [2014-5-16 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1503000.00C\symefa64.sys [2014-5-16 1148120] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sy s [2014-5-10 1530160] R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\Drivers\NISx64\1503000.00C\ccsetx64.sys [2014-5-16 162392] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140526.001\IDSviA64.sys [2014-5-27 525016] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\ironx64.sys [2014-5-16 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\symnets.sys [2014-5-16 593112] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-13 241152] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-4-15 228480] R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-3-15 431656] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2013-4-13 237920] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-4-13 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-4-13 177144] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe [2014-5-16 276376] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-5-19 390672] R3 AthrSdSrv;AthrSdSrv;C:\Windows\System32\Drivers\athrsd.sys [2013-4-13 48760] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-13 94208] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-6-2 34384] R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-3-15 662088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-4-5 137648] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-4-13 119528] R3 LMDriver;Launch Manager Wireless Driver;C:\Windows\System32\Drivers\LMDriver.sys [2013-1-10 21360] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-23 300392] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-23 513456] R3 RadioShim;Shim for HID-KMDF Interface layer;C:\Windows\System32\Drivers\RadioShim.sys [2013-1-10 15704] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-6-2 58536] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-19 66712] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\symelam.sys [2014-5-16 23568] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-6-2 89168] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-6-2 346192] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-6-2 115280] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-6-2 179432] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-6-2 77464] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-6-2 136784] S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-2 584272] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-23 69672] S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-23 106112] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] . =============== File Associations =============== . FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -o "%1" [UserChoice] . =============== Created Last 30 ================ . 2014-05-24 05:40:55 258224	----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin 2014-05-19 08:12:58	--------	d-----w-	C:\{095B0246-4EB6-45B9-B1BE-536097A0BDDA} 2014-05-19 08:11:44	--------	d-----w-	C:\Windows\Downloaded Installations 2014-05-18 00:52:34	--------	d-----w-	C:\Program Files (x86)\VideoLAN 2014-05-16 00:13:21	593112	----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\symnets.sys 2014-05-16 00:13:20	875736	----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\srtsp64.sys 2014-05-16 00:13:20	493656	----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symds64.sys 2014-05-16 00:13:20	36952	----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\srtspx64.sys 2014-05-16 00:13:20	264280	----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ironx64.sys 2014-05-16 00:13:20	23568	----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symelam.sys 2014-05-16 00:13:20	162392	----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys 2014-05-16 00:13:20	1148120	----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\symefa64.sys 2014-05-16 00:13:04	--------	d-----w- C:\Windows\System32\drivers\NISx64\1503000.00C 2014-05-15 10:02:37 2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb 2014-05-15 10:02:37 2706432	----a-w-	C:\Windows\System32\mshtml.tlb 2014-05-15 10:00:33 78336	----a-w-	C:\Windows\System32\drivers\IPMIDrv.sys 2014-05-15 10:00:33	621568	----a-w-	C:\Windows\System32\drivers\srv2.sys 2014-05-15 10:00:33	370688	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys 2014-05-15 10:00:33	247808	----a-w- C:\Windows\System32\drivers\srvnet.sys 2014-05-15 10:00:33	215040 ----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys 2014-05-15 10:00:33 1120768	----a-w-	C:\Windows\System32\gpedit.dll 2014-05-15 10:00:33 1075200	----a-w-	C:\Windows\SysWow64\gpedit.dll 2014-05-11 08:53:18 965232	----a-w-	C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll 2014-05-11 08:53:18	1266800	----a-w-	C:\Program Files (x86)\Mozilla Firefox\icuin52.dll 2014-05-11 08:53:18	10594416	----a-w-	C:\Program Files (x86)\Mozilla Firefox\icudt52.dll 2014-05-08 13:48:42	227704 ----a-w-	C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2014-05-06 09:11:17	693760	----a-w-	C:\Windows\System32\WSShared.dll 2014-05-06 09:11:17	628024	----a-w- C:\Windows\System32\NotificationUI.exe 2014-05-06 09:11:17	566784 ----a-w-	C:\Windows\SysWow64\WSShared.dll 2014-05-06 09:11:16	163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-06 09:11:16	124928	----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll . ==================== Find3M ==================== . 2014-05-27 06:57:06 65536	----a-w-	C:\Windows\System32\spu_storage.bin 2014-05-01 20:37:50 78296	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-01 20:37:50	694240	----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-04-21 09:08:45	96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-12 09:27:03 172888	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 09:10:31	578048	----a-w-	C:\Windows\System32\winlogon.exe 2014-04-12 09:09:43	208896	----a-w-	C:\Windows\System32\wdigest.dll 2014-04-12 09:09:39	1043968	----a-w-	C:\Windows\System32\usercpl.dll 2014-04-12 09:09:34	94720	----a-w-	C:\Windows\System32\TSpkg.dll 2014-04-12 09:09:19	588288	----a-w-	C:\Windows\System32\SHCore.dll 2014-04-12 09:08:37	318464	----a-w-	C:\Windows\System32\msv1_0.dll 2014-04-12 09:08:17	439808	----a-w-	C:\Windows\System32\lsm.dll 2014-04-12 09:08:17 1281536	----a-w-	C:\Windows\System32\lsasrv.dll 2014-04-12 09:08:10 827904	----a-w-	C:\Windows\System32\kerberos.dll 2014-04-12 09:07:36 20480	----a-w-	C:\Windows\System32\credssp.dll 2014-04-12 07:23:59 178688	----a-w-	C:\Windows\SysWow64\wdigest.dll 2014-04-12 07:23:52 961536	----a-w-	C:\Windows\SysWow64\usercpl.dll 2014-04-12 07:23:49 76800	----a-w-	C:\Windows\SysWow64\TSpkg.dll 2014-04-12 07:23:40	452608 ----a-w-	C:\Windows\SysWow64\SHCore.dll 2014-04-12 07:23:14	273920 ----a-w-	C:\Windows\SysWow64\msv1_0.dll 2014-04-12 07:22:58	666624 ----a-w-	C:\Windows\SysWow64\kerberos.dll 2014-04-12 07:22:33	17408 ----a-w-	C:\Windows\SysWow64\credssp.dll 2014-04-12 06:58:06	14848 ----a-w-	C:\Windows\System32\workerdd.dll 2014-04-01 13:34:26	177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2014-03-28 19:19:38	35856 ----a-w-	C:\Windows\System32\drivers\WdBoot.sys 2014-03-28 08:23:00 1287168	----a-w-	C:\Windows\System32\schedsvc.dll 2014-03-23 22:11:52 269592	----a-w- C:\Windows\System32\drivers\WdFilter.sys 2014-03-11 03:32:43	6987096 ----a-w-	C:\Windows\System32\ntoskrnl.exe 2014-03-11 03:25:51	100184 ----a-w-	C:\Windows\System32\drivers\ksecdd.sys 2014-03-11 00:41:55 323072	----a-w-	C:\Windows\SysWow64\schannel.dll 2014-03-11 00:41:51 559104	----a-w-	C:\Windows\SysWow64\objsel.dll 2014-03-11 00:41:24	38400 ----a-w-	C:\Windows\SysWow64\dimsroam.dll 2014-03-11 00:39:12	35840 ----a-w-	C:\Windows\System32\lsass.exe 2014-03-11 00:38:58	27648 ----a-w-	C:\Windows\System32\sspisrv.dll 2014-03-11 00:38:58	164864 ----a-w-	C:\Windows\System32\sspicli.dll 2014-03-11 00:38:53	419328 ----a-w-	C:\Windows\System32\schannel.dll 2014-03-11 00:38:47	684032 ----a-w-	C:\Windows\System32\objsel.dll 2014-03-11 00:38:31	982016 ----a-w-	C:\Windows\System32\KernelBase.dll 2014-03-11 00:38:23	45056 ----a-w-	C:\Windows\System32\dimsroam.dll 2014-03-11 00:38:23	179712 ----a-w-	C:\Windows\System32\dpapisrv.dll 2014-03-10 03:05:14	668160 ----a-w-	C:\Windows\SysWow64\KernelBase.dll 2014-03-10 01:27:03	99840 ----a-w-	C:\Windows\SysWow64\sspicli.dll 2014-03-07 00:48:11	1766400 ----a-w-	C:\Windows\SysWow64\wininet.dll 2014-03-07 00:47:24	2877952 ----a-w-	C:\Windows\SysWow64\jscript9.dll 2014-03-07 00:08:30	2240000 ----a-w-	C:\Windows\System32\wininet.dll 2014-03-07 00:08:27	915968 ----a-w-	C:\Windows\System32\uxtheme.dll 2014-03-07 00:08:06	3959808 ----a-w-	C:\Windows\System32\jscript9.dll 2014-03-03 23:07:48	570216 ----a-w-	C:\Windows\System32\drivers\cng.sys 2008-01-13 04:15:00	75144 ----a-w-	C:\Program Files\M2tsReadFilter.ax 2007-12-20 05:30:46	288136 ----a-w-	C:\Program Files\HDCopy.exe 2007-12-13 14:59:54	274312	----a-w- C:\Program Files\MediaEditor.dll 2007-12-13 14:03:44	120200	----a-w- C:\Program Files\M2tsManager.dll 2007-12-05 15:54:44	83336	----a-w- C:\Program Files\HDForm.exe 2007-12-05 15:54:44	148872	----a-w- C:\Program Files\HDWriter.exe 2007-12-05 14:51:38	68488	----a-w- C:\Program Files\SPTICtrl.dll 2007-12-05 14:51:38	43912	----a-w- C:\Program Files\StillCtrlManager.dll 2007-12-05 14:51:34	64392 ----a-w- C:\Program Files\RWEngine.dll 2007-12-05 14:51:34	44424	----a-w- C:\Program Files\SDFSLayer.dll 2007-12-05 14:51:30	693128	----a-w- C:\Program Files\RenderingEngine.dll 2007-12-05 14:51:30	230792	----a-w- C:\Program Files\PowerCheck.exe 2007-12-05 14:51:28	107912	----a-w- C:\Program Files\PictureLib.dll 2007-12-05 14:51:26	49032	----a-w- C:\Program Files\PicResize.dll 2007-12-05 14:51:24	54664	----a-w- C:\Program Files\Mpeg2SDK.dll 2007-12-05 14:51:22	353672	----a-w- C:\Program Files\MicsFsUDF_AH.dll 2007-12-05 14:51:20	71048	----a-w- C:\Program Files\MicsArch.dll 2007-12-05 14:51:20	132488	----a-w- C:\Program Files\MicsFSHDDW32_AH.dll 2007-12-05 14:49:58	62856	----a-w- C:\Program Files\AvchdPushElement.ax 2007-12-05 14:48:54	165256 ----a-w- C:\Program Files\MSEditCore.dll 2007-12-05 14:48:52	91528 ----a-w- C:\Program Files\HDEditor.exe 2007-12-05 14:48:50	79240 ----a-w- C:\Program Files\ExportParameter.dll 2007-12-05 14:48:50	58760 ----a-w- C:\Program Files\DeviceSelect.dll 2007-12-05 14:48:48	415112 ----a-w- C:\Program Files\AVCHDPlugin.dll 2007-08-20 05:33:02	2108416 ----a-w- C:\Program Files\meimpgvout.004 2007-08-20 05:33:00	2830336 ----a-w- C:\Program Files\meimpgvdec.dll 2007-08-20 05:33:00	2062848 ----a-w- C:\Program Files\meimpgvout.001 2007-08-20 05:33:00	2060288 ----a-w- C:\Program Files\meimpgvout.002 2007-08-20 05:33:00	2051584 ----a-w- C:\Program Files\meimpgvout.003 2007-08-20 05:33:00	147456 ----a-w- C:\Program Files\meimuxmpeg.ax 2007-08-20 05:33:00	13312 ----a-w- C:\Program Files\meimpgvout.dll 2007-08-20 05:32:58	90112 ----a-w- C:\Program Files\meievmpeg.ax 2007-08-20 05:32:58	86016 ----a-w- C:\Program Files\meidsmpeg.ax 2007-08-20 05:32:58	61440 ----a-w- C:\Program Files\meieampeg.ax 2007-08-20 05:32:58	516096 ----a-w- C:\Program Files\MCMux_HDMV.ax 2007-08-20 05:32:58	434176 ----a-w- C:\Program Files\meimpegin.dll 2007-08-20 05:32:58	225280 ----a-w- C:\Program Files\meimpgmux.dll 2007-08-20 05:32:58	208896 ----a-w- C:\Program Files\meimpgaout.dll 2007-08-20 05:32:58	155648 ----a-w- C:\Program Files\meimpgdmux.dll 2007-08-20 05:32:58	106496 ----a-w- C:\Program Files\meimpgadec.dll 2007-08-20 05:32:56	73728 ----a-w- C:\Program Files\mch264vout.dll 2007-08-20 05:32:56	1167360 ----a-w- C:\Program Files\mch264vout.001 2007-04-19 09:46:14	127488 ----a-w- C:\Program Files\srscaler.dll 2007-04-19 09:46:12	208896 ----a-w- C:\Program Files\mcscaler.ax 2007-03-07 06:00:02	91736 ----a-w- C:\Program Files\lffax14N.dll 2007-03-07 06:00:02	442368 ----a-w- C:\Program Files\LTkrn14N.dll 2007-03-07 06:00:02	38488 ----a-w- C:\Program Files\LTWND14N.DLL 2007-03-07 06:00:02	38488 ----a-w- C:\Program Files\lflmb14N.dll 2007-03-07 06:00:02	370264 ----a-w- C:\Program Files\lfCMP14N.DLL 2007-03-07 06:00:02	267864 ----a-w- C:\Program Files\LTDIS14N.dll 2007-03-07 06:00:02	243288 ----a-w- C:\Program Files\LTefx14N.dll 2007-03-07 06:00:02	161368 ----a-w- C:\Program Files\LTfil14N.DLL . ============= FINISH: 23:41:41.26 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 10/12/2013 3:02:37 AM System Uptime: 26/05/2014 10:56:43 PM (25 hours ago) . Motherboard: Acer | | Aspire E1-522 Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics | Socket FT1 | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 138.816 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Bluetooth USB Adapter Device ID: USB\VID_04CA&PID_300B\5&1FFA7C5&0&2 Manufacturer: Qualcomm Atheros Communications Name: Bluetooth USB Adapter PNP Device ID: USB\VID_04CA&PID_300B\5&1FFA7C5&0&2 Service: BTHUSB . ==== System Restore Points =================== . RP32: 6/05/2014 10:32:47 PM - Windows Update RP33: 14/05/2014 10:44:16 PM - Scheduled Checkpoint RP34: 18/05/2014 1:29:05 AM - Installed HD Writer 2.5E for HDC RP35: 19/05/2014 9:11:47 PM - Installed MainConcept AVCHD Transcoder v. 2.1 RP36: 20/05/2014 9:55:19 AM - Restore Operation . ==== Installed Programs ====================== . clear.fi SDK- Movie 2 clear.fi SDK - Video 2 Acer Device Fast-lane Acer Launch Manager Acer Power Management Acer Recovery Management Adobe Flash Player 13 Plugin Adobe Reader XI (11.0.07) AMD Accelerated Video Transcoding AMD Catalyst Install Manager AMD VISION Engine Control Center Apple Application Support Apple Software Update Bonjour Caesar IV Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish clear.fi Media Compatibility Pack for the 2007 Office system CyberLink PowerDirector 12 CyberLink PowerDVD 13 HP Deskjet 2540 series Basic Device Software Identity Card iTunes Java 7 Update 55 Java Auto Updater Live Updater MainConcept AVCHD Transcoder v. 2.1 Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Mozilla Firefox 29.0.1 (x86 en-US) MySQL Connector/ODBC 3.51 NewBlue Video Essentials for PowerDirector Norton Internet Security OEM Application Profile Office Addin OpenOffice 4.0.1 QCA CardReader Driver Installer Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Qualcomm Atheros WLAN and Bluetooth Client Installation Program QuickTime 7 Realtek High Definition Audio Driver Shared C Run-time for x64 Synaptics Pointing Device Driver Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) VLC media player 2.1.3 . ==== Event Viewer Messages From Past Week ======== . 26/05/2014 10:58:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000504, 0x0000000000000503, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052614-34226-01. 21/05/2014 2:40:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8003f443b0, 0xfffff880064e7c64, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052114-29281-01. 20/05/2014 9:50:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800846e010, 0xfffff88006316aac, 0xffffffffc0000001, 0x0000000000000003). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052014-43071-01. 20/05/2014 10:41:47 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-27 23:47:31
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a TOSHIBA_MQ01ABD050 rev.AX003J 465.76GB
Running: b30z2qgr.exe; Driver: C:\Users\felicia\AppData\Local\Temp\pglorpog.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff800982dd3dc 1 byte [31]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [720:752] fffff960009775e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Cheers


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Please run new scans of DDS and HijackThis. Skip GMER for now. The scans you posted are about a month old.

wbg


----------



## ufah (May 27, 2014)

Thanks for your reply will do the scans again as soon as I can, by this avo 

regards,

U


----------



## ufah (May 27, 2014)

Hi WBG,

Here is HijackThis & DDS fresher posts :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:34:58 PM, on 27/06/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16921)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\felicia\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Monitor Ink Alerts - HP Deskjet 2540 series.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6959 bytes

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 10/12/2013 3:02:37 AM System Uptime: 26/06/2014 10:35:25 PM (17 hours ago) . Motherboard: Acer | | Aspire E1-522 Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics | Socket FT1 | 1500/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 139.358 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30) Device ID: PCI\VEN_1969&DEV_10A1&SUBSYS_076B1025&REV_13\4&110AC11B&0&0012 Manufacturer: Qualcomm Atheros Name: Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30) PNP Device ID: PCI\VEN_1969&DEV_10A1&SUBSYS_076B1025&REV_13\4&110AC11B&0&0012 Service: L1C . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Bluetooth USB Adapter Device ID: USB\VID_04CA&PID_300B\5&1FFA7C5&0&2 Manufacturer: Qualcomm Atheros Communications Name: Bluetooth USB Adapter PNP Device ID: USB\VID_04CA&PID_300B\5&1FFA7C5&0&2 Service: BTHUSB . ==== System Restore Points =================== . RP38: 7/06/2014 4:36:12 AM - Scheduled Checkpoint RP39: 11/06/2014 9:48:48 PM - Windows Update RP40: 22/06/2014 12:51:44 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . clear.fi SDK- Movie 2 clear.fi SDK - Video 2 Acer Device Fast-lane Acer Launch Manager Acer Power Management Acer Recovery Management Adobe Flash Player 13 Plugin Adobe Reader XI (11.0.07) AMD Accelerated Video Transcoding AMD Catalyst Install Manager AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Caesar IV Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish clear.fi Media Compatibility Pack for the 2007 Office system CyberLink PowerDirector 12 CyberLink PowerDVD 13 HP Deskjet 2540 series Basic Device Software Identity Card iTunes Live Updater MainConcept AVCHD Transcoder v. 2.1 Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Mozilla Firefox 30.0 (x86 en-US) Mozilla Maintenance Service MySQL Connector/ODBC 3.51 NewBlue Video Essentials for PowerDirector Norton Internet Security OEM Application Profile Office Addin OpenOffice 4.0.1 QCA CardReader Driver Installer Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Qualcomm Atheros WLAN and Bluetooth Client Installation Program QuickTime 7 Realtek High Definition Audio Driver Shared C Run-time for x64 Synaptics Pointing Device Driver Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) VLC media player 2.1.3 . ==== Event Viewer Messages From Past Week ======== . 25/06/2014 2:38:46 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s). 24/06/2014 3:37:16 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 24/06/2014 3:36:50 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 24/06/2014 12:19:10 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 21/06/2014 4:16:44 PM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16921 Run by felicia at 15:38:16 on 2014-06-27 Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.3525.2171 [GMT 13:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe C:\windows\system32\mfevtps.exe C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Program Files\CyberLink\Shared files\RichVideo64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhostex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe C:\Windows\Explorer.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer Launch Manager\LMTray.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\RunDll32.exe C:\Program Files\Acer\Acer Power Management\ePowerTray.exe C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\splwow64.exe C:\Windows\splwow64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:Tabs uDefault_Page_URL = hxxp://acer13.msn.com mWinlogon: Userinit = userinit.exe BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coieplg.dll mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" StartupFolder: C:\Users\felicia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 TCP: NameServer = 192.168.88.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54} : DHCPNameServer = 192.168.88.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\2496762457E6E697 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\3486160756C602341666665656 : DHCPNameServer = 203.12.160.35 203.12.160.36 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\8457E676279702A41636B6723702642554540275966496 : DHCPNameServer = 203.134.64.66 203.134.65.66 TCP: Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}\D4163617571627965602055726C69636 : DHCPNameServer = 10.127.5.21 10.127.5.17 10.127.5.22 10.127.5.18 SSODL: WebCheck - <orphaned> x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" x64-mPolicies-System: PromptOnSecureDesktop = dword:0 x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\7wx59cmx.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-23 752672] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-23 335784] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NISx64\1503000.00C\symds64.sys [2014-5-16 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NISx64\1503000.00C\symefa64.sys [2014-5-16 1148120] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-10 1530160] R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\Drivers\NISx64\1503000.00C\ccsetx64.sys [2014-5-16 162392] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140626.002\IDSviA64.sys [2014-6-27 525016] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\ironx64.sys [2014-5-16 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\symnets.sys [2014-5-16 593112] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-13 241152] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-4-15 228480] R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-3-15 431656] R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2013-4-13 237920] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-4-13 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-4-13 177144] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe [2014-5-16 276376] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-5-19 390672] R3 AthrSdSrv;AthrSdSrv;C:\Windows\System32\Drivers\athrsd.sys [2013-4-13 48760] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-13 94208] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-6-2 34384] R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-3-15 662088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-14 142128] R3 LMDriver;Launch Manager Wireless Driver;C:\Windows\System32\Drivers\LMDriver.sys [2013-1-10 21360] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-23 300392] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-23 513456] R3 RadioShim;Shim for HID-KMDF Interface layer;C:\Windows\System32\Drivers\RadioShim.sys [2013-1-10 15704] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-6-2 58536] R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-19 66712] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NISx64\1503000.00C\symelam.sys [2014-5-16 23568] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-6-2 89168] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-6-2 346192] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-6-2 115280] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-6-2 179432] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-6-2 77464] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-6-2 136784] S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-2 584272] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752] S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-23 69672] S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-4-13 119528] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-23 106112] . =============== File Associations =============== . FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -o "%1" [UserChoice] . =============== Created Last 30 ================ . 2014-06-24 02:05:06	--------	d-----w-	C:\Program Files\iPod 2014-06-24 02:05:00	--------	d-----w-	C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-06-24 02:05:00	--------	d-----w-	C:\Program Files\iTunes 2014-06-24 02:05:00	--------	d-----w-	C:\Program Files (x86)\iTunes 2014-06-11 17:58:02	283312	----a-w-	C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin 2014-06-11 08:27:07	3246592	----a-w-	C:\Windows\System32\rdpcorets.dll 2014-06-11 08:27:07	235520	----a-w-	C:\Windows\System32\rdpudd.dll 2014-06-11 08:25:56	2862080	----a-w-	C:\Windows\SysWow64\jscript9.dll 2014-06-11 08:25:56	108032	----a-w-	C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll 2014-06-11 08:24:39	2233176	----a-w-	C:\Windows\System32\drivers\tcpip.sys 2014-06-11 08:24:36	1845760	----a-w-	C:\Windows\System32\msxml3.dll 2014-06-11 08:24:35	1419264	----a-w-	C:\Windows\SysWow64\msxml3.dll 2014-06-08 12:50:24	--------	d-----w-	C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-08 12:50:20	46704	----a-w-	C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2014-06-08 12:50:19	93808	----a-w-	C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2014-06-08 12:50:19	898184	----a-w-	C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2014-06-08 12:50:19	277616	----a-w-	C:\Program Files (x86)\Mozilla Firefox\updater.exe 2014-06-08 12:50:19	23950448	----a-w-	C:\Program Files (x86)\Mozilla Firefox\xul.dll 2014-06-08 12:50:19	170960	----a-w-	C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2014-06-08 12:37:33	--------	d-----w-	C:\NPE . ==================== Find3M ==================== . 2014-06-26 23:45:49	65536	----a-w-	C:\Windows\System32\spu_storage.bin 2014-05-31 05:16:07	703992	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe 2014-05-31 05:16:07	105464	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-05-24 02:47:54	2239488	----a-w-	C:\Windows\System32\wininet.dll 2014-05-24 02:47:45	915968	----a-w-	C:\Windows\System32\uxtheme.dll 2014-05-24 02:47:44	53760	----a-w-	C:\Windows\System32\UXInit.dll 2014-05-24 02:46:15	3958784	----a-w-	C:\Windows\System32\jscript9.dll 2014-05-24 02:46:07	67072	----a-w-	C:\Windows\System32\iesetup.dll 2014-05-24 02:46:07	136704	----a-w-	C:\Windows\System32\iesysprep.dll 2014-05-24 02:45:26	1508864	----a-w-	C:\Windows\System32\inetcpl.cpl 2014-05-24 01:26:54	1766400	----a-w-	C:\Windows\SysWow64\wininet.dll 2014-05-24 01:26:46	44032	----a-w-	C:\Windows\SysWow64\UXInit.dll 2014-05-24 01:25:49	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll 2014-05-24 01:25:49	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll 2014-05-24 01:25:25	1440768	----a-w-	C:\Windows\SysWow64\inetcpl.cpl 2014-05-24 01:09:41	2706432	----a-w-	C:\Windows\System32\mshtml.tlb 2014-05-24 01:03:36	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb 2014-05-23 22:37:13	534528	----a-w-	C:\Windows\SysWow64\uxtheme.dll 2014-04-29 22:32:07	1301504	----a-w-	C:\Windows\System32\gdi32.dll 2014-04-29 22:22:23	1023488	----a-w-	C:\Windows\SysWow64\gdi32.dll 2014-04-19 09:39:36	628024	----a-w-	C:\Windows\System32\NotificationUI.exe 2014-04-19 08:45:39	693760	----a-w-	C:\Windows\System32\WSShared.dll 2014-04-19 08:45:39	163840	----a-w-	C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-19 06:57:49	566784	----a-w-	C:\Windows\SysWow64\WSShared.dll 2014-04-19 06:57:49	124928	----a-w-	C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-12 09:27:03	172888	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 09:10:31	578048	----a-w-	C:\Windows\System32\winlogon.exe 2014-04-12 09:09:43	208896	----a-w-	C:\Windows\System32\wdigest.dll 2014-04-12 09:09:39	1043968	----a-w-	C:\Windows\System32\usercpl.dll 2014-04-12 09:09:34	94720	----a-w-	C:\Windows\System32\TSpkg.dll 2014-04-12 09:09:19	588288	----a-w-	C:\Windows\System32\SHCore.dll 2014-04-12 09:08:37	318464	----a-w-	C:\Windows\System32\msv1_0.dll 2014-04-12 09:08:17	439808	----a-w-	C:\Windows\System32\lsm.dll 2014-04-12 09:08:17	1281536	----a-w-	C:\Windows\System32\lsasrv.dll 2014-04-12 09:08:10	827904	----a-w-	C:\Windows\System32\kerberos.dll 2014-04-12 09:07:36	20480	----a-w-	C:\Windows\System32\credssp.dll 2014-04-12 07:23:59	178688	----a-w-	C:\Windows\SysWow64\wdigest.dll 2014-04-12 07:23:52	961536	----a-w-	C:\Windows\SysWow64\usercpl.dll 2014-04-12 07:23:49	76800	----a-w-	C:\Windows\SysWow64\TSpkg.dll 2014-04-12 07:23:40	452608	----a-w-	C:\Windows\SysWow64\SHCore.dll 2014-04-12 07:23:14	273920	----a-w-	C:\Windows\SysWow64\msv1_0.dll 2014-04-12 07:22:58	666624	----a-w-	C:\Windows\SysWow64\kerberos.dll 2014-04-12 07:22:33	17408	----a-w-	C:\Windows\SysWow64\credssp.dll 2014-04-12 06:58:06	14848	----a-w-	C:\Windows\System32\workerdd.dll 2014-04-03 11:19:16	328024	----a-w-	C:\Windows\System32\drivers\Classpnp.sys 2014-04-03 03:44:10	619008	----a-w-	C:\Windows\System32\drivers\srv2.sys 2014-04-01 13:34:26	177752	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2008-01-13 04:15:00	75144	----a-w-	C:\Program Files\M2tsReadFilter.ax 2007-12-20 05:30:46	288136	----a-w-	C:\Program Files\HDCopy.exe 2007-12-13 14:59:54	274312	----a-w-	C:\Program Files\MediaEditor.dll 2007-12-13 14:03:44	120200	----a-w-	C:\Program Files\M2tsManager.dll 2007-12-05 15:54:44	83336	----a-w-	C:\Program Files\HDForm.exe 2007-12-05 15:54:44	148872	----a-w-	C:\Program Files\HDWriter.exe 2007-12-05 14:51:38	68488	----a-w-	C:\Program Files\SPTICtrl.dll 2007-12-05 14:51:38	43912	----a-w-	C:\Program Files\StillCtrlManager.dll 2007-12-05 14:51:34	64392	----a-w-	C:\Program Files\RWEngine.dll 2007-12-05 14:51:34	44424	----a-w-	C:\Program Files\SDFSLayer.dll 2007-12-05 14:51:30	693128	----a-w-	C:\Program Files\RenderingEngine.dll 2007-12-05 14:51:30	230792	----a-w-	C:\Program Files\PowerCheck.exe 2007-12-05 14:51:28	107912	----a-w-	C:\Program Files\PictureLib.dll 2007-12-05 14:51:26	49032	----a-w-	C:\Program Files\PicResize.dll 2007-12-05 14:51:24	54664	----a-w-	C:\Program Files\Mpeg2SDK.dll 2007-12-05 14:51:22	353672	----a-w-	C:\Program Files\MicsFsUDF_AH.dll 2007-12-05 14:51:20	71048	----a-w-	C:\Program Files\MicsArch.dll 2007-12-05 14:51:20	132488	----a-w-	C:\Program Files\MicsFSHDDW32_AH.dll 2007-12-05 14:49:58	62856	----a-w-	C:\Program Files\AvchdPushElement.ax 2007-12-05 14:48:54	165256	----a-w-	C:\Program Files\MSEditCore.dll 2007-12-05 14:48:52	91528	----a-w-	C:\Program Files\HDEditor.exe 2007-12-05 14:48:50	79240	----a-w-	C:\Program Files\ExportParameter.dll 2007-12-05 14:48:50	58760	----a-w-	C:\Program Files\DeviceSelect.dll 2007-12-05 14:48:48	415112	----a-w-	C:\Program Files\AVCHDPlugin.dll 2007-08-20 05:33:02	2108416	----a-w-	C:\Program Files\meimpgvout.004 2007-08-20 05:33:00	2830336	----a-w-	C:\Program Files\meimpgvdec.dll 2007-08-20 05:33:00	2062848	----a-w-	C:\Program Files\meimpgvout.001 2007-08-20 05:33:00	2060288	----a-w-	C:\Program Files\meimpgvout.002 2007-08-20 05:33:00	2051584	----a-w-	C:\Program Files\meimpgvout.003 2007-08-20 05:33:00	147456	----a-w-	C:\Program Files\meimuxmpeg.ax 2007-08-20 05:33:00	13312	----a-w-	C:\Program Files\meimpgvout.dll 2007-08-20 05:32:58	90112	----a-w-	C:\Program Files\meievmpeg.ax 2007-08-20 05:32:58	86016	----a-w-	C:\Program Files\meidsmpeg.ax 2007-08-20 05:32:58	61440	----a-w-	C:\Program Files\meieampeg.ax 2007-08-20 05:32:58	516096	----a-w-	C:\Program Files\MCMux_HDMV.ax 2007-08-20 05:32:58	434176	----a-w-	C:\Program Files\meimpegin.dll 2007-08-20 05:32:58	225280	----a-w-	C:\Program Files\meimpgmux.dll 2007-08-20 05:32:58	208896	----a-w-	C:\Program Files\meimpgaout.dll 2007-08-20 05:32:58	155648	----a-w-	C:\Program Files\meimpgdmux.dll 2007-08-20 05:32:58	106496	----a-w-	C:\Program Files\meimpgadec.dll 2007-08-20 05:32:56	73728	----a-w-	C:\Program Files\mch264vout.dll 2007-08-20 05:32:56	1167360	----a-w-	C:\Program Files\mch264vout.001 2007-04-19 09:46:14	127488	----a-w-	C:\Program Files\srscaler.dll 2007-04-19 09:46:12	208896	----a-w-	C:\Program Files\mcscaler.ax 2007-03-07 06:00:02	91736	----a-w-	C:\Program Files\lffax14N.dll 2007-03-07 06:00:02	442368	----a-w-	C:\Program Files\LTkrn14N.dll 2007-03-07 06:00:02	38488	----a-w-	C:\Program Files\LTWND14N.DLL 2007-03-07 06:00:02	38488	----a-w-	C:\Program Files\lflmb14N.dll 2007-03-07 06:00:02	370264	----a-w-	C:\Program Files\lfCMP14N.DLL 2007-03-07 06:00:02	267864	----a-w-	C:\Program Files\LTDIS14N.dll 2007-03-07 06:00:02	243288	----a-w-	C:\Program Files\LTefx14N.dll 2007-03-07 06:00:02	161368	----a-w-	C:\Program Files\LTfil14N.DLL 2007-03-07 06:00:02	153176	----a-w-	C:\Program Files\lftif14N.dll . ============= FINISH: 15:38:48.47 ===============


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Please run FRST64 and post the results.

*FRST - Farbar Recovery Scanner Tool for Vista-W7/8* 

Please download *FRST64.exe* ... by Farbar. Save it to your desktop.

Right click on *FRST64.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button. ... A log will be created *FRST.txt* in the same directory the tool is run.
Please copy/paste *FRST.txt* it to your reply.
The first time the tool is run, it makes also another log... *Addition.txt*.
Please copy/paste *Addition.txt* in your reply.


----------



## ufah (May 27, 2014)

Hi wbg,

Here is the requested scan,

cheers

10:34 PM 27/06/2014Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by felicia (administrator) on ALLUN on 27-06-2014 22:31:09
Running from C:\Users\felicia\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))
Startup: C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = 
SearchScopes: HKCU - {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\7wx59cmx.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\7wx59cmx.default\Extensions\[email protected] [2014-06-09]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\7wx59cmx.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-06-26]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-23] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177144 2012-06-23] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-15] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-23] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-13] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140626.002\IDSvia64.sys [525016 2014-03-31] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-23] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-23] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-23] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140626.008\ENG64.SYS [126040 2014-06-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140626.008\EX64.SYS [2099288 2014-06-14] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-27 22:31 - 2014-06-27 22:31 - 00012735 _____ () C:\Users\felicia\Desktop\FRST.txt
2014-06-27 22:31 - 2014-06-27 22:31 - 00000000 ____D () C:\FRST
2014-06-27 22:29 - 2014-06-27 22:29 - 02082816 _____ (Farbar) C:\Users\felicia\Desktop\FRST64.exe
2014-06-27 15:14 - 2014-06-27 15:14 - 00004001 _____ () C:\Users\felicia\Desktop\FOCS300 - Shortcut.lnk
2014-06-25 13:03 - 2014-06-25 14:50 - 00000000 ____D () C:\Users\felicia\Desktop\verbis
2014-06-24 15:06 - 2014-06-24 15:06 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-24 15:06 - 2014-06-24 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 15:05 - 2014-06-24 15:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 15:05 - 2014-06-24 15:06 - 00000000 ____D () C:\Program Files\iTunes
2014-06-24 15:05 - 2014-06-24 15:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-24 15:05 - 2014-06-24 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-06-24 14:59 - 2014-06-24 14:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-21 02:01 - 2014-06-21 02:01 - 00009477 _____ () C:\Users\felicia\Documents\verbum1.odt
2014-06-11 21:27 - 2014-05-03 18:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 21:27 - 2014-05-03 16:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-11 21:26 - 2014-05-24 15:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 21:26 - 2014-05-24 15:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 21:26 - 2014-05-24 15:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 21:26 - 2014-05-24 15:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-11 21:26 - 2014-05-24 15:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 21:26 - 2014-05-24 15:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 21:26 - 2014-05-24 15:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 21:26 - 2014-05-24 15:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 21:26 - 2014-05-24 15:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 21:26 - 2014-05-24 14:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 21:26 - 2014-05-24 14:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 21:26 - 2014-05-24 14:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 21:26 - 2014-05-24 14:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 21:26 - 2014-05-24 14:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 21:26 - 2014-05-24 14:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 21:26 - 2014-05-24 14:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 21:26 - 2014-05-24 14:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 21:26 - 2014-05-24 14:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 21:26 - 2014-05-24 14:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 21:26 - 2014-05-24 11:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-11 21:26 - 2014-04-30 11:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-11 21:26 - 2014-04-30 11:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-11 21:26 - 2014-04-04 00:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-11 21:26 - 2014-04-03 16:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-11 21:26 - 2014-04-01 11:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-11 21:26 - 2014-03-25 12:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-11 21:26 - 2014-03-25 11:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-11 21:25 - 2014-05-24 14:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 21:25 - 2014-05-24 14:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 21:24 - 2014-04-04 00:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 21:24 - 2014-03-07 13:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 21:24 - 2014-03-07 13:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 17:11 - 2014-06-23 15:51 - 00000000 ____D () C:\Users\felicia\Desktop\oitingoc
2014-06-09 01:50 - 2014-06-15 01:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-09 01:50 - 2014-06-09 01:50 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-09 01:37 - 2014-06-09 01:37 - 00000000 ____D () C:\NPE
2014-06-09 01:33 - 2014-06-09 01:33 - 03077584 _____ (Symantec Corporation) C:\Users\felicia\Downloads\NPE.exe.0t43yd2.partial
2014-06-05 19:25 - 2014-06-05 19:24 - 219482188 _____ () C:\Users\felicia\Downloads\Natural World Farm for the Future.mp4
2014-06-03 21:32 - 2014-06-03 21:32 - 00002777 _____ () C:\Users\felicia\Desktop\1NoisseS - Shortcut.lnk
2014-05-28 00:46 - 2014-05-28 00:47 - 00000000 ____D () C:\Users\felicia\Documents\limpizs

==================== One Month Modified Files and Folders =======

2014-06-27 22:31 - 2014-06-27 22:31 - 00012735 _____ () C:\Users\felicia\Desktop\FRST.txt
2014-06-27 22:31 - 2014-06-27 22:31 - 00000000 ____D () C:\FRST
2014-06-27 22:29 - 2014-06-27 22:29 - 02082816 _____ (Farbar) C:\Users\felicia\Desktop\FRST64.exe
2014-06-27 22:25 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-27 20:50 - 2013-06-02 04:04 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-06-27 17:43 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-27 15:27 - 2014-05-27 23:38 - 00006927 _____ () C:\Users\felicia\Downloads\hijackthis.log
2014-06-27 15:14 - 2014-06-27 15:14 - 00004001 _____ () C:\Users\felicia\Desktop\FOCS300 - Shortcut.lnk
2014-06-27 02:42 - 2012-07-26 20:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 22:36 - 2013-12-10 03:02 - 00000000 ____D () C:\Users\felicia
2014-06-26 22:36 - 2012-07-26 20:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 14:50 - 2014-06-25 13:03 - 00000000 ____D () C:\Users\felicia\Desktop\verbis
2014-06-24 15:06 - 2014-06-24 15:06 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-24 15:06 - 2014-06-24 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 15:06 - 2014-06-24 15:05 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 15:06 - 2014-06-24 15:05 - 00000000 ____D () C:\Program Files\iTunes
2014-06-24 15:06 - 2014-06-24 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-24 15:05 - 2014-06-24 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-06-24 14:59 - 2014-06-24 14:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-24 14:59 - 2013-12-11 01:58 - 00000000 ____D () C:\ProgramData\Apple
2014-06-23 15:51 - 2014-06-11 17:11 - 00000000 ____D () C:\Users\felicia\Desktop\oitingoc
2014-06-22 16:24 - 2012-07-26 18:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-21 17:41 - 2013-12-10 03:28 - 01747149 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 02:01 - 2014-06-21 02:01 - 00009477 _____ () C:\Users\felicia\Documents\verbum1.odt
2014-06-18 00:55 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-16 09:42 - 2013-12-10 03:35 - 00000000 ____D () C:\Users\felicia\AppData\Local\CrashDumps
2014-06-15 01:46 - 2014-06-09 01:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-15 01:46 - 2013-04-13 17:50 - 02266984 _____ () C:\Windows\PFRO.log
2014-06-13 05:11 - 2014-05-18 13:54 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\vlc
2014-06-11 21:57 - 2012-07-26 20:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-11 21:53 - 2013-12-15 00:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 21:50 - 2013-12-15 00:18 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:03 - 2013-12-24 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 01:50 - 2014-06-09 01:50 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-09 01:50 - 2013-12-24 15:33 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-09 01:40 - 2013-12-26 16:06 - 00000000 ____D () C:\Users\felicia\AppData\Local\NPE
2014-06-09 01:37 - 2014-06-09 01:37 - 00000000 ____D () C:\NPE
2014-06-09 01:37 - 2012-07-26 21:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-06-09 01:36 - 2012-07-26 18:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-09 01:34 - 2014-01-26 05:23 - 03077584 ____N (Symantec Corporation) C:\Users\felicia\Downloads\NPE.exe
2014-06-09 01:33 - 2014-06-09 01:33 - 03077584 _____ (Symantec Corporation) C:\Users\felicia\Downloads\NPE.exe.0t43yd2.partial
2014-06-05 19:24 - 2014-06-05 19:25 - 219482188 _____ () C:\Users\felicia\Downloads\Natural World Farm for the Future.mp4
2014-06-03 21:32 - 2014-06-03 21:32 - 00002777 _____ () C:\Users\felicia\Desktop\1NoisseS - Shortcut.lnk
2014-05-31 18:16 - 2013-04-13 20:09 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 18:16 - 2013-04-13 20:09 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 19:57 - 2013-12-11 10:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2431524154-3748180158-148446504-1001
2014-05-28 00:47 - 2014-05-28 00:46 - 00000000 ____D () C:\Users\felicia\Documents\limpizs

Files to move or delete:
====================
C:\ProgramData\uninstall554716.exe

Some content of TEMP:
====================
C:\Users\felicia\AppData\Local\Temp\COMAP.EXE
C:\Users\felicia\AppData\Local\Temp\drm_dialogs.dll
C:\Users\felicia\AppData\Local\Temp\drm_dyndata_7270007.dll
C:\Users\felicia\AppData\Local\Temp\_is1286.exe
C:\Users\felicia\AppData\Local\Temp\_is1AC0.exe
C:\Users\felicia\AppData\Local\Temp\_is690E.exe
C:\Users\felicia\AppData\Local\Temp\_is77DD.exe
C:\Users\felicia\AppData\Local\Temp\_isB0D4.exe
C:\Users\felicia\AppData\Local\Temp\_isBE1.exe
C:\Users\felicia\AppData\Local\Temp\_isCB1B.exe
C:\Users\felicia\AppData\Local\Temp\_isD113.exe
C:\Users\felicia\AppData\Local\Temp\_isE907.exe
C:\Users\felicia\AppData\Local\Temp\_isEAAB.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-20 12:03

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by felicia at 2014-06-27 22:32:37
Running from C:\Users\felicia\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Caesar IV (HKLM-x32\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 1.0 - Tilted Mill Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2726.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2726.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{BD1EFE20-246B-451F-B900-F1214324DF5F}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
MainConcept AVCHD Transcoder v. 2.1 (HKLM-x32\...\InstallShield_{4E923B91-7D37-4982-ADAB-CB97C508F85A}) (Version: 2.1.0.0 - MainConcept GmbH)
MainConcept AVCHD Transcoder v. 2.1 (x32 Version: 2.1.0.0 - MainConcept GmbH) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.1 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Restore Points =========================

06-06-2014 15:36:12 Scheduled Checkpoint
11-06-2014 08:48:48 Windows Update
21-06-2014 11:51:44 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 18:26 - 2012-07-26 18:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A0CB9A9-FA76-49B0-992B-FF220D64457A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-15] (Acer Incorporate)
Task: {0EB8BFB7-A0A3-4FFC-A6DE-DA7986D3BC6D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {25CFE324-CFDC-43D3-818B-F43CC3ECCEAD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-06] (Synaptics Incorporated)
Task: {2C084074-6467-4427-A51C-687D00687B67} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {5C1D8FAB-EDE2-406C-ACAC-E61E8DA93D4C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {88E969A0-26E5-4D6F-9EF1-18D0B353CFF9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-11] (Microsoft Corporation)
Task: {97D29DC8-8542-462D-89B8-33AEE5FABDBE} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BAD80A28-B500-4584-B0E1-DA846F569AA0} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-23] ()
Task: {BB9F5B39-1AF7-4550-B423-501BB22FC86D} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-14] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D1E00DA7-1227-4D96-B3E8-67D81A85D74C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FE1DDED1-1563-4D5F-8A40-51401AF52FB5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) =============

2014-05-19 22:10 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-04-13 20:13 - 2012-06-23 03:41 - 00024704 _____ () C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll
2014-01-20 16:17 - 2014-01-20 16:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 16:16 - 2014-01-20 16:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-02 04:42 - 2013-02-21 01:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2013-09-20 15:50 - 2013-09-20 15:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-09-17 06:54 - 2013-09-17 06:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2013-12-24 15:32 - 2014-06-11 16:03 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth USB Adapter
Description: Bluetooth USB Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2014 02:02:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/26/2014 10:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NIS.exe, version: 12.11.2.9, time stamp: 0x5355938e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000008
Fault offset: 0x0007bac5
Faulting process id: 0x9f8
Faulting application start time: 0xNIS.exe0
Faulting application path: NIS.exe1
Faulting module path: NIS.exe2
Report Id: NIS.exe3
Faulting package full name: NIS.exe4
Faulting package-relative application ID: NIS.exe5

Error: (06/26/2014 10:28:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/26/2014 01:00:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/25/2014 07:36:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/25/2014 03:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47378

Error: (06/25/2014 03:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47378

Error: (06/25/2014 03:25:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/24/2014 09:40:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/24/2014 04:04:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1478453

System errors:
=============
Error: (06/26/2014 10:35:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:26:49 PM on ‎26/‎06/‎2014 was unexpected.

Error: (06/25/2014 02:38:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 2 time(s).

Error: (06/24/2014 03:37:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/24/2014 03:36:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/24/2014 00:47:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:03:32 AM on ‎24/‎06/‎2014 was unexpected.

Error: (06/24/2014 00:19:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/22/2014 04:20:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:14:07 PM on ‎22/‎06/‎2014 was unexpected.

Error: (06/21/2014 05:46:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:12:14 PM on ‎21/‎06/‎2014 was unexpected.

Error: (06/21/2014 04:16:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/19/2014 05:36:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (06/27/2014 02:02:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/26/2014 10:33:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NIS.exe12.11.2.95355938entdll.dll6.2.9200.16578515fac6ec00000080007bac59f801cf8f3d8e31db36C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exeC:\Windows\SYSTEM32\ntdll.dlle623079a-fd14-11e3-beb4-c156e09a92f3

Error: (06/26/2014 10:28:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/26/2014 01:00:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/25/2014 07:36:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/25/2014 03:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47378

Error: (06/25/2014 03:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47378

Error: (06/25/2014 03:25:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/24/2014 09:40:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/24/2014 04:04:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1478453

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3525 MB
Available physical RAM: 2142.61 MB
Total Pagefile: 4165 MB
Available Pagefile: 2828.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.91 GB) (Free:139.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 0B6BAD55)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Did you remove any McAfee products prior to having issues? 
The reason I ask is I am finding pieces of McAfee program files that are still installed and active.
We will get back to the FRST results later.

Would you please run the following:

*Farbar Service Scanner (FSS) *
*SCAN Option*
Please download *Farbar Service Scanner* ... by *Farbar* and save it to your Desktop.

Right click on *FSS.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Make sure the following options are checked:
*Internet Services* (checked by default)
*Windows Firewall*
*Security Center*
*Windows Defender*

Press the "*Scan*" button.
When finished, a text file named *FSS.txt* will be created on your desktop. (Same folder the tool is run).
Please copy and paste the contents of the *FSS.txt* log to your reply.
*Note:* If you receive an *AutoIt* error indicating: Error: Variable must be of type "Object", please UNCHECK the "*Report Windows Version Fully*" option and run the scan again.


----------



## ufah (May 27, 2014)

Hi wbg,

Yes, I did remove a Mcafee Antivirus that came with the OS before installing NIS, and there were no issues.
That I remembered, WIFI issues commenced when I downloaded it an extension tool from Firefox.

Here is FSS log

Farbar Service Scanner Version: 10-06-2014
Ran by felicia (administrator) on 29-06-2014 at 21:06:59
Running from "C:\Users\felicia\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

Action Center:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


----------



## wannabeageek (Nov 12, 2009)

ufah said:


> Hi wbg,
> 
> Yes, I did remove a Mcafee Antivirus that came with the OS before installing NIS, and there were no issues.
> That I remembered, WIFI issues commenced when I downloaded it an *extension tool from Firefox*.


Do you recall what tool it was?


----------



## ufah (May 27, 2014)

HI wbg,

Sorry, I can not find that ad on or extension anymore. It was suppose to alert you about being track and whether you may white list or black list sites. It had a box displaying constantly on the right side of the top bar when you were track and other type of alerts. I'll keep looking.


----------



## ufah (May 27, 2014)

The reason I installed was to block ads as well as seeing either if you were tracked or redirected to commercial sites.


----------



## ufah (May 27, 2014)

Hi wbg,

After browsing through thousands of ad ons and extensions, found it: Disconnect 3.14.0 for Firefox


----------



## ufah (May 27, 2014)

I've noticed that the internet connection have become the slowest ever.....since I've done the last scan requested.


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

I have not forgotten about you, I am looking at causes and possible solutions in developing a fix. It is taking me longer than I had anticipated.
The problem looks like a conflict between NIS and McAfee's. So we will be removing the remnant McAfee files.
In the mean time you may wish to limit auto scans by NIS to times when you are not working on the PC but still have it on to do manual updates and scans.
The log you posted from the FSS scan I had you do implies there is nothing wrong with your internet connection. NIS can be a memory hog so that can slow your processing speed down which would affect your internet connection speed.
More to come.

wbg


----------



## ufah (May 27, 2014)

Hi wbg,

no worries, I appreciate your help whenever you can provided it.
I've already had this for two months and fortunately I can still manage to do most
things, internet research and use open office for assignments.

cheers


----------



## ufah (May 27, 2014)

I thing I've noticed from whenever I check task manager is that NIS is running two processes, whereas before it always run only one. And Power DVD keeps running and consuming memory, by itself even when I'm not using it, hence I have to turn them off both manually..and afterwards the labtop runs better.


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Here is the fix I was referring to.

*Step 1.*
*Create a System Restore Point *

From the "Start" menu, Drag out the "Right Sidebar", Click "Settings".
From the "Settings" window, Click "Control Panel"
From the Top left column, Click "System and Security"
From the Right side column, Click "System"
From the Left side column, Click System Protection"
From the "System Properties" window, click the tab "System Protection".
Make sure that Local Disk (C (System) is highlighted. Click the "Create" button at the bottom of the window.
A "System Protection" box will appear. *Type a description* "Clean Restore Point" and click "Create".
Now the system will start creating a restore point.
When complete, you will receive a message that a restore point has been created for you.

If you have successfully created a System Restore Point...we can proceed.
*If you have NOT successfully created a System Restore Point...do not go any further! 
Please post back so we can determine why it was unsuccessful.*

*Step 2.*

Click *Start*
Type *notepad.exe* in the *search programs and files* box and click *Enter*.
A blank Notepad page should open.
Copy/Paste the contents of the quote box below into Notepad.




> (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
> (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
> (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
> FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
> ...




Save it to the same folder/directory that FRST.exe is in, naming it as *fixlist.txt*


*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* in the same folder/directory as FRST64.exe
*Please post me the log*


ufah,
The items listed below were disabled using MSCONFIG. If this temporary, please re-enable these items.
If these are to be permanent, then we need to remove them from the MSConfig menu and turn them off using a different method.
Please advise me about these programs.


> ==================== MSCONFIG/TASK MANAGER disabled items =========
> 
> HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
> HKLM\...\StartupApproved\Run32: => "APSDaemon"
> ...


----------



## ufah (May 27, 2014)

Hi wbg,

Sorry for the delay.
I've applied the fix after creating the system restore point.
The only thing is that, in order to applied the fix it took over an hour trying to restart the system (weird), hence had to turned it off. As soon as turned on it showed a window where it read the fix had been applied and the log have been saved near the program.

cheers

almost forgot!!!In regards of the programs you mention at the end of the thread, I think we can delete them unless you advice against.
I do not have any apple devices, not sure about that download application?? I probably
restore only Norton.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by felicia at 2014-07-04 00:34:38 Run:1
Running from C:\Users\felicia\Pictures\New folder\1NoisseS
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]afee.com] - C:\Program Files\McAfee\MSK
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-23] (McAfee, Inc.)
C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-23] (McAfee, Inc.)
C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
R2 mfevtp; C:\windows\system32\mfevtps.exe [177144 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\mfevtps.exe
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\cfwids.sys
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\mfeapfk.sys
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\mfeavfk.sys
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-19] (McAfee, Inc.)
C:\Windows\System32\drivers\mfeelamk.sys
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\mfefirek.sys
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\mfehidk.sys
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\mferkdet.sys
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-23] (McAfee, Inc.)
C:\Windows\System32\drivers\mfewfpk.sys
C:\ProgramData\uninstall554716.exe
2013-04-13 20:13 - 2012-06-23 03:41 - 00024704 _____ () C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll 
*****************

C:\Windows\System32\mfevtps.exe => Failed to close process.
C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe => Failed to close process.
C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe => Failed to close process.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value deleted successfully.
McShield => Unable to stop service
McShield => Error deleting Service
Could not move "C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe" => Scheduled to move on reboot.
mfefire => Unable to stop service
mfefire => Error deleting Service
Could not move "C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe" => Scheduled to move on reboot.
mfevtp => Unable to stop service
mfevtp => Error deleting Service
Could not move "C:\Windows\System32\mfevtps.exe" => Scheduled to move on reboot.
cfwids => Service deleted successfully.
C:\Windows\System32\drivers\cfwids.sys => Moved successfully.
mfeapfk => Unable to stop service
mfeapfk => Error deleting Service
Could not move "C:\Windows\System32\drivers\mfeapfk.sys" => Scheduled to move on reboot.
mfeavfk => Unable to stop service
mfeavfk => Error deleting Service
Could not move "C:\Windows\System32\drivers\mfeavfk.sys" => Scheduled to move on reboot.
mfeelamk => Error deleting Service
Could not move "C:\Windows\System32\drivers\mfeelamk.sys" => Scheduled to move on reboot.
mfefirek => Unable to stop service
mfefirek => Error deleting Service
Could not move "C:\Windows\System32\drivers\mfefirek.sys" => Scheduled to move on reboot.
mfehidk => Unable to stop service
mfehidk => Error deleting Service
Could not move "C:\Windows\System32\drivers\mfehidk.sys" => Scheduled to move on reboot.
mferkdet => Error deleting Service
Could not move "C:\Windows\System32\drivers\mferkdet.sys" => Scheduled to move on reboot.
mfewfpk => Unable to stop service
mfewfpk => Error deleting Service
Could not move "C:\Windows\System32\drivers\mfewfpk.sys" => Scheduled to move on reboot.
C:\ProgramData\uninstall554716.exe => Moved successfully.
Could not move "C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-04 02:35:29)<=

C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe => Moved successfully.
C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe => Moved successfully.
C:\Windows\System32\mfevtps.exe => Moved successfully.
C:\Windows\System32\drivers\mfeapfk.sys => Moved successfully.
C:\Windows\System32\drivers\mfeavfk.sys => Moved successfully.
C:\Windows\System32\drivers\mfeelamk.sys => Moved successfully.
C:\Windows\System32\drivers\mfefirek.sys => Moved successfully.
C:\Windows\System32\drivers\mfehidk.sys => Moved successfully.
C:\Windows\System32\drivers\mferkdet.sys => Moved successfully.
C:\Windows\System32\drivers\mfewfpk.sys => Moved successfully.
C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll => Moved successfully.

==== End of Fixlog ====


----------



## ufah (May 27, 2014)

Hi wbg,

I'vw doubled checked on Logitech Download Assistant, APS Daemon, iTunes Helper, Norton Online Backup, hence will prefer to remove them from the MSConfig menu and turn them off using a different method.


cheers


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

We will get to those in a bit. 

How is the computer acting/performing?

wbg


----------



## ufah (May 27, 2014)

Hi wbg,

There's been improvements, I can detect more networks around, but still difficult to establish a connection (unless situated quite close to a modem) and performance in general still slow or unresponsive.

cheers

u


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Please run the following:

*Create a batch file*

*Open *Notepad.
*Copy/paste* the following text into the empty Notepad window. 


> @echo off
> ipconfig /all > "%userprofile%\desktop\ipconfigexport.txt"



*Save the file *as *ipconfigexport.bat *on your desktop. Save it with the file type... *all types *.**.
Right click on the file *ipconfigexport.bat * select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Open *ipconfigexport.txt* with notepad and post the results in your next reply.


----------



## wannabeageek (Nov 12, 2009)

Hi ufah.

*It has been three days since my last post.*


Do you still need help?
Do you need more time?
Are you having problems following my instructions?
*These topics will self- close after 45 days without a response.*
*If you do not reply within the next 48 hours, I will remove this topic from my notification list.*
If you post back after 5 days but before 45 days, PM me and wait for a response.
If you still need help after 45 days post a new log on a new thread.


----------



## ufah (May 27, 2014)

Hi wbg,
Sorry for the delay,
yes I still need help.
I've just read your post now. will try your last instructions and will post back
asap

cheers


----------



## ufah (May 27, 2014)

Hi wbg,

here is your request,

cheers

Windows IP Configuration

Host Name . . . . . . . . . . . . : allun
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 16-FD-52-96-56-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
Physical Address. . . . . . . . . : 24-FD-52-96-56-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c598:6706:1ee5:846%15(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, 12 July 2014 10:42:40 PM
Lease Expires . . . . . . . . . . : Sunday, 13 July 2014 11:01:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 388300114
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-3B-C7-0F-30-65-EC-00-9A-84
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:cba:1f84:3f57:fef9(Preferred) 
Link-local IPv6 Address . . . . . : fe80::cba:1f84:3f57:fef9%19(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{B12B19E4-AC50-4337-957B-1EC86FA3FA54}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


----------



## ufah (May 27, 2014)

Hi wbg,

It's been 4 days since I promptly reply to your question: if I still needed help.
Do you want me to start a post again....

Cheers,


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

The desert temperature here in Northern California has been getting to me, 43 degrees Celsius is a little too warm for me. 20 to 22 is more better for me.

Please run the following:

*Step 1.*
*Create a batch file*

*Open *Notepad.
*Copy/paste* the following text into the empty Notepad window. 


> @echo off
> ipconfig /release > "%userprofile%\desktop\ipconfigexport.txt"
> ipconfig /renew >> "%userprofile%\desktop\ipconfigexport.txt"
> ipconfig /all >> "%userprofile%\desktop\ipconfigexport.txt"



*Save the file *as *ipconfigexport.bat *on your desktop. Save it with the file type... *all types *.**.
If promped to replace it, select "Yes"
Right click on the file *ipconfigexport.bat * select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Open *ipconfigexport.txt* with notepad and post the results in your next reply.

*Step 2.*

Click *Start*, type *msinfo32.exe* into the *Search programs and files* box, then hit *Enter*.
This will open the *System Information* window.
Expand the following ...
*Components > *
*Network > *
*Protocols.*

From the menu bar Select "Edit"
Scroll down and click on "Select all"
Paste the results in your next post.

Also include any performance difference in you wireless connection,


----------



## ufah (May 27, 2014)

No worries wbg,
Sorry to hear that you are enduring such a high temperatures. Cross fingers you've got air con.
Just wanted to make sure that you were reading my latest post and not risking to 
be deleted from your notifications list.
Will do this new batch file within the day.

kind regards,


----------



## ufah (May 27, 2014)

Hi wbg,

I hope the weather improved in California, 
sorry got delayed again, for I know i need to spare at least around an hr to complete this,
for some reason after restarting is been taking that long.
but will post back today asap.

cheers


----------



## ufah (May 27, 2014)

Hi wbg,

I thought it will take longer.....I'm really a beginner, otherwise would have done sooner.

Anyway, here is the batch ipconf result:

cheers.

Windows IP Configuration No operation can be performed on Local Area Connection* 12 while it has its media disconnected. Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c598:6706:1ee5:846%15  Default Gateway . . . . . . . . . : Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{B12B19E4-AC50-4337-957B-1EC86FA3FA54}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Windows IP Configuration No operation can be performed on Local Area Connection* 12 while it has its media disconnected. Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c598:6706:1ee5:846%15 IPv4 Address. . . . . . . . . . . : 192.168.1.6 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:c4c:efd:3f57:fef9 Link-local IPv6 Address . . . . . : fe80::c4c:efd:3f57:fef9%19 Default Gateway . . . . . . . . . : :: Tunnel adapter isatap.{B12B19E4-AC50-4337-957B-1EC86FA3FA54}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Windows IP Configuration Host Name . . . . . . . . . . . . : allun Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter Physical Address. . . . . . . . . : 16-FD-52-96-56-57 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter Physical Address. . . . . . . . . : 24-FD-52-96-56-57 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c598:6706:1ee5:846%15(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, 20 July 2014 10:42:13 PM Lease Expires . . . . . . . . . . : Monday, 21 July 2014 10:42:13 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 388300114 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-3B-C7-0F-30-65-EC-00-9A-84 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 13: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:c4c:efd:3f57:fef9(Preferred) Link-local IPv6 Address . . . . . : fe80::c4c:efd:3f57:fef9%19(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{B12B19E4-AC50-4337-957B-1EC86FA3FA54}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes plus the sysinfo:

Name MSAFD Tcpip [TCP/IP]
Connectionless Service No
Guarantees Delivery Yes
Guarantees Sequencing Yes
Maximum Address Size 16 bytes
Maximum Message Size 0 bytes
Message Oriented No
Minimum Address Size 16 bytes
Pseudo Stream Oriented No
Supports Broadcasting No
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption No
Supports Expedited Data Yes
Supports Graceful Closing Yes
Supports Guaranteed Bandwidth No
Supports Multicasting No

Name MSAFD Tcpip [UDP/IP]
Connectionless Service Yes
Guarantees Delivery No
Guarantees Sequencing No
Maximum Address Size 16 bytes
Maximum Message Size 63.99 KB (65,527 bytes)
Message Oriented Yes
Minimum Address Size 16 bytes
Pseudo Stream Oriented No
Supports Broadcasting Yes
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption No
Supports Expedited Data No
Supports Graceful Closing No
Supports Guaranteed Bandwidth No
Supports Multicasting Yes

Name MSAFD Tcpip [TCP/IPv6]
Connectionless Service No
Guarantees Delivery Yes
Guarantees Sequencing Yes
Maximum Address Size 28 bytes
Maximum Message Size 0 bytes
Message Oriented No
Minimum Address Size 28 bytes
Pseudo Stream Oriented No
Supports Broadcasting No
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption No
Supports Expedited Data Yes
Supports Graceful Closing Yes
Supports Guaranteed Bandwidth No
Supports Multicasting No

Name MSAFD Tcpip [UDP/IPv6]
Connectionless Service Yes
Guarantees Delivery No
Guarantees Sequencing No
Maximum Address Size 28 bytes
Maximum Message Size 63.99 KB (65,527 bytes)
Message Oriented Yes
Minimum Address Size 28 bytes
Pseudo Stream Oriented No
Supports Broadcasting Yes
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption No
Supports Expedited Data No
Supports Graceful Closing No
Supports Guaranteed Bandwidth No
Supports Multicasting Yes

Name RSVP TCPv6 Service Provider
Connectionless Service No
Guarantees Delivery Yes
Guarantees Sequencing Yes
Maximum Address Size 28 bytes
Maximum Message Size 0 bytes
Message Oriented No
Minimum Address Size 28 bytes
Pseudo Stream Oriented No
Supports Broadcasting No
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption Yes
Supports Expedited Data Yes
Supports Graceful Closing Yes
Supports Guaranteed Bandwidth No
Supports Multicasting No

Name RSVP TCP Service Provider
Connectionless Service No
Guarantees Delivery Yes
Guarantees Sequencing Yes
Maximum Address Size 16 bytes
Maximum Message Size 0 bytes
Message Oriented No
Minimum Address Size 16 bytes
Pseudo Stream Oriented No
Supports Broadcasting No
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption Yes
Supports Expedited Data Yes
Supports Graceful Closing Yes
Supports Guaranteed Bandwidth No
Supports Multicasting No

Name RSVP UDPv6 Service Provider
Connectionless Service Yes
Guarantees Delivery No
Guarantees Sequencing No
Maximum Address Size 28 bytes
Maximum Message Size 63.99 KB (65,527 bytes)
Message Oriented Yes
Minimum Address Size 28 bytes
Pseudo Stream Oriented No
Supports Broadcasting Yes
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption Yes
Supports Expedited Data No
Supports Graceful Closing No
Supports Guaranteed Bandwidth No
Supports Multicasting Yes

Name RSVP UDP Service Provider
Connectionless Service Yes
Guarantees Delivery No
Guarantees Sequencing No
Maximum Address Size 16 bytes
Maximum Message Size 63.99 KB (65,527 bytes)
Message Oriented Yes
Minimum Address Size 16 bytes
Pseudo Stream Oriented No
Supports Broadcasting Yes
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption Yes
Supports Expedited Data No
Supports Graceful Closing No
Supports Guaranteed Bandwidth No
Supports Multicasting Yes

Name MSAFD RfComm [Bluetooth]
Connectionless Service No
Guarantees Delivery Yes
Guarantees Sequencing Yes
Maximum Address Size 30 bytes
Maximum Message Size 0 bytes
Message Oriented No
Minimum Address Size 30 bytes
Pseudo Stream Oriented No
Supports Broadcasting No
Supports Connect Data No
Supports Disconnect Data No
Supports Encryption No
Supports Expedited Data No
Supports Graceful Closing Yes
Supports Guaranteed Bandwidth No
Supports Multicasting No


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Is the computer slow to connect to the internet?

Does the computer takes an hour to reboot?


> sorry got delayed again, for I know i need to spare at least around an hr to complete this,
> for some reason after restarting is been taking that long.


wbg


----------



## ufah (May 27, 2014)

Hi wbg,

It only takes long to reboot after applying a restore point.
I missed read your post and thought that I had to do one, reason why I delayed doing it. It took around an hour to reboot when I applied the FRST fix after creating a system restored point. I did mentioned in the subsequent post, since I had to turn the machine off for it took forever to restart. But there were improvements immediately afterwards:
1.- does not crash as before
2.- less complicated to connect to WIFI networks
3.- detects more networks around

Though when I say that is not as good as originally, I can tell because at home while situated next to the modem, WIFI signal detection is modest. also, occasionally unresponsive.

cheers


----------



## ufah (May 27, 2014)

Hi wbg,

Would you like me to bump and wait for another reply, you been very kind but maybe
another input could further aid, maybe I should try in a networking forum.


Kind regards


----------



## ufah (May 27, 2014)

Hi wbg,

It is been seven days since your last reply, I hope you are well and the heat did not
continue to trouble you.
Should I bump, is it acceptable??? I really need help to sort it out this connection issues.


Kind regards,

U


----------



## wannabeageek (Nov 12, 2009)

I again apologize for the long delay in responding. I have had some issues of my own to deal with.

If I understand your last response your connection issue continues. We will attempt to reset Windows Winsock.

Please run the following:


Right mouse click on Desktop
Select "New"
Select "Shortcut"
Type "CMD.EXE" into the open block; Press Enter or click Next.
Shortcut Name should read "CMD.EXE" - Press enter or click finish.

This is your command window short cut.

Right mouse click on the CMD shortcut you just created.
Select Run as administrator. When prompted by the UAC, click Yes.
At the prompt type "netsh winsock reset" Press enter.
Reboot your computer.

Post back about how the computer connects to the wireless connection.

Post back how the computer connects to wireless "hot-spots" outside from home.


----------



## ufah (May 27, 2014)

same no changes

cheers


----------



## ufah (May 27, 2014)

Actually: since doing the fix you requested, I'm often getting a high percentage of disk & memory usage in the task manager that was not getting before. This happens while using only firefox, I think power dvd could be conflicting cause it keeps running in the task bar without actually using it. 

cheers


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

You seen to be familiar with the Task Manager for Windows. See if you can pick out the "high-use" program and post the name of it.

Run another scan of RSIT please.

*FRST - Farbar Recovery Scanner Tool for Vista-W7* 

*FRST64.exe* ... by Farbar Should still be on your desktop.


Right click on *FRST64.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button. ... A log will be created *FRST.txt* in the same directory the tool is run.
Please copy/paste *FRST.txt* it to your reply.


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

*It has been four days since my last post.*


Do you still need help?
Do you need more time?
Are you having problems following my instructions?
*These topics will self- close after 45 days without a response.*
*If you do not reply within the next 48 hours, I will remove this topic from my notification list.*
If you post back after 5 days but before 45 days, PM me and wait for a response.
If you still need help after 45 days post a new log on a new thread.


----------



## ufah (May 27, 2014)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by felicia (administrator) on ALLUN on 12-08-2014 06:18:20
Running from C:\Users\felicia\Pictures\New folder\1NoisseS
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-09] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = 
SearchScopes: HKCU - {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\dfebbkxa.default
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-08-10]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-08-01] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-15] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-08] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140808.002\IDSvia64.sys [525016 2014-08-08] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140810.021\ENG64.SYS [126040 2014-08-08] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140810.021\EX64.SYS [2099288 2014-08-08] (Symantec Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 20:51 - 2014-08-09 20:52 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-09 01:05 - 2013-08-10 18:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-08-09 01:05 - 2013-08-10 18:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-08-09 01:05 - 2013-08-10 16:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-08-09 01:05 - 2013-08-02 19:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-08-09 01:05 - 2013-08-02 19:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-09 01:05 - 2013-08-02 18:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-09 01:05 - 2013-08-02 18:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-08-09 01:05 - 2013-08-02 18:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-09 01:05 - 2013-07-25 12:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-08-09 01:05 - 2013-07-25 12:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-08-09 01:05 - 2013-04-10 12:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-08-09 01:05 - 2013-04-10 11:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-08-09 01:05 - 2013-03-02 21:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2014-08-09 01:05 - 2013-02-07 14:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-09 01:04 - 2014-02-04 12:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-09 01:04 - 2014-02-04 12:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-09 01:04 - 2014-01-31 16:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-08-09 01:04 - 2014-01-31 13:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-09 01:04 - 2014-01-31 13:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-08-09 01:04 - 2014-01-31 13:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-08-09 01:04 - 2014-01-31 13:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-09 01:04 - 2014-01-31 13:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-09 01:04 - 2014-01-31 13:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-08-09 01:04 - 2014-01-31 13:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-09 01:04 - 2014-01-27 16:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-09 01:04 - 2014-01-27 16:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-09 01:04 - 2014-01-27 13:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-09 01:04 - 2014-01-27 13:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-09 01:04 - 2014-01-16 12:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-09 01:04 - 2014-01-11 19:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-09 01:04 - 2014-01-11 18:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-09 01:04 - 2014-01-03 12:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-08-09 01:04 - 2014-01-03 12:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-08-09 01:04 - 2013-08-16 18:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-08-09 01:04 - 2013-08-03 19:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-08-09 01:04 - 2013-08-03 19:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-08-09 01:04 - 2013-08-03 19:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-08-09 01:04 - 2013-08-03 18:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-08-09 01:04 - 2013-08-03 18:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-08-09 01:04 - 2013-08-03 18:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-08-09 01:04 - 2013-08-02 19:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-09 01:04 - 2013-06-02 00:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-09 01:04 - 2013-06-02 00:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-08-09 01:04 - 2013-06-02 00:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-08-09 01:04 - 2013-06-02 00:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-09 01:04 - 2013-06-02 00:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-08-09 01:04 - 2013-06-01 23:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-09 01:04 - 2013-06-01 22:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-08-09 01:04 - 2013-06-01 22:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-09 01:04 - 2013-06-01 22:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-08-09 01:04 - 2013-06-01 22:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-08-09 01:04 - 2013-06-01 22:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-08-09 01:04 - 2013-06-01 22:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-08-09 01:04 - 2013-06-01 22:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-08-09 01:04 - 2013-06-01 22:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-08-09 01:04 - 2013-06-01 22:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-08-09 01:04 - 2013-06-01 22:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-08-09 01:04 - 2013-06-01 22:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-09 01:04 - 2013-06-01 22:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-09 01:04 - 2013-06-01 22:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-08-09 01:04 - 2013-06-01 22:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-08-09 01:04 - 2013-06-01 22:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-08-09 01:04 - 2013-06-01 22:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-08-09 01:04 - 2013-06-01 16:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-08-09 01:04 - 2013-05-25 11:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-09 01:04 - 2013-05-25 11:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-09 01:04 - 2013-05-25 11:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-08-09 01:04 - 2013-05-25 11:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-08-09 01:04 - 2013-03-02 23:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-08-09 01:04 - 2013-03-02 22:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-09 01:04 - 2013-03-02 15:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-09 01:03 - 2014-04-04 00:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-09 01:03 - 2014-04-03 16:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-08-09 01:03 - 2014-04-01 11:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-08-09 01:03 - 2014-03-25 12:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-08-09 01:03 - 2014-03-25 11:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-08-09 01:03 - 2013-10-09 11:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-09 01:03 - 2013-10-09 11:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-09 01:03 - 2013-10-09 11:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-09 01:03 - 2013-10-02 15:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-09 01:03 - 2013-09-28 18:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-08-09 01:03 - 2013-09-28 16:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-08-09 01:03 - 2013-09-25 11:18 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-08-09 01:03 - 2013-09-19 20:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-09 01:03 - 2013-09-14 11:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-08-09 01:03 - 2013-09-14 11:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-08-09 01:03 - 2013-08-30 18:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-08-09 01:03 - 2013-08-30 18:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-08-09 01:03 - 2013-08-30 18:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-08-09 01:03 - 2013-08-30 18:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-08-09 01:03 - 2013-08-30 12:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-08-09 01:03 - 2013-08-30 12:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-08-09 01:03 - 2013-08-30 12:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-08-09 01:03 - 2013-08-21 19:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-08-09 01:03 - 2013-08-16 18:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-09 01:03 - 2013-08-16 18:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-09 01:03 - 2013-08-16 11:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-09 01:03 - 2013-08-10 19:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-08-09 01:03 - 2013-08-10 18:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-09 01:03 - 2013-08-10 16:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-09 01:03 - 2013-07-25 12:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-09 01:03 - 2013-07-25 12:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-09 01:03 - 2013-06-17 11:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-08-09 01:03 - 2013-04-09 18:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-08-09 01:03 - 2013-04-09 18:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-08-09 01:03 - 2013-04-09 18:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-08-09 01:03 - 2013-04-09 17:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-08-09 01:03 - 2013-04-09 12:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-08-09 01:03 - 2013-04-09 12:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-08-09 01:03 - 2013-03-02 15:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-08-09 01:03 - 2013-03-02 15:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2014-08-09 01:02 - 2013-10-31 18:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-08-09 01:02 - 2013-10-31 18:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-08-09 01:02 - 2013-10-31 17:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-08-09 01:02 - 2013-10-31 16:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-08-09 01:02 - 2013-10-28 18:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-08-09 01:02 - 2013-10-28 17:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-08-09 01:02 - 2013-10-14 09:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-08-09 01:02 - 2013-10-09 14:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-09 01:02 - 2013-10-09 11:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-09 01:02 - 2013-10-09 11:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-09 01:02 - 2013-10-09 11:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-09 01:02 - 2013-10-09 11:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-09 01:02 - 2013-10-09 11:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-09 01:02 - 2013-10-09 11:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-09 01:02 - 2013-10-09 11:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-09 01:02 - 2013-10-09 11:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-09 01:02 - 2013-10-09 11:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-09 01:02 - 2013-10-05 19:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-08-09 01:02 - 2013-08-27 18:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-09 01:02 - 2013-08-27 18:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-08-09 01:02 - 2013-08-27 11:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-09 01:02 - 2013-08-27 11:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-08-09 01:02 - 2013-07-09 21:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-08-09 01:02 - 2013-07-09 19:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-08-09 01:02 - 2013-07-09 17:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-08-09 01:02 - 2013-07-09 16:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-08-09 01:02 - 2013-07-09 11:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-08-09 01:02 - 2013-07-09 11:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-08-09 01:02 - 2013-07-09 11:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2014-08-09 01:02 - 2013-07-09 11:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-08-09 01:02 - 2013-07-06 13:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-09 01:02 - 2013-07-03 13:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-08-09 01:02 - 2013-07-03 13:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-08-09 01:02 - 2013-07-03 13:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-09 01:02 - 2013-07-03 13:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-08-09 01:02 - 2013-07-03 13:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-08-09 01:02 - 2013-07-03 12:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-09 01:02 - 2013-07-01 11:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2014-08-09 01:02 - 2013-07-01 11:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2014-08-09 01:02 - 2013-06-29 19:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-08-09 01:02 - 2013-06-29 19:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-08-09 01:02 - 2013-06-29 14:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-09 01:02 - 2013-06-26 16:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-08-09 01:02 - 2013-06-26 15:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-08-09 01:02 - 2013-06-25 11:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-08-09 01:02 - 2013-06-25 11:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-08-09 01:02 - 2013-06-25 11:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-08-09 01:02 - 2013-06-19 18:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-08-09 01:02 - 2013-06-19 18:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-08-09 01:02 - 2013-06-19 11:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-08-09 01:02 - 2013-06-19 11:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-08-09 01:02 - 2013-06-12 12:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-08-09 01:02 - 2013-06-12 12:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-08-09 01:02 - 2013-06-11 10:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-08-09 01:02 - 2013-06-11 08:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-08-09 01:02 - 2013-06-11 08:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-09 01:02 - 2013-06-11 08:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-09 01:02 - 2013-06-11 08:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-09 01:02 - 2013-06-11 08:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-08-09 01:02 - 2013-06-11 08:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-08-09 01:02 - 2013-06-06 21:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-08-09 01:01 - 2014-03-01 22:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-09 01:01 - 2014-03-01 22:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-08-09 01:01 - 2014-03-01 21:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-08-09 01:01 - 2014-03-01 19:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-09 01:01 - 2014-02-27 12:40 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-09 01:01 - 2014-02-27 12:21 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-09 01:01 - 2014-02-27 12:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-09 01:01 - 2014-02-27 12:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-08-09 01:01 - 2014-02-27 12:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-09 01:01 - 2014-02-15 17:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-08-09 01:01 - 2013-11-26 12:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-08-08 16:27 - 2014-08-09 20:51 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-08 16:27 - 2014-08-09 20:51 - 00002465 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-08 16:27 - 2014-08-08 16:27 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 16:27 - 2014-08-08 16:27 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 16:27 - 2014-08-08 16:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-08 16:26 - 2014-08-09 20:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-08 16:26 - 2014-08-09 20:51 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-08 16:26 - 2014-08-08 16:26 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-07 17:43 - 2014-08-07 17:50 - 00000000 ____D () C:\Users\felicia\Documents\New folder
2014-08-07 17:37 - 2014-08-07 17:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-07 14:41 - 2014-08-07 14:42 - 00000000 ____D () C:\Users\felicia\Desktop\hggf
2014-08-07 14:18 - 2013-02-07 12:06 - 00692576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-07 14:18 - 2013-02-07 12:06 - 00078176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-06 23:29 - 2014-08-06 23:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-06 23:29 - 2014-06-26 17:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-06 23:02 - 2014-08-06 23:02 - 00002543 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2014-08-06 23:02 - 2014-08-06 23:02 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-08-06 23:01 - 2014-08-06 23:01 - 63210976 _____ (Microsoft Corporation) C:\Users\felicia\Downloads\PowerPointViewer.exe
2014-08-06 23:01 - 2014-08-06 23:01 - 25685128 _____ (Microsoft Corporation) C:\Users\felicia\Downloads\wordview_en-us.exe
2014-08-06 21:46 - 2014-03-07 13:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-06 21:46 - 2014-03-07 13:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-06 21:46 - 2013-01-29 14:57 - 00035232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-08-06 21:46 - 2013-01-29 12:08 - 00230904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-08-06 21:45 - 2013-11-01 18:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-08-06 21:45 - 2013-11-01 16:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-08-06 18:57 - 2014-08-06 18:57 - 00000000 ____D () C:\Users\felicia\AppData\Local\Adobe
2014-08-06 17:24 - 2014-08-05 22:07 - 00000000 ____D () C:\Windows.old
2014-08-06 17:23 - 2014-08-06 17:23 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-08-06 02:00 - 2014-08-06 13:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2431524154-3748180158-148446504-1001
2014-08-06 01:55 - 2014-08-06 01:55 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\clear.fiMVPSDK21
2014-08-06 01:52 - 2014-08-06 01:52 - 00000000 ____D () C:\Users\Public\OEM
2014-08-06 01:51 - 2014-08-06 12:24 - 00000000 ____D () C:\Users\felicia\AppData\Local\clear.fi
2014-08-06 01:38 - 2014-08-06 10:07 - 00000000 ____D () C:\Users\felicia\AppData\Local\HP
2014-08-06 01:27 - 2014-08-06 01:27 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-08-06 01:27 - 2014-08-06 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-06 01:27 - 2013-02-08 17:00 - 00755744 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2014-08-06 01:26 - 2014-08-06 01:26 - 00000000 ____D () C:\ProgramData\HP
2014-08-06 01:26 - 2014-08-06 01:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-06 01:24 - 2014-08-06 01:24 - 00000000 ____D () C:\Program Files\HP
2014-08-06 01:17 - 2014-08-06 01:17 - 00029327 _____ () C:\Users\felicia\Downloads\OQ1.1110001.odt
2014-08-06 01:16 - 2014-08-06 01:16 - 00030402 _____ () C:\Users\felicia\Downloads\QZ1.1100.odt
2014-08-05 23:49 - 2014-08-06 00:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-05 23:49 - 2014-08-05 23:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-05 23:49 - 2014-08-05 23:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 23:45 - 2014-08-05 23:45 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\CyberLink
2014-08-05 23:44 - 2014-08-06 01:49 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-05 23:44 - 2014-08-05 23:44 - 00001375 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
2014-08-05 23:44 - 2014-08-05 23:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13
2014-08-05 23:44 - 2014-08-05 23:44 - 00000000 ____D () C:\Users\felicia\AppData\Local\MediaServer
2014-08-05 23:44 - 2014-08-05 23:44 - 00000000 ____D () C:\Users\felicia\AppData\Local\CyberLink
2014-08-05 23:43 - 2014-08-05 23:43 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-08-05 23:41 - 2013-12-10 04:13 - 101085496 _____ () C:\Users\felicia\Downloads\CyberLink_PowerDVD_13.0.2720.57_Deluxe_DVD121220-02.exe
2014-08-05 23:38 - 2014-08-05 23:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-05 23:36 - 2014-08-05 23:36 - 00322816 _____ (FreshApp installer) C:\Users\felicia\Downloads\Cyberlink PowerDVD Ultra v13.0.3105 FULL Path.exe
2014-08-05 23:09 - 2014-08-05 23:09 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\OpenOffice
2014-08-05 23:03 - 2014-08-05 23:03 - 00001184 _____ () C:\Users\felicia\Desktop\OpenOffice 4.0.1.lnk
2014-08-05 23:03 - 2014-08-05 23:03 - 00000000 ___SD () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-08-05 23:03 - 2014-08-05 23:03 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-05 23:01 - 2014-08-05 23:01 - 00004161 _____ () C:\Users\felicia\Desktop\FRST64 - Shortcut.lnk
2014-08-05 23:01 - 2014-08-05 23:01 - 00003999 _____ () C:\Users\felicia\Desktop\FOCS300 - Shortcut.lnk
2014-08-05 22:31 - 2014-08-05 22:46 - 136295104 _____ () C:\Users\felicia\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-GB.exe
2014-08-05 22:24 - 2014-08-05 22:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 22:24 - 2014-08-05 22:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Mozilla
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Users\felicia\AppData\Local\Mozilla
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 22:23 - 2014-08-05 22:23 - 00244120 _____ () C:\Users\felicia\Downloads\Firefox Setup Stub 31.0.exe
2014-08-05 22:21 - 2014-08-05 22:21 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Macromedia
2014-08-05 21:10 - 2012-11-10 17:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-08-05 21:09 - 2013-08-07 18:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-08-05 21:09 - 2012-11-10 17:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-08-05 21:09 - 2012-11-10 17:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2014-08-05 21:09 - 2012-11-10 17:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2014-08-05 21:09 - 2012-11-10 17:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2014-08-05 21:00 - 2013-06-29 16:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-08-05 21:00 - 2013-05-04 17:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-08-05 20:37 - 2014-08-05 20:37 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Atheros
2014-08-05 20:36 - 2014-08-05 20:36 - 00013002 _____ () C:\Users\felicia\Desktop\Removed Apps.html
2014-08-05 20:36 - 2014-08-05 20:36 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-05 20:36 - 2014-08-05 20:36 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-08-05 20:35 - 2014-08-05 20:35 - 00001434 _____ () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-05 20:35 - 2014-08-05 20:35 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-08-05 20:31 - 2014-08-06 00:01 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Adobe
2014-08-05 20:31 - 2014-08-05 21:05 - 00000000 ____D () C:\Users\felicia\AppData\Local\CrashDumps
2014-08-05 20:31 - 2014-08-05 20:31 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Synaptics
2014-08-05 20:29 - 2014-08-06 10:07 - 00000000 ____D () C:\Users\felicia\AppData\Local\VirtualStore
2014-08-05 20:28 - 2014-08-12 02:54 - 01766321 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 20:28 - 2014-08-05 20:28 - 00003092 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-08-05 20:28 - 2014-08-05 20:28 - 00000020 ___SH () C:\Users\felicia\ntuser.ini
2014-08-05 20:27 - 2014-08-05 20:36 - 00000000 ____D () C:\Users\felicia
2014-08-05 20:27 - 2012-07-26 21:13 - 00000000 ___RD () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-05 20:27 - 2012-07-26 21:13 - 00000000 ___RD () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-05 20:27 - 2012-07-26 21:13 - 00000000 ___RD () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-05 20:27 - 2012-07-26 21:13 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-05 20:26 - 2014-08-05 20:27 - 00020958 _____ () C:\Windows\diagwrn.xml
2014-08-05 20:26 - 2014-08-05 20:27 - 00020958 _____ () C:\Windows\diagerr.xml
2014-08-05 19:53 - 2014-08-05 21:57 - 00000000 ___HD () C:\$SysReset
2014-08-04 22:26 - 2014-08-04 22:27 - 173625464 _____ () C:\Users\felicia\Downloads\PowerDVD_13.0.3919.58_Patch_DVD131205-11.exe
2014-08-04 14:25 - 2014-08-04 14:25 - 00049152 ___SH () C:\Users\felicia\Desktop\Thumbs.db
2014-08-04 13:57 - 2014-08-04 13:57 - 00019968 ___SH () C:\Users\felicia\Thumbs.db
2014-07-31 14:58 - 2014-08-08 16:21 - 00000000 ____D () C:\Users\felicia\Desktop\2nOISSES

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 06:18 - 2014-06-27 22:31 - 00000000 ____D () C:\FRST
2014-08-12 06:00 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-12 03:40 - 2013-06-02 04:04 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-08-12 02:54 - 2014-08-05 20:28 - 01766321 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 01:05 - 2012-07-26 20:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-12 00:55 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-11 10:21 - 2012-07-26 20:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-10 19:17 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\rescache
2014-08-10 10:37 - 2013-04-13 17:50 - 00037712 _____ () C:\Windows\PFRO.log
2014-08-10 10:37 - 2012-07-26 21:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-10 10:37 - 2012-07-26 20:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 02:48 - 2012-07-26 21:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-10 02:48 - 2012-07-26 21:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-10 02:48 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-10 02:48 - 2012-07-26 21:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-08-10 02:48 - 2012-07-26 21:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-08-10 02:47 - 2012-07-26 18:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-08-09 20:52 - 2014-08-09 20:51 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-09 20:51 - 2014-08-08 16:27 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-09 20:51 - 2014-08-08 16:27 - 00002465 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-09 20:51 - 2014-08-08 16:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-09 20:51 - 2014-08-08 16:26 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-08 22:34 - 2013-04-13 20:12 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-08 22:33 - 2012-07-26 18:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-08 16:27 - 2014-08-08 16:27 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 16:27 - 2014-08-08 16:27 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 16:27 - 2014-08-08 16:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-08 16:27 - 2013-06-02 04:39 - 00000000 ____D () C:\ProgramData\Norton
2014-08-08 16:27 - 2012-07-26 18:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-08 16:26 - 2014-08-08 16:26 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 16:21 - 2014-07-31 14:58 - 00000000 ____D () C:\Users\felicia\Desktop\2nOISSES
2014-08-08 16:19 - 2013-04-13 20:12 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-07 17:50 - 2014-08-07 17:43 - 00000000 ____D () C:\Users\felicia\Documents\New folder
2014-08-07 17:37 - 2014-08-07 17:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-07 17:37 - 2012-07-26 20:21 - 00026937 _____ () C:\Windows\setupact.log
2014-08-07 14:42 - 2014-08-07 14:41 - 00000000 ____D () C:\Users\felicia\Desktop\hggf
2014-08-07 14:36 - 2012-07-26 18:37 - 00000000 ____D () C:\Windows\servicing
2014-08-07 13:54 - 2012-07-26 21:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-07 13:54 - 2012-07-26 21:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-07 13:54 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-08-07 13:54 - 2012-07-26 21:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-08-07 13:54 - 2012-07-26 21:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-08-07 13:54 - 2012-07-26 20:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-07 13:54 - 2012-07-26 18:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-07 13:54 - 2012-07-26 18:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-07 13:53 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-07 13:53 - 2012-07-26 21:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-06 23:31 - 2014-08-06 23:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-06 23:02 - 2014-08-06 23:02 - 00002543 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2014-08-06 23:02 - 2014-08-06 23:02 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-08-06 23:02 - 2013-06-02 04:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-06 23:01 - 2014-08-06 23:01 - 63210976 _____ (Microsoft Corporation) C:\Users\felicia\Downloads\PowerPointViewer.exe
2014-08-06 23:01 - 2014-08-06 23:01 - 25685128 _____ (Microsoft Corporation) C:\Users\felicia\Downloads\wordview_en-us.exe
2014-08-06 18:57 - 2014-08-06 18:57 - 00000000 ____D () C:\Users\felicia\AppData\Local\Adobe
2014-08-06 17:24 - 2013-12-10 21:59 - 00000000 ____D () C:\Windows.old(1)
2014-08-06 17:24 - 2012-07-26 21:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-08-06 17:23 - 2014-08-06 17:23 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-08-06 13:58 - 2014-08-06 02:00 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2431524154-3748180158-148446504-1001
2014-08-06 13:45 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-06 12:24 - 2014-08-06 01:51 - 00000000 ____D () C:\Users\felicia\AppData\Local\clear.fi
2014-08-06 10:07 - 2014-08-06 01:38 - 00000000 ____D () C:\Users\felicia\AppData\Local\HP
2014-08-06 10:07 - 2014-08-05 20:29 - 00000000 ____D () C:\Users\felicia\AppData\Local\VirtualStore
2014-08-06 01:55 - 2014-08-06 01:55 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\clear.fiMVPSDK21
2014-08-06 01:52 - 2014-08-06 01:52 - 00000000 ____D () C:\Users\Public\OEM
2014-08-06 01:49 - 2014-08-05 23:44 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-06 01:27 - 2014-08-06 01:27 - 00002216 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2014-08-06 01:27 - 2014-08-06 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-06 01:26 - 2014-08-06 01:26 - 00000000 ____D () C:\ProgramData\HP
2014-08-06 01:26 - 2014-08-06 01:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-06 01:24 - 2014-08-06 01:24 - 00000000 ____D () C:\Program Files\HP
2014-08-06 01:17 - 2014-08-06 01:17 - 00029327 _____ () C:\Users\felicia\Downloads\OQ1.1110001.odt
2014-08-06 01:16 - 2014-08-06 01:16 - 00030402 _____ () C:\Users\felicia\Downloads\QZ1.1100.odt
2014-08-06 00:02 - 2014-08-05 23:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-06 00:01 - 2014-08-05 20:31 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Adobe
2014-08-05 23:49 - 2014-08-05 23:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-05 23:49 - 2014-08-05 23:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 23:45 - 2014-08-05 23:45 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\CyberLink
2014-08-05 23:45 - 2013-06-02 04:42 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-05 23:44 - 2014-08-05 23:44 - 00001375 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
2014-08-05 23:44 - 2014-08-05 23:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13
2014-08-05 23:44 - 2014-08-05 23:44 - 00000000 ____D () C:\Users\felicia\AppData\Local\MediaServer
2014-08-05 23:44 - 2014-08-05 23:44 - 00000000 ____D () C:\Users\felicia\AppData\Local\CyberLink
2014-08-05 23:43 - 2014-08-05 23:43 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-08-05 23:42 - 2013-06-02 04:40 - 00000000 ____D () C:\ProgramData\Temp
2014-08-05 23:42 - 2013-06-02 04:40 - 00000000 ____D () C:\ProgramData\install_clap
2014-08-05 23:42 - 2013-06-02 04:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 23:38 - 2014-08-05 23:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-05 23:36 - 2014-08-05 23:36 - 00322816 _____ (FreshApp installer) C:\Users\felicia\Downloads\Cyberlink PowerDVD Ultra v13.0.3105 FULL Path.exe
2014-08-05 23:23 - 2013-04-13 20:10 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-08-05 23:22 - 2013-04-13 20:10 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-05 23:09 - 2014-08-05 23:09 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\OpenOffice
2014-08-05 23:03 - 2014-08-05 23:03 - 00001184 _____ () C:\Users\felicia\Desktop\OpenOffice 4.0.1.lnk
2014-08-05 23:03 - 2014-08-05 23:03 - 00000000 ___SD () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-08-05 23:03 - 2014-08-05 23:03 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-08-05 23:01 - 2014-08-05 23:01 - 00004161 _____ () C:\Users\felicia\Desktop\FRST64 - Shortcut.lnk
2014-08-05 23:01 - 2014-08-05 23:01 - 00003999 _____ () C:\Users\felicia\Desktop\FOCS300 - Shortcut.lnk
2014-08-05 22:58 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\restore
2014-08-05 22:46 - 2014-08-05 22:31 - 136295104 _____ () C:\Users\felicia\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-GB.exe
2014-08-05 22:24 - 2014-08-05 22:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 22:24 - 2014-08-05 22:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Mozilla
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Users\felicia\AppData\Local\Mozilla
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 22:24 - 2014-08-05 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-05 22:23 - 2014-08-05 22:23 - 00244120 _____ () C:\Users\felicia\Downloads\Firefox Setup Stub 31.0.exe
2014-08-05 22:21 - 2014-08-05 22:21 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Macromedia
2014-08-05 22:07 - 2014-08-06 17:24 - 00000000 ____D () C:\Windows.old
2014-08-05 21:57 - 2014-08-05 19:53 - 00000000 ___HD () C:\$SysReset
2014-08-05 21:05 - 2014-08-05 20:31 - 00000000 ____D () C:\Users\felicia\AppData\Local\CrashDumps
2014-08-05 20:37 - 2014-08-05 20:37 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Atheros
2014-08-05 20:36 - 2014-08-05 20:36 - 00013002 _____ () C:\Users\felicia\Desktop\Removed Apps.html
2014-08-05 20:36 - 2014-08-05 20:36 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-05 20:36 - 2014-08-05 20:36 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-08-05 20:36 - 2014-08-05 20:27 - 00000000 ____D () C:\Users\felicia
2014-08-05 20:36 - 2013-04-13 18:38 - 00000000 ___HD () C:\OEM
2014-08-05 20:35 - 2014-08-05 20:35 - 00001434 _____ () C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-05 20:35 - 2014-08-05 20:35 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-08-05 20:35 - 2013-11-05 20:55 - 00000000 ____D () C:\Users\felicia\AppData\Local\Packages
2014-08-05 20:31 - 2014-08-05 20:31 - 00000000 ____D () C:\Users\felicia\AppData\Roaming\Synaptics
2014-08-05 20:28 - 2014-08-05 20:28 - 00003092 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-08-05 20:28 - 2014-08-05 20:28 - 00000020 ___SH () C:\Users\felicia\ntuser.ini
2014-08-05 20:28 - 2012-07-26 21:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-08-05 20:28 - 2012-07-26 21:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-08-05 20:27 - 2014-08-05 20:26 - 00020958 _____ () C:\Windows\diagwrn.xml
2014-08-05 20:27 - 2014-08-05 20:26 - 00020958 _____ () C:\Windows\diagerr.xml
2014-08-05 20:27 - 2013-04-13 18:49 - 00000000 ____D () C:\Windows\Panther
2014-08-05 20:27 - 2012-07-26 21:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-05 12:47 - 2014-05-19 21:48 - 00000000 ____D () C:\Users\felicia\Downloads\cyber
2014-08-05 12:45 - 2013-11-11 23:05 - 00000000 ____D () C:\Users\felicia\Documents\Bluetooth Folder
2014-08-05 12:43 - 2013-12-19 12:37 - 00000000 ____D () C:\Users\felicia\Downloads\OpenOffice 4.0.1 (en-US) Installation Files
2014-08-05 12:43 - 2013-12-15 22:01 - 00000000 ___RD () C:\Users\felicia\Documents\Notes
2014-08-05 12:43 - 2013-11-07 23:13 - 00000000 ____D () C:\Users\felicia\Documents\clear2.fi
2014-08-05 12:41 - 2013-12-19 02:53 - 00000000 ____D () C:\Users\felicia\Documents\Fax
2014-08-05 12:41 - 2013-11-06 00:15 - 00000000 ____D () C:\Users\felicia\Documents\CyberLink
2014-08-04 22:27 - 2014-08-04 22:26 - 173625464 _____ () C:\Users\felicia\Downloads\PowerDVD_13.0.3919.58_Patch_DVD131205-11.exe
2014-08-04 22:25 - 2013-12-02 18:09 - 00000000 ____D () C:\Users\felicia\Downloads\rsgnitwoh
2014-08-04 14:25 - 2014-08-04 14:25 - 00049152 ___SH () C:\Users\felicia\Desktop\Thumbs.db
2014-08-04 13:57 - 2014-08-04 13:57 - 00019968 ___SH () C:\Users\felicia\Thumbs.db

Some content of TEMP:
====================
C:\Users\felicia\AppData\Local\Temp\COMAP.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-04-13 17:50

==================== End Of Log ============================


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

I still need you to identify the program in the task manager that is the causing the high usage.

If you need help let me know,

wbg


----------



## ufah (May 27, 2014)

Hi wbg,

PowerDVD13, NIS are the programs that task mngr shows taking high usage at certain times.
Power dvd13 keeps running even when not in use.

cheers


----------



## wannabeageek (Nov 12, 2009)

Hi Ufah,

It looks like you picked up McAfee SiteAdvisor during one of your program updates. Probably during an Adobe update.

Please uninstall McAfee SiteAdvisor as you have no need of it with NIS installed. This also could be causing the high memory usage of NIS as anti-virus programs will compete for control.

*Step 1.*
*Remove Program(s)*
If you are at the *Start* screen, then *Right-click* in the screen's *bottom-right corner*. A circle with three lines in it with the text *All Apps*will pop up at the bottom of the screen. *Left Click* it and choose the *Control Panel* from the list of apps that will pop up. You will probably find it all the way to the right. You will probably need to use the scroll bar at the bottom of the screen to get to it. Once at the Control Panel continue the same way as you would if you came from the *Desktop*
If you are at the *Desktop* then pull the mouse quickly to the right lower corner of the screen. The panel with a number of choices opens up. Click on settings and a list of Settings is shown. Select *Control Panel*.
When the Control Panel appears, choose *Programs and Features*.
Locate the following program:
*McAfee SiteAdvisor*
Click it to choose it and then give the permission to go ahead if the computer asks for it.
*Carefully read any prompts...* 
_Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!_
When the program(s) have been uninstalled... Close *Control Panel*.

It appears that you have downloaded and ran the newest version of FRST. The tools we have you download are designed to work from the desktop. Please move FRST to your desktop.


> Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) *Version: 10-08-2014 01*
> Ran by felicia (administrator) on ALLUN on 12-08-2014 06:18:20
> Running from *C:\Users\felicia\Pictures\New folder\1NoisseS*


We needed to do this before, but until now it was not possible.

*Step 2.*

Click *Start*
Type *notepad.exe* in the *search programs and files* box and click *Enter*.
A blank Notepad page should open.
Copy/Paste the contents of the quote box below into Notepad.




> EmptyTemp:




Save it to the same folder/directory that FRST.exe is in, naming it as *fixlist.txt*


*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* in the same folder/directory as FRST64.exe
*Please post me the log*


Do you use PowerDVD13 to automatically update any data files or programs? Y/N
If not, we can turn the service off for auto-loading on start up. Afterwards, you will need to maunally start the program to use it.
There should be an ICON on the bottom right corner of the taskbar for PowerDVD13. I think there is no disable function to the ICON, but you should check.


----------



## ufah (May 27, 2014)

Hi wbg,

All done.
1st I moved the* frst.exe* back to the desktop which is where I originally downloaded.
2nd I proceeded to remove McAfee but something funny happened: when I right clicked on
the program it gave the choice of uninstall or change together, so I click on it...it did not proceed
as when I've uninstalled other programs, thus you get a small window alerting you of that program trying to perform changes to the Pc, it simple disappear the McAfee program from ctrl panel alphabetical list.
Afterwards, I've proceed to prepare the notepad fix, run the scan, press for fixing, which did quite fast and prompt me to restart the machine. It went fine, took little time restarting and here I've attached the log. Also, in regards of Powerdvd13, I do not use to update anything. I've tried putting a patch on it before but was not helpful, so I uninstalled the patch.

No changes so far, walked around the household and as soon as I get far from the modem, signal goes minimum whereas the flatmates keep good signal even when situated far from modem/router.
Last is the log:

cheers

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by felicia at 2014-08-17 14:52:26 Run:3
Running from C:\Users\felicia\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp: 
*****************

EmptyTemp: => Removed 96 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Have you tried to uninstall PowerDVD13?


----------



## ufah (May 27, 2014)

Hi wbg,

Yes I have, as well as NIS both have been reinstalled.

It is been over a month since we are trying various things, I will bump up an try in a networking forum.
I thank you for your time and consideration. 

cheers


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

I am sorry this has been taking so long. Sometimes it just does.

The question I had about PowerDVD13 was intended for you to remove it completely and see if there is any performance change. You did state that you do not use this program.

McAfee programs never completely uninstall themselves. There are always remnant files and folders that need to be removed manually. It is a problem I had with this computer I use. The NIS high usage could be a result of one or more of these McAfee files.

When you re-install programs after being directed to remove them makes the process take longer and more difficult to find the source cause of the issue(s).

If you intend to move on to a network forum, please click the "Mark Solved" button at the top or the bottom of the page.

Thank you,
wbg


----------



## etaf (Oct 2, 2003)

before you try in the networking forum, you need to make sure you have uninstalled any programs and followed *wannabeageek * advice.
Otherwise , there will be a further considerable delay as in the networking forum, they will try a few standard diagnoses and may come to the conclusion the PC has malware on it and just refer you back to this forum for investigation.

Only qualified and approved members may investigate and resolve virus or malware issues. And usually threads are moved into this forum where normal members are not allowed to reply

*wannabeageek* I assume this pc still has potentially a malware/virus on it ?


----------



## wannabeageek (Nov 12, 2009)

etaf said:


> before you try in the networking forum, SNIP %<-----------
> *wannabeageek* I assume this pc still has potentially a malware/virus on it ?


Thank you Wayne for your input. Your assumption is correct in that I have not cleared his PC for malware or infection issues. 
I am not sure if there is a communication issue due to language differences or if my instructions are not clear enough. But when the OP re-installs programs after being asked to remove them does make the process more difficult.

wbg


----------



## etaf (Oct 2, 2003)

*@	ufah *

As *wannabeageek* has said


> I have not cleared his PC for malware or infection issues.


 theres no point in asking in the network forum, as members there are not usually malware/virus experts
you will see I'm a major contributor to the networking forum, and often , if i suspect its a maleware issue,refer to this forum

I would recommend that you take the time to follow *wannabeageek* recommendation and do exactly as requested , will make the job much quicker and hopefully resolve the network issue - or at least have a confirmation that the PC is clean.


----------



## ufah (May 27, 2014)

Hi Wbg nd etaf,

thanks for your time and sorry for a late reply,


----------



## ufah (May 27, 2014)

> . Your assumption is correct in that I have not cleared his PC for malware or infection issues.
> I am not sure if there is a communication issue due to language differences or if my instructions are not clear enough. But when the OP re-installs programs after being asked to remove them does make the process more difficult.


can we address the malware possibilities then?

cheers


----------



## wannabeageek (Nov 12, 2009)

ufah said:


> can we address the malware possibilities then?
> 
> cheers


Yes we can. However I am going to need a few scans from you. I do not understand why your DDS scans come out garbled. I have a Windows 8/8.1 computer and have no trouble with producing normal logs.

Here are some guidelines I need you to follow:

 *The instructions being given are for YOUR computer and system only!*
Using these instructions on a different computer *can cause damage *to that computer and possibly/probably *render it inoperable*!
 *DO NOT run any other fix or removal tools unless instructed to do so!*
 *DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.*
 *Only *post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
 *Print each set of instructions *if possible - your Internet connection will not be available during some fix processes.
 Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 *Only *reply to this thread, do not start another one. Please, continue responding, until I give you the "*All Clean!*" :cheers:

*Absence of symptoms does not mean that everything is clear.*

Please run the following and post each log separately:

*Step 1.*
*OTL*
Instructions are written for Internet Explorer.
Please download *OTL* ... by Old Timer.

From the delta arrow next to the save button, select "Save as".
From the "Save As" window select "Desktop" Then click on Save.
Right click on *OTL.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Click the *Scan All Users* checkbox.
Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
_Leave the remaining selections to the default settings._
Click on *Run Scan* at the top left hand corner.
When done, two Notepad files will open.
*OTL.txt* <-- _Will be opened, maximized_ 
*Extras.txt* <-- _Will be minimized on task bar._

Please post the contents of both *OTL.txt* and *Extras.txt* files in your next reply.

*Step 2.*
*RSIT (Random's System Information Tool) *
Please download *RSITx64* by random/random... save it to your desktop.

Right click on *RSIT.exe* and select *"Run As Administrator"* to run it. If Windows *UAC* prompts you, please allow it.
Please read the disclaimer... click on *Continue*.
*RSIT* will start running. When done... *2 logs files*...will be produced. 
The first one, *"log.txt"*, <<will be maximized... the second one, *"info.txt"*, <<will be minimized.
Please post both... *"log.txt"* and *"info.txt"*, file contents in your next reply.
(These logs can be lengthy, so a separate post may be needed.)

*Please include in your next reply:*

Contents of OTL.txt
Contents of Extras.txt
Contents of log.txt
Contents of info.txt
*Any problem executing the instructions?*
Thanks, 
wbg


----------



## ufah (May 27, 2014)

Thanks Wbg,
will try to get all this done by this weekend,

cheers


----------



## wannabeageek (Nov 12, 2009)

Hi ufah.

*It has been three days since my last post.*


Do you still need help?
Do you need more time?
Are you having problems following my instructions?
*These topics will self- close after 45 days without a response.*
*If you do not reply within the next 48 hours, I will remove this topic from my notification list.*
If you post back after 5 days but before 45 days, PM me and wait for a response.
If you still need help after 45 days post a new log on a new thread.


----------



## ufah (May 27, 2014)

Sorry for the delay,


----------



## ufah (May 27, 2014)

having trouble posting sorry, when I try to upload the post it redirects me to:
http://forums.techguy.org/newreply.php?do=postreply&t=1127715, but doesn't upload my post with the logs.


----------



## ufah (May 27, 2014)

Hi wbg,
it seems these post are indeed too long and I've never noticed before the 100000 character limit,
so will use a few.

cheers

OTL logfile created on: 3/09/2014 11:18:26 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\felicia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17054)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.44 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 57.21% Memory free
4.92 Gb Paging File | 3.11 Gb Available in Paging File | 63.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 185.85 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive D: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALLUN | User Name: felicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/02 20:50:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\felicia\Desktop\OTL.exe
PRC - [2014/08/17 00:32:43 | 001,868,976 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
PRC - [2014/08/01 10:03:57 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
PRC - [2014/07/17 18:42:02 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/07 03:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/03/20 18:23:33 | 000,513,048 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe

========== Modules (No Company Name) ==========

MOD - [2014/08/17 00:32:42 | 017,048,240 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
MOD - [2014/07/17 18:42:24 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/20 18:24:55 | 000,043,272 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DHProcedure\DHProcedure.dll
MOD - [2011/08/24 15:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_ssl.pyd
MOD - [2011/08/24 15:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_ctypes.pyd
MOD - [2011/08/24 15:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_socket.pyd

========== Services (SafeList) ==========

SRV:*64bit:* - [2014/05/30 12:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:*64bit:* - [2014/03/29 21:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:*64bit:* - [2013/08/16 18:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:*64bit:* - [2013/06/25 11:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:*64bit:* - [2013/06/01 22:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:*64bit:* - [2013/05/04 19:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:*64bit:* - [2013/05/04 19:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:*64bit:* - [2013/04/09 17:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:*64bit:* - [2013/03/15 18:00:12 | 000,662,088 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:*64bit:* - [2013/03/15 14:43:30 | 000,431,656 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe -- (LMSvc)
SRV:*64bit:* - [2013/03/13 17:03:00 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2013/03/02 15:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:*64bit:* - [2013/03/02 15:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:*64bit:* - [2013/01/10 12:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:*64bit:* - [2012/11/17 10:07:20 | 000,469,648 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService)
SRV:*64bit:* - [2012/11/06 17:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:*64bit:* - [2012/09/20 19:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:*64bit:* - [2012/07/26 16:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:*64bit:* - [2012/07/26 16:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:*64bit:* - [2012/07/26 16:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:*64bit:* - [2012/07/26 16:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:*64bit:* - [2012/07/26 16:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:*64bit:* - [2012/07/26 16:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:*64bit:* - [2012/07/26 16:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:*64bit:* - [2012/07/26 16:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:*64bit:* - [2012/07/26 16:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:*64bit:* - [2012/07/26 16:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:*64bit:* - [2012/07/26 13:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:*64bit:* - [2012/07/26 13:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:*64bit:* - [2012/07/26 13:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:*64bit:* - [2012/07/26 13:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:*64bit:* - [2012/07/26 13:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:*64bit:* - [2012/07/26 13:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2014/08/01 10:03:57 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe -- (NIS)
SRV - [2014/07/17 18:42:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/09 02:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/07 03:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/12/07 03:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/15 14:25:28 | 000,228,480 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/11/06 17:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 16:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014/08/08 16:27:10 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:*64bit:* - [2014/07/23 18:13:11 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\symnets.sys -- (SymNetS)
DRV:*64bit:* - [2014/07/23 18:13:10 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\symefa64.sys -- (SymEFA)
DRV:*64bit:* - [2014/07/23 17:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:*64bit:* - [2014/03/29 08:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:*64bit:* - [2014/03/24 11:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:*64bit:* - [2013/12/07 03:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys -- (PSI)
DRV:*64bit:* - [2013/10/11 00:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:*64bit:* - [2013/10/05 19:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:*64bit:* - [2013/10/02 15:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:*64bit:* - [2013/09/27 15:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\ironx64.sys -- (SymIRON)
DRV:*64bit:* - [2013/09/26 15:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:*64bit:* - [2013/09/10 15:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\symelam.sys -- (SymELAM)
DRV:*64bit:* - [2013/09/10 15:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\symds64.sys -- (SymDS)
DRV:*64bit:* - [2013/09/10 14:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:*64bit:* - [2013/08/16 18:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:*64bit:* - [2013/08/10 19:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:*64bit:* - [2013/07/09 21:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:*64bit:* - [2013/07/02 14:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:*64bit:* - [2013/07/02 14:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:*64bit:* - [2013/06/29 19:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2013/06/01 16:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:*64bit:* - [2013/04/15 14:06:16 | 000,584,272 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:*64bit:* - [2013/04/15 14:06:14 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:*64bit:* - [2013/04/15 14:06:14 | 000,136,784 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:*64bit:* - [2013/04/15 14:06:14 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:*64bit:* - [2013/04/15 14:06:12 | 000,346,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:*64bit:* - [2013/04/15 14:06:12 | 000,115,280 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:*64bit:* - [2013/04/15 14:06:12 | 000,089,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:*64bit:* - [2013/04/15 14:06:12 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:*64bit:* - [2013/03/29 10:01:18 | 003,776,512 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:*64bit:* - [2013/03/13 18:58:20 | 011,644,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2013/03/13 16:34:16 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2013/03/02 23:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:*64bit:* - [2013/03/02 23:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:*64bit:* - [2013/02/15 00:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:*64bit:* - [2013/02/06 01:54:18 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2013/01/10 16:23:14 | 000,021,360 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LMDriver.sys -- (LMDriver)
DRV:*64bit:* - [2013/01/10 16:23:14 | 000,015,704 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioShim.sys -- (RadioShim)
DRV:*64bit:* - [2013/01/10 14:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:*64bit:* - [2012/12/19 11:36:44 | 000,119,528 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:*64bit:* - [2012/12/01 12:40:16 | 000,048,760 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrsd.sys -- (AthrSdSrv)
DRV:*64bit:* - [2012/11/27 16:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:*64bit:* - [2012/11/20 17:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:*64bit:* - [2012/11/06 16:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:*64bit:* - [2012/10/12 21:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/10/11 20:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:*64bit:* - [2012/09/20 20:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2012/09/20 20:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2012/08/29 01:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:*64bit:* - [2012/07/26 18:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/07/26 18:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:*64bit:* - [2012/07/26 18:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:*64bit:* - [2012/07/26 18:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:*64bit:* - [2012/07/26 18:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:*64bit:* - [2012/07/26 18:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:*64bit:* - [2012/07/26 18:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:*64bit:* - [2012/07/26 18:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2012/07/26 18:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2012/07/26 18:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:*64bit:* - [2012/07/26 18:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2012/07/26 18:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:*64bit:* - [2012/07/26 18:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:*64bit:* - [2012/07/26 18:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2012/07/26 18:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:*64bit:* - [2012/07/26 18:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2012/07/26 18:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2012/07/26 17:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:*64bit:* - [2012/07/26 17:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:*64bit:* - [2012/07/26 16:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:*64bit:* - [2012/07/26 15:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:*64bit:* - [2012/07/26 15:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:*64bit:* - [2012/07/26 15:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:*64bit:* - [2012/07/26 15:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:*64bit:* - [2012/07/26 15:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:*64bit:* - [2012/07/26 15:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:*64bit:* - [2012/07/26 15:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:*64bit:* - [2012/07/26 15:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:*64bit:* - [2012/07/26 15:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:*64bit:* - [2012/07/26 15:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:*64bit:* - [2012/07/26 15:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:*64bit:* - [2012/07/26 15:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:*64bit:* - [2012/07/26 15:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:*64bit:* - [2012/07/26 15:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2012/07/26 15:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:*64bit:* - [2012/07/26 15:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:*64bit:* - [2012/07/26 15:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/07/26 15:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:*64bit:* - [2012/07/26 15:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:*64bit:* - [2012/07/26 15:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:*64bit:* - [2012/07/26 15:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:*64bit:* - [2012/07/26 15:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV - [2014/08/31 02:58:53 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.003\ex64.sys -- (NAVEX15)
DRV - [2014/08/31 02:58:53 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.003\eng64.sys -- (NAVENG)
DRV - [2014/08/30 10:17:21 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/19 11:20:24 | 001,588,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/08/08 16:19:04 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/08 16:19:04 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148}
IE:*64bit:* - HKLM\..\SearchScopes\{6373B1FB-6035-4DB4-82AB-4DB5FCAF4148}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE:*64bit:* - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148}
IE - HKLM\..\SearchScopes\{6373B1FB-6035-4DB4-82AB-4DB5FCAF4148}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {6373B1FB-6035-4DB4-82AB-4DB5FCAF4148}
IE - HKCU\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://au.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/09/02 13:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/08/05 22:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\felicia\AppData\Roaming\Mozilla\Extensions
[2014/08/05 22:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\dfebbkxa.default\extensions
[2014/08/05 22:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/05 22:24:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/07/26 18:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:*64bit:* - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:*64bit:* - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4:*64bit:* - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:*64bit:* - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B12B19E4-AC50-4337-957B-1EC86FA3FA54}: DhcpNameServer = 192.168.1.1
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/03 00:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/09/03 00:56:55 | 000,000,000 | ---D | C] -- C:\rsit
[2014/09/02 20:50:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\felicia\Desktop\OTL.exe
[2014/08/21 21:25:38 | 000,059,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/21 21:25:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014/08/21 21:25:35 | 001,623,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/21 21:25:35 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014/08/18 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Secunia PSI
[2014/08/18 23:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014/08/18 02:53:54 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Adobe
[2014/08/17 14:35:52 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Macromedia
[2014/08/15 16:32:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/15 16:32:11 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/15 16:32:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/15 16:32:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/15 16:32:08 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/15 16:32:08 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/15 16:32:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/15 16:32:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/15 16:32:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/15 16:32:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/15 16:32:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/15 16:32:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/15 16:32:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/15 16:32:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/15 16:32:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/15 16:32:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/15 16:32:01 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/15 16:32:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/08/15 16:32:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/08/15 16:31:57 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/08/15 16:31:54 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/15 16:31:54 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/15 16:17:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/15 16:17:12 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/15 09:46:48 | 000,328,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2014/08/15 09:44:13 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/15 09:44:12 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/13 12:48:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2014/08/13 12:48:20 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/13 12:47:42 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2014/08/13 12:47:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2014/08/13 12:47:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/08/13 12:47:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/08/13 12:47:40 | 001,824,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/13 12:47:40 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2014/08/13 12:47:36 | 006,974,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/13 12:47:35 | 000,693,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2014/08/13 12:47:35 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014/08/13 12:46:36 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2014/08/13 12:46:33 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/13 12:46:33 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/13 12:46:32 | 002,885,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/13 12:46:29 | 000,112,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/13 12:46:27 | 008,857,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014/08/13 12:46:24 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014/08/13 12:46:24 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/13 12:46:23 | 002,306,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/13 12:46:09 | 001,312,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/13 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\BMExplorer
[2014/08/13 11:49:57 | 000,704,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/13 11:49:57 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/13 11:43:51 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/08/13 11:34:03 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Diagnostics
[2014/08/09 01:05:08 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2014/08/09 01:05:06 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2014/08/09 01:05:06 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2014/08/09 01:05:06 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2014/08/09 01:05:06 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2014/08/09 01:05:05 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2014/08/09 01:05:04 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2014/08/09 01:05:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2014/08/09 01:04:59 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/08/09 01:04:58 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2014/08/09 01:04:56 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2014/08/09 01:04:56 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2014/08/09 01:04:56 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2014/08/09 01:04:56 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2014/08/09 01:04:56 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2014/08/09 01:04:56 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2014/08/09 01:04:35 | 005,979,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/08/09 01:04:33 | 005,092,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/08/09 01:04:33 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/09 01:04:32 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/09 01:04:32 | 000,332,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/08/09 01:04:27 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2014/08/09 01:04:22 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2014/08/09 01:04:12 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2014/08/09 01:04:11 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/08/09 01:04:11 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2014/08/09 01:04:10 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2014/08/09 01:04:08 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2014/08/09 01:04:07 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2014/08/09 01:04:06 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2014/08/09 01:04:06 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/08/09 01:04:05 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/08/09 01:04:05 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/08/09 01:04:04 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/08/09 01:04:04 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2014/08/09 01:04:04 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2014/08/09 01:04:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2014/08/09 01:04:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2014/08/09 01:04:02 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2014/08/09 01:04:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2014/08/09 01:04:01 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2014/08/09 01:04:00 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2014/08/09 01:03:57 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/08/09 01:03:57 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/08/09 01:03:57 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/08/09 01:03:57 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2014/08/09 01:03:41 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2014/08/09 01:03:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2014/08/09 01:03:29 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2014/08/09 01:03:27 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2014/08/09 01:03:24 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2014/08/09 01:03:23 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2014/08/09 01:03:22 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2014/08/09 01:03:22 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2014/08/09 01:03:22 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2014/08/09 01:03:22 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2014/08/09 01:03:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
..............to continue in next post due to length


----------



## ufah (May 27, 2014)

continue from otl

[2014/08/09 01:03:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/09 01:03:12 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/09 01:03:12 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2014/08/09 01:03:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/09 01:03:02 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/08/09 01:03:02 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resutils.dll
[2014/08/09 01:03:02 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2014/08/09 01:03:01 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/09 01:03:01 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/09 01:03:01 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resutils.dll
[2014/08/09 01:03:01 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2014/08/09 01:03:01 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clusapi.dll
[2014/08/09 01:02:58 | 000,285,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2014/08/09 01:02:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/09 01:02:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/09 01:02:58 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/09 01:02:58 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/09 01:02:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/09 01:02:58 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/09 01:02:34 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2014/08/09 01:02:33 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2014/08/09 01:02:29 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2014/08/09 01:02:29 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2014/08/09 01:02:28 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll
[2014/08/09 01:02:25 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2014/08/09 01:02:25 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2014/08/09 01:02:25 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2014/08/09 01:02:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll
[2014/08/09 01:02:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2014/08/09 01:02:24 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2014/08/09 01:02:24 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2014/08/09 01:02:24 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2014/08/09 01:02:24 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2014/08/09 01:02:23 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2014/08/09 01:02:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2014/08/09 01:02:23 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll
[2014/08/09 01:02:23 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll
[2014/08/09 01:02:23 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll
[2014/08/09 01:02:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe
[2014/08/09 01:02:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2014/08/09 01:02:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2014/08/09 01:02:22 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/08/09 01:02:22 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/08/09 01:02:21 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/08/09 01:02:21 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/08/09 01:02:16 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2014/08/09 01:02:16 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2014/08/09 01:01:35 | 001,258,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/08/09 01:01:34 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll
[2014/08/09 01:01:33 | 001,075,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll
[2014/08/09 01:01:33 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/08/08 23:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/08/08 23:30:01 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symefa64.sys
[2014/08/08 23:30:01 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtsp64.sys
[2014/08/08 23:30:01 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symnets.sys
[2014/08/08 23:30:01 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symds64.sys
[2014/08/08 23:30:01 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ironx64.sys
[2014/08/08 23:30:01 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ccsetx64.sys
[2014/08/08 23:30:01 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtspx64.sys
[2014/08/08 23:30:01 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symelam.sys
[2014/08/08 23:29:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1505000.013
[2014/08/08 16:27:10 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/08 16:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/08/08 16:26:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2014/08/08 16:26:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2014/08/08 16:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2014/08/08 16:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/08/07 17:43:06 | 000,000,000 | ---D | C] -- C:\Users\felicia\Documents\New folder
[2014/08/06 23:29:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/08/06 23:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/08/06 22:16:38 | 000,628,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2014/08/06 22:16:02 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2014/08/06 22:15:32 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2014/08/06 22:15:32 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2014/08/06 22:15:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2014/08/06 22:15:30 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2014/08/06 22:15:30 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2014/08/06 22:15:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2014/08/06 22:15:29 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2014/08/06 22:15:29 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2014/08/06 22:15:28 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2014/08/06 22:15:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2014/08/06 22:15:28 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2014/08/06 22:15:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll
[2014/08/06 22:15:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2014/08/06 22:14:37 | 003,246,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/08/06 22:14:37 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2014/08/06 22:13:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/08/06 22:13:07 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/08/06 22:12:14 | 001,557,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/08/06 22:12:14 | 001,440,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/08/06 22:10:51 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/08/06 22:10:50 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2014/08/06 22:10:50 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2014/08/06 22:10:49 | 000,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2014/08/06 22:09:23 | 000,269,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2014/08/06 22:09:22 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2014/08/06 22:09:05 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/06 22:07:17 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2014/08/06 22:05:35 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2014/08/06 22:05:35 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2014/08/06 22:05:33 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2014/08/06 22:05:33 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2014/08/06 22:05:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2014/08/06 22:05:32 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2014/08/06 22:05:32 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2014/08/06 22:05:30 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2014/08/06 22:05:30 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2014/08/06 22:05:30 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2014/08/06 22:05:30 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2014/08/06 22:05:29 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2014/08/06 22:05:29 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2014/08/06 22:05:28 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2014/08/06 22:05:27 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2014/08/06 22:05:26 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2014/08/06 22:05:26 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2014/08/06 22:05:26 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2014/08/06 22:05:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2014/08/06 22:05:26 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2014/08/06 22:05:25 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2014/08/06 22:05:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2014/08/06 22:05:24 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2014/08/06 22:02:52 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2014/08/06 22:02:48 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/08/06 22:00:30 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2014/08/06 22:00:30 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2014/08/06 22:00:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2014/08/06 21:54:24 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2014/08/06 21:54:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2014/08/06 21:52:32 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/08/06 21:52:32 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2014/08/06 21:52:28 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/08/06 21:52:27 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2014/08/06 21:52:24 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2014/08/06 21:52:22 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2014/08/06 21:52:17 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2014/08/06 21:52:14 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2014/08/06 21:52:13 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2014/08/06 21:52:12 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2014/08/06 21:52:11 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2014/08/06 21:52:10 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2014/08/06 21:52:09 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2014/08/06 21:52:09 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2014/08/06 21:52:09 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/08/06 21:52:09 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2014/08/06 21:52:08 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2014/08/06 21:52:07 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2014/08/06 21:52:06 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2014/08/06 21:52:04 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/08/06 21:52:04 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2014/08/06 21:52:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2014/08/06 21:52:03 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2014/08/06 21:52:02 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2014/08/06 21:52:02 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2014/08/06 21:52:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2014/08/06 21:52:01 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2014/08/06 21:52:01 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2014/08/06 21:52:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2014/08/06 21:52:00 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2014/08/06 21:51:59 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2014/08/06 21:51:58 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2014/08/06 21:51:58 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2014/08/06 21:51:57 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2014/08/06 21:51:57 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2014/08/06 21:51:56 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2014/08/06 21:51:56 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2014/08/06 21:51:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2014/08/06 21:51:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2014/08/06 21:51:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2014/08/06 21:51:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2014/08/06 21:51:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2014/08/06 21:51:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2014/08/06 21:51:07 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2014/08/06 21:51:04 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2014/08/06 21:51:03 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2014/08/06 21:51:02 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2014/08/06 21:51:00 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2014/08/06 21:51:00 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2014/08/06 21:50:59 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2014/08/06 21:50:59 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2014/08/06 21:50:58 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2014/08/06 21:50:58 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2014/08/06 21:50:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2014/08/06 21:50:58 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2014/08/06 21:50:57 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2014/08/06 21:50:57 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2014/08/06 21:50:56 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2014/08/06 21:50:55 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2014/08/06 21:50:55 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2014/08/06 21:50:55 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2014/08/06 21:50:54 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2014/08/06 21:50:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2014/08/06 21:50:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2014/08/06 21:50:53 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2014/08/06 21:50:52 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2014/08/06 21:50:52 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2014/08/06 21:50:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2014/08/06 21:50:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2014/08/06 21:50:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2014/08/06 21:50:22 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2014/08/06 21:50:22 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2014/08/06 21:50:22 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2014/08/06 21:50:22 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2014/08/06 21:50:16 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/06 21:50:14 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2014/08/06 21:50:14 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2014/08/06 21:50:13 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/08/06 21:50:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/08/06 21:48:49 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2014/08/06 21:48:49 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2014/08/06 21:48:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2014/08/06 21:48:46 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2014/08/06 21:48:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2014/08/06 21:48:46 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2014/08/06 21:48:45 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2014/08/06 21:48:44 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2014/08/06 21:48:44 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2014/08/06 21:48:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2014/08/06 21:48:44 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2014/08/06 21:48:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2014/08/06 21:48:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2014/08/06 21:48:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2014/08/06 21:48:35 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/08/06 21:48:35 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/08/06 21:48:35 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/08/06 21:48:35 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/08/06 21:48:32 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2014/08/06 21:48:20 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2014/08/06 21:48:20 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2014/08/06 21:48:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2014/08/06 21:47:26 | 000,982,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/08/06 21:47:24 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/08/06 21:47:24 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/08/06 21:47:23 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/08/06 21:47:22 | 000,559,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/08/06 21:47:22 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapisrv.dll
[2014/08/06 21:47:21 | 001,043,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2014/08/06 21:47:21 | 000,961,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2014/08/06 21:47:19 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/08/06 21:47:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/08/06 21:47:19 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/08/06 21:47:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\workerdd.dll
[2014/08/06 21:47:03 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/08/06 21:46:11 | 003,842,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/06 21:46:10 | 002,238,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/08/06 21:45:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/08/06 21:45:52 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll
[2014/08/06 21:45:52 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll
[2014/08/06 21:45:52 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll
[2014/08/06 21:45:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll
[2014/08/06 21:45:47 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/08/06 21:45:46 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/08/06 21:45:44 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2014/08/06 21:45:43 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/08/06 21:45:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2014/08/06 21:45:43 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/08/06 21:45:43 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/08/06 21:45:43 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/08/06 21:45:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/08/06 21:45:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2014/08/06 21:45:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2014/08/06 21:45:39 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/06 21:45:38 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/06 21:45:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/06 21:45:37 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/06 21:45:36 | 001,628,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/06 21:45:34 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2014/08/06 21:45:33 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2014/08/06 21:45:16 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/08/06 21:45:16 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/08/06 17:24:14 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/08/06 01:55:58 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\clear.fiMVPSDK21
[2014/08/06 01:51:58 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\clear.fi
[2014/08/06 01:38:55 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\HP
[2014/08/06 01:27:35 | 000,755,744 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMC211.dll
[2014/08/06 01:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/08/06 01:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/08/06 01:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/08/06 01:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/08/05 23:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/08/05 23:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/08/05 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/08/05 23:45:21 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\CyberLink
[2014/08/05 23:44:38 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\MediaServer
[2014/08/05 23:44:23 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\CyberLink
[2014/08/05 23:44:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13
[2014/08/05 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2014/08/05 23:09:44 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\OpenOffice
[2014/08/05 23:03:44 | 000,000,000 | --SD | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/08/05 23:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/08/05 22:24:32 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\Mozilla
[2014/08/05 22:24:32 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Mozilla
[2014/08/05 22:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/08/05 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/08/05 22:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/05 22:21:38 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\Macromedia
[2014/08/05 21:35:32 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014/08/05 21:35:32 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014/08/05 21:17:57 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/08/05 21:10:08 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/08/05 21:09:58 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/08/05 21:09:54 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2014/08/05 21:09:53 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2014/08/05 21:09:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2014/08/05 21:09:53 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2014/08/05 21:03:02 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2014/08/05 21:03:02 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2014/08/05 21:00:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/08/05 20:59:42 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/08/05 20:59:41 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/08/05 20:37:14 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\Atheros
[2014/08/05 20:36:30 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2014/08/05 20:36:30 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2014/08/05 20:36:07 | 000,000,000 | R--D | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/08/05 20:36:07 | 000,000,000 | R--D | C] -- C:\Users\felicia\Searches
[2014/08/05 20:36:07 | 000,000,000 | R--D | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/08/05 20:36:07 | 000,000,000 | -H-D | C] -- C:\Users\felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/08/05 20:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_YAHOO
[2014/08/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\CrashDumps
[2014/08/05 20:31:37 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\Adobe
[2014/08/05 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\Synaptics
[2014/08/05 20:29:10 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\VirtualStore
[2014/08/05 20:28:34 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/08/05 20:27:00 | 000,000,000 | --SD | C] -- C:\Users\felicia\AppData\Roaming\Microsoft
[2014/08/05 20:27:00 | 000,000,000 | R--D | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/08/05 20:27:00 | 000,000,000 | R--D | C] -- C:\Users\felicia\Favorites
[2014/08/05 20:27:00 | 000,000,000 | R--D | C] -- C:\Users\felicia\Desktop
[2014/08/05 20:27:00 | 000,000,000 | R--D | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/08/05 20:27:00 | 000,000,000 | R--D | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\AppData\Local\Temporary Internet Files
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Templates
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Start Menu
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\SendTo
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Recent
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\PrintHood
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\NetHood
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Documents\My Videos
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Documents\My Pictures
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Documents\My Music
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\My Documents
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Local Settings
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\AppData\Local\History
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Cookies
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\Application Data
[2014/08/05 20:27:00 | 000,000,000 | -HSD | C] -- C:\Users\felicia\AppData\Local\Application Data
[2014/08/05 20:27:00 | 000,000,000 | -H-D | C] -- C:\Users\felicia\AppData
[2014/08/05 20:27:00 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Temp
[2014/08/05 20:27:00 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Local\Microsoft
[2014/08/05 20:27:00 | 000,000,000 | ---D | C] -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/08/05 19:53:26 | 000,000,000 | -H-D | C] -- C:\$SysReset

========== Files - Modified Within 30 Days ==========

[2014/09/03 11:13:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/03 10:47:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2014/09/03 00:41:40 | 001,222,144 | ---- | M] () -- C:\Users\felicia\Desktop\RSITx64.exe
[2014/09/02 21:09:15 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/02 21:09:15 | 000,723,700 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/02 21:09:15 | 000,136,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/02 20:50:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\felicia\Desktop\OTL.exe
[2014/08/27 22:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\VT20140827.005
[2014/08/21 21:26:12 | 002,877,105 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\Cat.DB
[2014/08/20 11:28:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/20 11:28:14 | 2956,984,320 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/18 23:34:59 | 000,001,070 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2014/08/17 16:25:53 | 000,000,017 | ---- | M] () -- C:\Users\felicia\AppData\Local\resmon.resmoncfg
[2014/08/16 14:02:12 | 000,307,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/13 22:25:58 | 000,007,334 | ---- | M] () -- C:\Users\felicia\Documents\New OpenDocument Text (2).odt
[2014/08/08 16:27:10 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/08/08 16:27:10 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/08 16:27:10 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/07 19:33:36 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/07 17:37:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/08/07 16:09:52 | 000,556,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/06 01:27:34 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
[2014/08/05 23:44:21 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
[2014/08/05 23:38:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/08/05 23:01:09 | 000,003,999 | ---- | M] () -- C:\Users\felicia\Desktop\FOCS300 - Shortcut.lnk
[2014/08/05 22:24:26 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/05 22:16:16 | 000,001,428 | ---- | M] () -- C:\Users\felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/05 20:36:53 | 000,013,002 | ---- | M] () -- C:\Users\felicia\Desktop\Removed Apps.html
[2014/08/05 20:27:32 | 000,020,958 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014/08/05 20:27:32 | 000,020,958 | ---- | M] () -- C:\Windows\diagerr.xml

========== Files Created - No Company Name ==========

[2014/09/03 00:41:40 | 001,222,144 | ---- | C] () -- C:\Users\felicia\Desktop\RSITx64.exe
[2014/08/28 08:01:37 | 000,043,689 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\VT20140827.005
[2014/08/19 22:08:27 | 000,000,299 | ---- | C] () -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
[2014/08/18 23:34:59 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2014/08/18 23:34:58 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2014/08/17 16:25:53 | 000,000,017 | ---- | C] () -- C:\Users\felicia\AppData\Local\resmon.resmoncfg
[2014/08/16 14:02:02 | 000,307,584 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/13 22:25:58 | 000,007,334 | ---- | C] () -- C:\Users\felicia\Documents\New OpenDocument Text (2).odt
[2014/08/09 20:51:33 | 002,877,105 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\Cat.DB
[2014/08/09 01:03:41 | 000,387,268 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/08/08 23:30:01 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symelam64.cat
[2014/08/08 23:30:01 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ccsetx64.cat
[2014/08/08 23:30:01 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtspx64.cat
[2014/08/08 23:30:01 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symefa64.cat
[2014/08/08 23:30:01 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symnet64.cat
[2014/08/08 23:30:01 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtsp64.cat
[2014/08/08 23:30:01 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symds64.cat
[2014/08/08 23:30:01 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\iron.cat
[2014/08/08 23:30:01 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symefa.inf
[2014/08/08 23:30:01 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symds.inf
[2014/08/08 23:30:01 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symnet.inf
[2014/08/08 23:30:01 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtsp64.inf
[2014/08/08 23:30:01 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtspx64.inf
[2014/08/08 23:30:01 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symelam.inf
[2014/08/08 23:30:01 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ccsetx64.inf
[2014/08/08 23:30:01 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\iron.inf
[2014/08/08 23:29:34 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1505000.013\isolate.ini
[2014/08/08 16:27:10 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/08/08 16:27:10 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/08/07 17:37:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2014/08/06 23:02:22 | 000,002,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2014/08/06 22:15:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/08/06 01:27:34 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
[2014/08/05 23:49:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/08/05 23:44:21 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
[2014/08/05 23:38:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/08/05 23:01:09 | 000,003,999 | ---- | C] () -- C:\Users\felicia\Desktop\FOCS300 - Shortcut.lnk
[2014/08/05 22:24:26 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/08/05 22:24:26 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/05 22:16:16 | 000,001,428 | ---- | C] () -- C:\Users\felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/05 20:36:53 | 000,013,002 | ---- | C] () -- C:\Users\felicia\Desktop\Removed Apps.html
[2014/08/05 20:35:27 | 000,001,434 | ---- | C] () -- C:\Users\felicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/08/05 20:27:00 | 000,000,352 | ---- | C] () -- C:\Users\felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/08/05 20:27:00 | 000,000,334 | ---- | C] () -- C:\Users\felicia\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/08/05 20:26:52 | 000,020,958 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014/08/05 20:26:52 | 000,020,958 | ---- | C] () -- C:\Windows\diagerr.xml
[2014/05/19 21:21:21 | 056,260,664 | ---- | C] () -- C:\Users\felicia\00125.avi
[2014/05/19 21:16:18 | 078,312,056 | ---- | C] () -- C:\Users\felicia\00138.avi
[2013/06/02 04:04:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/13 18:44:29 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/13 18:44:29 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/04/13 18:44:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/04/13 18:44:26 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/04/13 18:44:26 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2012/11/27 04:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2013/06/02 04:45:02 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 21:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 19:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 16:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 16:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 16:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OTL Extras logfile created on: 3/09/2014 11:18:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\felicia\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17054)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.44 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 57.21% Memory free
4.92 Gb Paging File | 3.11 Gb Available in Paging File | 63.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 185.85 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
Drive D: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALLUN | User Name: felicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AD87A11B-7316-4DE5-80C7-7142A3EA633D}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C5679C-5922-4E28-AD49-600C1F8D229F}" = dir=out | [email protected]{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{03F20554-EA3E-40A7-89EA-6D9A91E1112A}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{05E833FE-DCF0-4DFE-8CEB-673B9E150FF7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dmr\powerdvd13dmrengine.exe | 
"{0DE700CF-C90B-46D4-8E16-17DF0C0F7987}" = dir=out | name=zinio | 
"{107CD0BC-FB4E-4F83-B92C-4101E5AD82D0}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{1086250E-7C9F-4C9F-BC02-089862840053}" = dir=out | name=chacha | 
"{1567D3BF-5997-4B9C-A746-C442556AA3B3}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{192AD728-F6AE-49B7-AD00-CBD2C0FE8AAB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{1A7D4DED-A5AC-4D16-A301-12DD49832EDC}" = dir=out | [email protected]{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{1CF4B44D-68FC-470E-9728-92C1E60697EA}" = dir=out | [email protected]{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{24DA99C9-F9E1-452C-B32F-087196B72876}" = dir=out | name=acer crystal eye | 
"{27E36521-CE2E-4E94-9885-7978DBC8957A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd.exe | 
"{29F204E9-EA26-4BCC-8486-5F3A96303210}" = dir=in | name=ebay | 
"{2A6A3350-D663-43FB-994A-B3144E3977FC}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{2C2BD4B9-DC0D-48AA-AEF1-9F7750ACE42A}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{2D392EAB-A85D-4A81-BA4F-5C53519966D6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{2E72D919-5FE7-4E72-9756-82DFBAFE5C73}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{2EB5BA99-548C-4D96-A72A-16C65DD525D8}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{32D2DCFD-D511-4166-9FDC-7F0ED6301106}" = dir=out | name=windows_ie_ac_001 | 
"{3473EE4F-467C-4857-A5B0-41F7EFA38538}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{39578C85-1083-457E-8647-DE35A61AE74E}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{3DDD1D58-B274-403B-A9CF-BFE0FA4F0CF2}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{438D4FEC-1C66-42B7-8A76-22D0A0D72C9E}" = dir=in | app=c:\program files\hp\hp deskjet 2540 series\bin\devicesetup.exe | 
"{44B5F45D-F90C-47A3-962A-37A4D616D159}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{44C626F9-5EB0-47D8-9017-901F27B0FB05}" = dir=out | name=music maker jam | 
"{47527C01-FAAE-4D9A-A321-0A79FC6FA02C}" = dir=in | name=newsxpresso | 
"{47AA1953-60D4-4DFC-AB6F-1D65163EC97A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{4BED08BD-F0BE-41E4-ADBA-E269E9C51646}" = dir=out | name=newsxpresso | 
"{4D1FD9C0-BE3F-4B9B-B54D-FD4C04D9BDF1}" = dir=out | name=cut the rope | 
"{529DFAAC-6ED3-4878-9C4C-FC00ACCDF7FA}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{55204AD2-85A7-4D47-A486-33C8A361F88E}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{5DDBD8D9-ACEE-4F4C-BD20-C258A01A4443}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{5E2CAE06-0203-4C95-81C7-7DDC29CC8BEB}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{60D9B751-5234-4AD3-A559-E0A4EDF7C4F3}" = dir=out | name=amazon | 
"{6124C129-ED5F-4337-A457-456537B028A3}" = dir=out | name=shark dash | 
"{61253263-59FD-4344-9BF9-1F253615CAB1}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{62C1EB77-05CD-4E29-9B34-828AD1BE8420}" = dir=out | name=icookbook se | 
"{678B4BC0-5580-4FF3-9D90-C2AD20FF8DB3}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{6A63ACA3-5155-4C12-BAD5-25A4A69A2378}" = dir=in | name=music maker jam | 
"{6B4AE0F5-398D-44BC-A333-7F6D93E69F10}" = dir=out | [email protected]{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{71B14E01-E5BD-49FE-90BF-F09CCF828C87}" = dir=out | name=ebay | 
"{74BE0235-6E48-48B8-B3AF-4FA957965574}" = dir=in | [email protected]{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{7663FFB2-4E9A-4B55-8662-DAC22551A7B1}" = dir=in | name=acer explorer | 
"{76769DFB-F698-4A21-A845-6255F2B78EDA}" = dir=out | name=social jogger | 
"{7A0EC0A8-3AF1-496E-AE8A-2EEDFDA2FBB2}" = dir=out | name=- games app - | 
"{7A17F251-0985-4283-AC7A-3D2953455B4C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{7D3D40A7-7626-41E7-AE52-45A9E7599313}" = dir=in | app=c:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{85767AC1-F186-4903-9581-3788AF0CC2BE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd cinema\powerdvdcinema13.exe | 
"{85DFE4B7-0622-4D91-83D8-953E894F6340}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{867BC41C-6423-40B9-AF1E-D7E616062F74}" = dir=out | [email protected]{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{8904C702-6A11-423F-B175-CF7E0C7C588C}" = dir=out | [email protected]{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{9024E247-A2D2-4C07-84A8-A9C00F8E8F8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13agent.exe | 
"{954D7206-79B2-456C-B0EA-B768561327AD}" = dir=out | [email protected]{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{96FE7280-FFCC-48DE-80C3-C1F9FDA06E41}" = dir=out | name=7digital music store | 
"{9AED29DF-59F0-45B2-BD9C-953A8ABD25F7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{AD96B9FC-A5B6-452F-B3E9-A91728B81C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{AF00FF9C-A15B-420F-BCB3-1855F8CD1B65}" = dir=out | [email protected]{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{BB4BC363-0301-4E63-BF40-AA4AEEC71826}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{BCE2DD72-A041-45F0-B272-C78EC8080491}" = dir=out | [email protected]{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{BF52F435-F407-458B-92CB-CC9338D300CC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13.exe | 
"{C0B28784-E7A8-434C-A6AB-7718D19EF738}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13ml.exe | 
"{C7A1B9F9-45B1-44A3-ACB4-A37BF4F846F5}" = dir=out | name=stumbleupon | 
"{CC3E72AC-8D25-4098-8B64-280A9A69574B}" = dir=out | name=weatherbug.a | 
"{CD8DED2B-E87F-4891-B5FD-80241F8C67CF}" = dir=out | [email protected]{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{D693EBEE-78DE-417F-AFCF-2AA13A13F1B5}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{DAA41B91-1B66-4CAB-ADF9-E028CE6F0B0B}" = dir=out | name=acer explorer | 
"{E158A4D0-36A5-4AD0-ADA8-4B6C7E6E9537}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{E20536C9-FE8F-45B2-A023-66A82377952E}" = dir=out | name=kindle | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EA55B6FA-E607-45C0-B8E0-A4B857AB0E3C}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{EF891E13-A105-44B6-A0D3-828331926689}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{F7B7E7F1-423A-4E1A-BA8F-33F44C4CF79F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dms\clmsserverpdvd13.exe | 
"{F919B3A7-78DF-4471-A022-4B3E571A0852}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{FBDD0418-4701-4C50-B609-ADA70ABAC753}" = dir=out | [email protected]{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{29200C76-2ADF-0C62-BE0D-2AC087740379}" = AMD Catalyst Install Manager
"{2CAB18F9-A8C8-CD15-8861-D392B52252B8}" = ccc-utility64
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{BD1EFE20-246B-451F-B900-F1214324DF5F}" = HP Deskjet 2540 series Basic Device Software
"{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager
"{E1E0840D-AF8E-15D0-4C25-0C98EC5EF472}" = AMD Accelerated Video Transcoding
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075B6D6A-1CEB-CE85-5C95-87CB4986C316}" = AMD VISION Engine Control Center
"{15CA48A4-5319-8809-E17D-AF621945760F}" = CCC Help Norwegian
"{16CB4A9E-A9D5-344F-272C-D6D8A1A391EE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FF8AAC-215B-91CF-12AF-6FEF93A634AB}" = CCC Help Korean
"{24B89186-2A56-4D28-B930-6F4FCF224E2F}" = OpenOffice 4.0.1
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{2DAC1934-2160-A680-0078-849951769D54}" = CCC Help Greek
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{374CF1D6-6453-936F-90B9-970104227AED}" = Catalyst Control Center Localization All
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{43DF33E9-47A1-E30D-0FE5-960756CF7467}" = Catalyst Control Center InstallProxy
"{48CFB7DF-52F4-4546-F1E5-77250A1CF3DF}" = CCC Help Italian
"{4992F204-1872-F184-2057-B717A16225B3}" = CCC Help French
"{4E0BC999-655B-421D-87F3-640C6F2BFC11}" = QCA CardReader Driver Installer
"{4E5BF824-9E47-E840-FEF1-FBF14B7253E3}" = CCC Help Spanish
"{511F00D4-2437-6BFD-596D-9654423C9708}" = CCC Help Polish
"{53373863-7198-7762-F518-B6474BBAA2A1}" = CCC Help Portuguese
"{5C56AD8F-7317-42CB-B5D9-955F4F4BF6A5}" = Catalyst Control Center - Branding
"{5F0E4A11-3366-5970-398F-0CA7E10AB0EE}" = CCC Help English
"{62903908-9262-D24C-0A80-108DB0931FB8}" = Catalyst Control Center Graphics Previews Common
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{736BBAC6-A5CE-C05B-56B7-933396C3B4A7}" = CCC Help Swedish
"{7373FE27-4A36-5D8B-DF51-3AFAFABC68BA}" = CCC Help Thai
"{756ADBCB-35F0-32F3-FB08-69C6818AAC07}" = CCC Help Danish
"{77265D0C-0274-0566-DAE5-EB11FEC0EE5A}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B0870B8-F54A-643B-106A-4BB97E624C86}" = CCC Help Russian
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A22C95EF-1148-7BE8-B9AE-E191B6A502CB}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AF607609-986E-812E-39A4-A611C6417DB9}" = CCC Help Japanese
"{B2B9EB8A-D43D-F1B4-54C7-09747C854CC1}" = CCC Help Dutch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{CB8F0047-8603-30F6-295E-4C28EE3324B3}" = CCC Help Hungarian
"{D28FF985-98CD-CC95-5975-4645CB07CFFF}" = CCC Help Finnish
"{D5753E99-B015-391E-6AFA-CACB13F85256}" = CCC Help Chinese Standard
"{E7E17529-23DE-13A5-946D-D6EEC9369D52}" = CCC Help Turkish
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Secunia PSI" = Secunia PSI (3.0.0.9016)
"Spotify" = Spotify
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2014 2:45:52 AM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4. The element
asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 15/08/2014 2:45:52 AM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The
element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 15/08/2014 9:03:33 PM | Computer Name = allun | Source = MsiInstaller | ID = 1024
Description =

Error - 16/08/2014 8:19:54 PM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\ExcelAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" on line 4. The element
asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 16/08/2014 8:19:54 PM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4. The element
asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 16/08/2014 8:19:54 PM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The
element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 16/08/2014 8:25:42 PM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\ExcelAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" on line 4. The element
asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 16/08/2014 8:25:42 PM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4. The element
asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 16/08/2014 8:25:42 PM | Computer Name = allun | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\Acer\Office
Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program
Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The
element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 16/08/2014 9:54:54 PM | Computer Name = allun | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 16/08/2014 11:41:39 PM | Computer Name = allun | Source = BTHUSB | ID = 327696
Description = The mutual authentication between the local Bluetooth adapter and 
a device with Bluetooth adapter address (34:51:c9:b8:e8:7b) failed.

Error - 16/08/2014 11:42:29 PM | Computer Name = allun | Source = BTHUSB | ID = 327696
Description = The mutual authentication between the local Bluetooth adapter and 
a device with Bluetooth adapter address (34:51:c9:b8:e8:7b) failed.

Error - 16/08/2014 11:56:45 PM | Computer Name = allun | Source = BTHUSB | ID = 327696
Description = The mutual authentication between the local Bluetooth adapter and 
a device with Bluetooth adapter address (34:51:c9:b8:e8:7b) failed.

Error - 17/08/2014 12:24:06 AM | Computer Name = allun | Source = bowser | ID = 8003
Description =

Error - 17/08/2014 1:36:05 AM | Computer Name = allun | Source = bowser | ID = 8003
Description =

Error - 17/08/2014 4:59:35 AM | Computer Name = allun | Source = bowser | ID = 8003
Description =

Error - 17/08/2014 9:11:29 AM | Computer Name = allun | Source = bowser | ID = 8003
Description =

Error - 17/08/2014 6:11:35 PM | Computer Name = allun | Source = bowser | ID = 8003
Description =

Error - 19/08/2014 6:28:46 PM | Computer Name = allun | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the 
following error: %%2

Error - 21/08/2014 8:11:09 PM | Computer Name = allun | Source = Service Control Manager | ID = 7034
Description = The Secunia Update Agent service terminated unexpectedly. It has 
done this 1 time(s).

< End of report >


----------



## ufah (May 27, 2014)

Forgot to mntion, that for some reason I can not get the info.txt this second time around that had to do the scans.
But yesterday I saw it minimized in the taskbar. Should I uninstalled it and retry to see if I may get that log again??

Logfile of random's system information tool 1.10 (written by random/random)
Run by felicia at 2014-09-03 11:31:38
Microsoft Windows 8 
System drive C: has 190 GB (41%) free of 462 GB
Total RAM: 3525 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:45 AM, on 3/09/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17054)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Program Files\trend micro\felicia.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7061 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
taskhostex.exe 
"C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Launch Manager\LMTray.exe" 
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" 
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Secunia\PSI\psi_tray.exe" 
"C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" 
"C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" 
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe"
taskhost.exe 
"C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe" /c /a /s UserSession2
explorer.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" 
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=10512.12e78470.1223248143 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 10512 "\\.\pipe\gecko-crash-server-pipe.10512" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe" --proxy-stub-channel=Flash21436.627E0D80.12810 --host-broker-channel=Flash21436.627E0D80.9130 --host-pid=21436 --host-npapi-version=27 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_14_0_0_179.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe" --channel=22104.0059F644.486510879 --proxy-stub-channel=Flash21436.627E0D80.12810 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_14_0_0_179.dll" --host-npapi-version=27 --type=renderer

"C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -o "C:\Users\felicia\Desktop\2nOISSES\0202THNA\wk5\Dpgwk5.odt"
"C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -o "C:\Users\felicia\Desktop\2nOISSES\0202THNA\wk5\Dpgwk5.odt" -writer
"C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" "-o" "C:\Users\felicia\Desktop\2nOISSES\0202THNA\wk5\Dpgwk5.odt" "-writer" "-env:OOO_CWD=2C:\\Users\\felicia\\Desktop\\2nOISSES\\0202THNA\\wk5"
"C:\Users\felicia\Desktop\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\dfebbkxa.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll [2014-07-31 916320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-04-15 66688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll [2014-07-31 654688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL [2014-07-23 392336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll [2014-07-31 916320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll [2014-07-31 654688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-03-18 13427784]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 3933496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-04-15 132736]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-03-13 642656]
"PowerDVD13Agent"=C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [2013-03-20 513048]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-09 959904]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-04-15 132736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-09-03 00:56:56 ----D---- C:\Program Files\trend micro
2014-09-03 00:56:55 ----D---- C:\rsit
2014-08-21 21:25:38 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-21 21:25:36 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-21 21:25:36 ----A---- C:\Windows\system32\storewuauth.dll
2014-08-21 21:25:35 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2014-08-21 21:25:35 ----A---- C:\Windows\system32\wucltux.dll
2014-08-18 23:34:51 ----D---- C:\Program Files (x86)\Secunia
2014-08-16 14:02:02 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-08-15 16:32:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-15 16:32:11 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-15 16:32:10 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-15 16:32:10 ----A---- C:\Windows\system32\msrating.dll
2014-08-15 16:32:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-15 16:32:08 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-15 16:32:08 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-15 16:32:08 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-15 16:32:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-15 16:32:07 ----A---- C:\Windows\system32\iesetup.dll
2014-08-15 16:32:07 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-15 16:32:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-15 16:32:05 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-15 16:32:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-15 16:32:04 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-08-15 16:32:04 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-08-15 16:32:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-15 16:32:04 ----A---- C:\Windows\system32\urlmon.dll
2014-08-15 16:32:04 ----A---- C:\Windows\system32\jscript.dll
2014-08-15 16:32:04 ----A---- C:\Windows\system32\iesysprep.dll
2014-08-15 16:32:04 ----A---- C:\Windows\system32\iernonce.dll
2014-08-15 16:32:01 ----A---- C:\Windows\system32\jscript9.dll
2014-08-15 16:32:00 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-08-15 16:32:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-15 16:32:00 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-15 16:32:00 ----A---- C:\Windows\system32\UXInit.dll
2014-08-15 16:31:59 ----A---- C:\Windows\system32\iertutil.dll
2014-08-15 16:31:57 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-08-15 16:31:57 ----A---- C:\Windows\system32\uxtheme.dll
2014-08-15 16:31:54 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-15 16:31:54 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-15 16:31:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-15 16:31:53 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-15 16:31:52 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-15 16:31:52 ----A---- C:\Windows\system32\wininet.dll
2014-08-15 16:31:49 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-15 16:31:46 ----A---- C:\Windows\system32\ieframe.dll
2014-08-15 16:31:24 ----A---- C:\Windows\system32\mshtml.dll
2014-08-15 16:31:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-15 16:17:12 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-15 16:17:12 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-15 09:46:48 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2014-08-15 09:46:48 ----A---- C:\Windows\system32\drivers\Classpnp.sys
2014-08-15 09:44:13 ----A---- C:\Windows\system32\aepdu.dll
2014-08-15 09:44:12 ----A---- C:\Windows\system32\aeinv.dll
2014-08-13 12:48:42 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 12:48:42 ----A---- C:\Windows\system32\cdd.dll
2014-08-13 12:48:20 ----A---- C:\Windows\system32\win32k.sys
2014-08-13 12:48:20 ----A---- C:\Windows\system32\gdi32.dll
2014-08-13 12:48:19 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-13 12:48:11 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2014-08-13 12:47:42 ----A---- C:\Windows\SYSWOW64\Robocopy.exe
2014-08-13 12:47:42 ----A---- C:\Windows\system32\Robocopy.exe
2014-08-13 12:47:41 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 12:47:41 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-13 12:47:40 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2014-08-13 12:47:40 ----A---- C:\Windows\system32\ntdll.dll
2014-08-13 12:47:40 ----A---- C:\Windows\system32\localspl.dll
2014-08-13 12:47:36 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-08-13 12:47:35 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2014-08-13 12:47:35 ----A---- C:\Windows\system32\WSShared.dll
2014-08-13 12:46:37 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2014-08-13 12:46:36 ----A---- C:\Windows\system32\actxprxy.dll
2014-08-13 12:46:33 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 12:46:33 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 12:46:33 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 12:46:32 ----A---- C:\Windows\system32\msi.dll
2014-08-13 12:46:29 ----A---- C:\Windows\system32\consent.exe
2014-08-13 12:46:27 ----A---- C:\Windows\SYSWOW64\twinui.dll
2014-08-13 12:46:24 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 12:46:24 ----A---- C:\Windows\system32\twinui.dll
2014-08-13 12:46:23 ----A---- C:\Windows\system32\authui.dll
2014-08-13 12:46:09 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-13 12:46:09 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 11:49:57 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-13 11:43:51 ----SD---- C:\Windows\system32\CompatTel
2014-08-09 01:05:08 ----A---- C:\Windows\system32\msctf.dll
2014-08-09 01:05:07 ----A---- C:\Windows\SYSWOW64\msctf.dll
2014-08-09 01:05:06 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2014-08-09 01:05:06 ----A---- C:\Windows\system32\shdocvw.dll
2014-08-09 01:05:06 ----A---- C:\Windows\system32\SettingSync.dll
2014-08-09 01:05:06 ----A---- C:\Windows\system32\mbsmsapi.dll
2014-08-09 01:05:05 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2014-08-09 01:05:05 ----A---- C:\Windows\SYSWOW64\mbsmsapi.dll
2014-08-09 01:05:04 ----A---- C:\Windows\system32\SettingSyncInfo.dll
2014-08-09 01:05:02 ----A---- C:\Windows\SYSWOW64\SettingSyncInfo.dll
2014-08-09 01:04:59 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-08-09 01:04:58 ----A---- C:\Windows\system32\drivers\pdc.sys
2014-08-09 01:04:56 ----A---- C:\Windows\SYSWOW64\wvc.dll
2014-08-09 01:04:56 ----A---- C:\Windows\SYSWOW64\wdc.dll
2014-08-09 01:04:56 ----A---- C:\Windows\system32\wvc.dll
2014-08-09 01:04:56 ----A---- C:\Windows\system32\wdc.dll
2014-08-09 01:04:40 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-08-09 01:04:35 ----A---- C:\Windows\system32\mstscax.dll
2014-08-09 01:04:33 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-08-09 01:04:33 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2014-08-09 01:04:32 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2014-08-09 01:04:32 ----A---- C:\Windows\SYSWOW64\WSDApi.dll
2014-08-09 01:04:32 ----A---- C:\Windows\system32\WSDApi.dll
2014-08-09 01:04:32 ----A---- C:\Windows\system32\drivers\storport.sys
2014-08-09 01:04:32 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-08-09 01:04:31 ----A---- C:\Windows\system32\drivers\dfsc.sys
2014-08-09 01:04:27 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.dll
2014-08-09 01:04:22 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-08-09 01:04:12 ----A---- C:\Windows\system32\dwmcore.dll
2014-08-09 01:04:11 ----A---- C:\Windows\SYSWOW64\dwmcore.dll
2014-08-09 01:04:11 ----A---- C:\Windows\explorer.exe
2014-08-09 01:04:10 ----A---- C:\Windows\SYSWOW64\explorer.exe
2014-08-09 01:04:08 ----A---- C:\Windows\system32\samsrv.dll
2014-08-09 01:04:07 ----A---- C:\Windows\system32\mfcore.dll
2014-08-09 01:04:07 ----A---- C:\Windows\system32\drivers\volsnap.sys
2014-08-09 01:04:06 ----A---- C:\Windows\SYSWOW64\mfcore.dll
2014-08-09 01:04:05 ----A---- C:\Windows\system32\winload.exe
2014-08-09 01:04:04 ----A---- C:\Windows\system32\winresume.exe
2014-08-09 01:04:04 ----A---- C:\Windows\system32\vds.exe
2014-08-09 01:04:04 ----A---- C:\Windows\system32\mscms.dll
2014-08-09 01:04:04 ----A---- C:\Windows\system32\mfasfsrcsnk.dll
2014-08-09 01:04:04 ----A---- C:\Windows\system32\audiosrv.dll
2014-08-09 01:04:03 ----A---- C:\Windows\SYSWOW64\mscms.dll
2014-08-09 01:04:03 ----A---- C:\Windows\system32\samlib.dll
2014-08-09 01:04:02 ----A---- C:\Windows\SYSWOW64\mfasfsrcsnk.dll
2014-08-09 01:04:02 ----A---- C:\Windows\system32\MbaeParserTask.exe
2014-08-09 01:04:02 ----A---- C:\Windows\system32\DeviceSetupManager.dll
2014-08-09 01:04:01 ----A---- C:\Windows\SYSWOW64\samlib.dll
2014-08-09 01:04:01 ----A---- C:\Windows\system32\vdsutil.dll
2014-08-09 01:04:00 ----A---- C:\Windows\system32\drivers\BthAvrcpTg.sys
2014-08-09 01:03:59 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-08-09 01:03:59 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-08-09 01:03:57 ----A---- C:\Windows\system32\AudioSes.dll
2014-08-09 01:03:57 ----A---- C:\Windows\system32\AudioEng.dll
2014-08-09 01:03:57 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll
2014-08-09 01:03:57 ----A---- C:\Windows\system32\audiodg.exe
2014-08-09 01:03:56 ----A---- C:\Windows\system32\drivers\ndis.sys
2014-08-09 01:03:41 ----A---- C:\Windows\SYSWOW64\wusa.exe
2014-08-09 01:03:41 ----A---- C:\Windows\system32\wusa.exe
2014-08-09 01:03:41 ----A---- C:\Windows\system32\drivers\srv2.sys
2014-08-09 01:03:29 ----A---- C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-09 01:03:27 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.dll
2014-08-09 01:03:24 ----A---- C:\Windows\system32\UIAutomationCore.dll
2014-08-09 01:03:23 ----A---- C:\Windows\SYSWOW64\UIAutomationCore.dll
2014-08-09 01:03:22 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2014-08-09 01:03:22 ----A---- C:\Windows\system32\ubpm.dll
2014-08-09 01:03:22 ----A---- C:\Windows\system32\drivers\tpm.sys
2014-08-09 01:03:22 ----A---- C:\Windows\system32\drivers\fvevol.sys
2014-08-09 01:03:22 ----A---- C:\Windows\system32\drivers\crashdmp.sys
2014-08-09 01:03:17 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-09 01:03:13 ----A---- C:\Windows\system32\wups2.dll
2014-08-09 01:03:12 ----A---- C:\Windows\system32\wups.dll
2014-08-09 01:03:12 ----A---- C:\Windows\system32\taskhostex.exe
2014-08-09 01:03:12 ----A---- C:\Windows\system32\taskhost.exe
2014-08-09 01:03:02 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-08-09 01:03:02 ----A---- C:\Windows\system32\resutils.dll
2014-08-09 01:03:02 ----A---- C:\Windows\system32\oleaut32.dll
2014-08-09 01:03:02 ----A---- C:\Windows\system32\clusapi.dll
2014-08-09 01:03:01 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-09 01:03:01 ----A---- C:\Windows\SYSWOW64\resutils.dll
2014-08-09 01:03:01 ----A---- C:\Windows\SYSWOW64\clusapi.dll
2014-08-09 01:03:01 ----A---- C:\Windows\system32\wuapi.dll
2014-08-09 01:03:01 ----A---- C:\Windows\system32\drivers\USBHUB3.SYS
2014-08-09 01:02:58 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-09 01:02:58 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-09 01:02:58 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-09 01:02:58 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-09 01:02:58 ----A---- C:\Windows\system32\wudriver.dll
2014-08-09 01:02:58 ----A---- C:\Windows\system32\wuapp.exe
2014-08-09 01:02:58 ----A---- C:\Windows\system32\drivers\spaceport.sys
2014-08-09 01:02:34 ----A---- C:\Windows\SYSWOW64\msftedit.dll
2014-08-09 01:02:33 ----A---- C:\Windows\system32\msftedit.dll
2014-08-09 01:02:29 ----A---- C:\Windows\SYSWOW64\winmm.dll
2014-08-09 01:02:29 ----A---- C:\Windows\system32\wwanconn.dll
2014-08-09 01:02:29 ----A---- C:\Windows\system32\WerFault.exe
2014-08-09 01:02:28 ----A---- C:\Windows\system32\winmmbase.dll
2014-08-09 01:02:25 ----A---- C:\Windows\SYSWOW64\winmmbase.dll
2014-08-09 01:02:25 ----A---- C:\Windows\SYSWOW64\WerFault.exe
2014-08-09 01:02:25 ----A---- C:\Windows\system32\wwansvc.dll
2014-08-09 01:02:25 ----A---- C:\Windows\system32\WinSCard.dll
2014-08-09 01:02:25 ----A---- C:\Windows\system32\winmm.dll
2014-08-09 01:02:25 ----A---- C:\Windows\system32\wcmsvc.dll
2014-08-09 01:02:24 ----A---- C:\Windows\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2014-08-09 01:02:24 ----A---- C:\Windows\system32\drivers\sdbus.sys
2014-08-09 01:02:24 ----A---- C:\Windows\system32\drivers\msgpioclx.sys
2014-08-09 01:02:24 ----A---- C:\Windows\system32\drivers\HdAudio.sys
2014-08-09 01:02:24 ----A---- C:\Windows\system32\drivers\dumpsd.sys
2014-08-09 01:02:23 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2014-08-09 01:02:23 ----A---- C:\Windows\SYSWOW64\openfiles.exe
2014-08-09 01:02:23 ----A---- C:\Windows\SYSWOW64\LocationApi.dll
2014-08-09 01:02:23 ----A---- C:\Windows\system32\wwanmm.dll
2014-08-09 01:02:23 ----A---- C:\Windows\system32\Wwanadvui.dll
2014-08-09 01:02:23 ----A---- C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-08-09 01:02:23 ----A---- C:\Windows\system32\wcmcsp.dll
2014-08-09 01:02:23 ----A---- C:\Windows\system32\openfiles.exe
2014-08-09 01:02:23 ----A---- C:\Windows\system32\LocationApi.dll
2014-08-09 01:02:23 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2014-08-09 01:02:23 ----A---- C:\Windows\system32\drivers\udfs.sys
2014-08-09 01:02:22 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2014-08-09 01:02:22 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2014-08-09 01:02:21 ----A---- C:\Windows\system32\nshwfp.dll
2014-08-09 01:02:21 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2014-08-09 01:02:16 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2014-08-09 01:02:16 ----A---- C:\Windows\SYSWOW64\FirewallAPI.dll
2014-08-09 01:02:16 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2014-08-09 01:02:16 ----A---- C:\Windows\system32\WebClnt.dll
2014-08-09 01:02:16 ----A---- C:\Windows\system32\MPSSVC.dll
2014-08-09 01:02:16 ----A---- C:\Windows\system32\FirewallAPI.dll
2014-08-09 01:02:16 ----A---- C:\Windows\system32\drivers\mpsdrv.sys
2014-08-09 01:02:16 ----A---- C:\Windows\system32\drivers\disk.sys
2014-08-09 01:02:16 ----A---- C:\Windows\system32\davclnt.dll
2014-08-09 01:01:35 ----A---- C:\Windows\system32\kernel32.dll
2014-08-09 01:01:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-08-09 01:01:34 ----A---- C:\Windows\system32\gpedit.dll
2014-08-09 01:01:34 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2014-08-09 01:01:34 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2014-08-09 01:01:33 ----A---- C:\Windows\SYSWOW64\gpedit.dll
2014-08-09 01:01:33 ----A---- C:\Windows\system32\drivers\srvnet.sys
2014-08-09 01:01:33 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
2014-08-09 01:01:33 ----A---- C:\Windows\system32\drivers\hidclass.sys
2014-08-08 16:27:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2014-08-08 16:27:10 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2014-08-08 16:26:09 ----D---- C:\Windows\system32\drivers\NISx64
2014-08-08 16:26:05 ----D---- C:\Program Files (x86)\Norton Internet Security
2014-08-08 16:25:35 ----D---- C:\Program Files (x86)\NortonInstaller
2014-08-06 23:29:28 ----D---- C:\Windows\system32\MRT
2014-08-06 23:29:25 ----A---- C:\Windows\system32\MRT.exe
2014-08-06 23:02:02 ----D---- C:\Program Files (x86)\MSECache
2014-08-06 22:16:38 ----A---- C:\Windows\system32\NotificationUI.exe
2014-08-06 22:16:03 ----A---- C:\Windows\system32\IKEEXT.DLL
2014-08-06 22:16:03 ----A---- C:\Windows\system32\BFE.DLL
2014-08-06 22:16:02 ----A---- C:\Windows\system32\drivers\wfplwfs.sys
2014-08-06 22:15:35 ----A---- C:\Windows\system32\sppsvc.exe
2014-08-06 22:15:32 ----A---- C:\Windows\system32\WSService.dll
2014-08-06 22:15:32 ----A---- C:\Windows\system32\sppobjs.dll
2014-08-06 22:15:31 ----A---- C:\Windows\system32\WinSetupUI.dll
2014-08-06 22:15:30 ----A---- C:\Windows\SYSWOW64\sppc.dll
2014-08-06 22:15:30 ----A---- C:\Windows\system32\sppwinob.dll
2014-08-06 22:15:30 ----A---- C:\Windows\system32\sppc.dll
2014-08-06 22:15:29 ----A---- C:\Windows\SYSWOW64\WSSync.dll
2014-08-06 22:15:29 ----A---- C:\Windows\system32\WSSync.dll
2014-08-06 22:15:28 ----A---- C:\Windows\SYSWOW64\WSClient.dll
2014-08-06 22:15:28 ----A---- C:\Windows\system32\WSClient.dll
2014-08-06 22:15:28 ----A---- C:\Windows\system32\drivers\dam.sys
2014-08-06 22:15:27 ----A---- C:\Windows\SYSWOW64\setupcln.dll
2014-08-06 22:15:27 ----A---- C:\Windows\SYSWOW64\OEMLicense.dll
2014-08-06 22:15:27 ----A---- C:\Windows\system32\setupcln.dll
2014-08-06 22:14:37 ----A---- C:\Windows\system32\rdpudd.dll
2014-08-06 22:14:37 ----A---- C:\Windows\system32\rdpcorets.dll
2014-08-06 22:13:10 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-08-06 22:13:10 ----A---- C:\Windows\system32\imagehlp.dll
2014-08-06 22:13:07 ----A---- C:\Windows\system32\comctl32.dll
2014-08-06 22:13:06 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2014-08-06 22:12:14 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-08-06 22:12:14 ----A---- C:\Windows\system32\osk.exe
2014-08-06 22:11:33 ----A---- C:\Windows\system32\shell32.dll
2014-08-06 22:11:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-06 22:10:51 ----A---- C:\Windows\system32\lsasrv.dll
2014-08-06 22:10:50 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2014-08-06 22:10:50 ----A---- C:\Windows\system32\SHCore.dll
2014-08-06 22:10:49 ----A---- C:\Windows\system32\lsm.dll
2014-08-06 22:09:23 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2014-08-06 22:09:22 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2014-08-06 22:09:05 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-06 22:09:05 ----A---- C:\Windows\system32\vbscript.dll
2014-08-06 22:07:17 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2014-08-06 22:07:17 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2014-08-06 22:05:35 ----A---- C:\Windows\system32\wmpmde.dll
2014-08-06 22:05:35 ----A---- C:\Windows\system32\winmde.dll
2014-08-06 22:05:33 ----A---- C:\Windows\SYSWOW64\netcfgx.dll
2014-08-06 22:05:33 ----A---- C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-08-06 22:05:33 ----A---- C:\Windows\system32\Windows.Globalization.dll
2014-08-06 22:05:32 ----A---- C:\Windows\system32\TimeBrokerServer.dll
2014-08-06 22:05:32 ----A---- C:\Windows\system32\SystemEventsBrokerServer.dll
2014-08-06 22:05:31 ----A---- C:\Windows\system32\wpdbusenum.dll
2014-08-06 22:05:30 ----A---- C:\Windows\SYSWOW64\winmde.dll
2014-08-06 22:05:30 ----A---- C:\Windows\SYSWOW64\Windows.Globalization.dll
2014-08-06 22:05:30 ----A---- C:\Windows\system32\usbmon.dll
2014-08-06 22:05:30 ----A---- C:\Windows\system32\netcfgx.dll
2014-08-06 22:05:30 ----A---- C:\Windows\system32\drivers\bthport.sys
2014-08-06 22:05:29 ----A---- C:\Windows\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2014-08-06 22:05:29 ----A---- C:\Windows\SYSWOW64\drvstore.dll
2014-08-06 22:05:29 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2014-08-06 22:05:28 ----A---- C:\Windows\system32\drvstore.dll
2014-08-06 22:05:27 ----A---- C:\Windows\system32\drivers\rfcomm.sys
2014-08-06 22:05:27 ----A---- C:\Windows\system32\discan.dll
2014-08-06 22:05:26 ----A---- C:\Windows\system32\NdisImPlatform.dll
2014-08-06 22:05:26 ----A---- C:\Windows\system32\fsquirt.exe
2014-08-06 22:05:26 ----A---- C:\Windows\system32\drivers\storahci.sys
2014-08-06 22:05:25 ----A---- C:\Windows\system32\WSDPrintProxy.DLL
2014-08-06 22:05:25 ----A---- C:\Windows\system32\DevDispItemProvider.dll
2014-08-06 22:05:24 ----A---- C:\Windows\SYSWOW64\DevDispItemProvider.dll
2014-08-06 22:05:24 ----A---- C:\Windows\system32\drivers\mouhid.sys
2014-08-06 22:05:24 ----A---- C:\Windows\system32\drivers\monitor.sys
2014-08-06 22:02:52 ----A---- C:\Windows\system32\InkEd.dll
2014-08-06 22:02:48 ----A---- C:\Windows\system32\crypt32.dll
2014-08-06 22:02:47 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-08-06 22:00:30 ----A---- C:\Windows\SYSWOW64\certutil.exe
2014-08-06 22:00:30 ----A---- C:\Windows\system32\certutil.exe
2014-08-06 22:00:29 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2014-08-06 22:00:29 ----A---- C:\Windows\system32\cryptnet.dll
2014-08-06 21:54:24 ----A---- C:\Windows\SYSWOW64\ReAgentc.exe
2014-08-06 21:54:24 ----A---- C:\Windows\system32\ReAgentc.exe
2014-08-06 21:52:32 ----A---- C:\Windows\system32\wmp.dll
2014-08-06 21:52:32 ----A---- C:\Windows\system32\tquery.dll
2014-08-06 21:52:28 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-08-06 21:52:27 ----A---- C:\Windows\system32\mssrch.dll
2014-08-06 21:52:24 ----A---- C:\Windows\SYSWOW64\tquery.dll
2014-08-06 21:52:22 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2014-08-06 21:52:17 ----A---- C:\Windows\system32\MSAudDecMFT.dll
2014-08-06 21:52:14 ----A---- C:\Windows\SYSWOW64\MSAudDecMFT.dll
2014-08-06 21:52:13 ----A---- C:\Windows\system32\kd_02_10ec.dll
2014-08-06 21:52:12 ----A---- C:\Windows\SYSWOW64\mssph.dll
2014-08-06 21:52:12 ----A---- C:\Windows\system32\SearchIndexer.exe
2014-08-06 21:52:11 ----A---- C:\Windows\system32\rsaenh.dll
2014-08-06 21:52:11 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2014-08-06 21:52:10 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2014-08-06 21:52:10 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2014-08-06 21:52:09 ----A---- C:\Windows\system32\Windows.Networking.dll
2014-08-06 21:52:09 ----A---- C:\Windows\system32\mssph.dll
2014-08-06 21:52:09 ----A---- C:\Windows\system32\dwmredir.dll
2014-08-06 21:52:09 ----A---- C:\Windows\system32\conhost.exe
2014-08-06 21:52:08 ----A---- C:\Windows\SYSWOW64\rsaenh.dll
2014-08-06 21:52:08 ----A---- C:\Windows\system32\RecoveryDrive.exe
2014-08-06 21:52:07 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2014-08-06 21:52:07 ----A---- C:\Windows\system32\wpncore.dll
2014-08-06 21:52:06 ----A---- C:\Windows\system32\MFMediaEngine.dll
2014-08-06 21:52:04 ----A---- C:\Windows\system32\dmvdsitf.dll
2014-08-06 21:52:04 ----A---- C:\Windows\system32\ci.dll
2014-08-06 21:52:03 ----A---- C:\Windows\system32\XpsRasterService.dll
2014-08-06 21:52:03 ----A---- C:\Windows\system32\fhengine.dll
2014-08-06 21:52:02 ----A---- C:\Windows\SYSWOW64\Windows.Networking.dll
2014-08-06 21:52:02 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2014-08-06 21:52:02 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll
2014-08-06 21:52:01 ----A---- C:\Windows\SYSWOW64\wscapi.dll
2014-08-06 21:52:01 ----A---- C:\Windows\system32\mfreadwrite.dll
2014-08-06 21:52:00 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2014-08-06 21:52:00 ----A---- C:\Windows\system32\SearchFilterHost.exe
2014-08-06 21:52:00 ----A---- C:\Windows\system32\kdvm.dll
2014-08-06 21:51:59 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2014-08-06 21:51:58 ----A---- C:\Windows\SYSWOW64\dmvdsitf.dll
2014-08-06 21:51:58 ----A---- C:\Windows\system32\iuilp.dll
2014-08-06 21:51:58 ----A---- C:\Windows\system32\drivers\hidbth.sys
2014-08-06 21:51:57 ----A---- C:\Windows\SYSWOW64\mfreadwrite.dll
2014-08-06 21:51:57 ----A---- C:\Windows\system32\wscsvc.dll
2014-08-06 21:51:57 ----A---- C:\Windows\system32\kdnet.dll
2014-08-06 21:51:57 ----A---- C:\Windows\system32\drivers\wanarp.sys
2014-08-06 21:51:56 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2014-08-06 21:51:56 ----A---- C:\Windows\system32\mssvp.dll
2014-08-06 21:51:56 ----A---- C:\Windows\system32\GenuineCenter.dll
2014-08-06 21:51:56 ----A---- C:\Windows\system32\fmifs.dll
2014-08-06 21:51:56 ----A---- C:\Windows\system32\drivers\ndproxy.sys
2014-08-06 21:51:55 ----A---- C:\Windows\SYSWOW64\fmifs.dll
2014-08-06 21:51:55 ----A---- C:\Windows\system32\mssprxy.dll
2014-08-06 21:51:55 ----A---- C:\Windows\system32\msshooks.dll
2014-08-06 21:51:54 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2014-08-06 21:51:54 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2014-08-06 21:51:54 ----A---- C:\Windows\system32\msscntrs.dll
2014-08-06 21:51:07 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2014-08-06 21:51:06 ----A---- C:\Windows\system32\sysmain.dll
2014-08-06 21:51:05 ----A---- C:\Windows\system32\VSSVC.exe
2014-08-06 21:51:05 ----A---- C:\Windows\system32\drivers\rdbss.sys
2014-08-06 21:51:04 ----A---- C:\Windows\system32\BCP47Langs.dll
2014-08-06 21:51:03 ----A---- C:\Windows\system32\netprofmsvc.dll
2014-08-06 21:51:02 ----A---- C:\Windows\SYSWOW64\BCP47Langs.dll
2014-08-06 21:50:59 ----A---- C:\Windows\system32\stobject.dll
2014-08-06 21:50:59 ----A---- C:\Windows\system32\netprofm.dll
2014-08-06 21:50:59 ----A---- C:\Windows\system32\AppXDeploymentExtensions.dll
2014-08-06 21:50:58 ----A---- C:\Windows\system32\psmsrv.dll
2014-08-06 21:50:58 ----A---- C:\Windows\system32\netplwiz.dll
2014-08-06 21:50:58 ----A---- C:\Windows\system32\mfmp4srcsnk.dll
2014-08-06 21:50:58 ----A---- C:\Windows\system32\Magnify.exe
2014-08-06 21:50:57 ----A---- C:\Windows\SYSWOW64\stobject.dll
2014-08-06 21:50:57 ----A---- C:\Windows\SYSWOW64\netplwiz.dll
2014-08-06 21:50:57 ----A---- C:\Windows\system32\DevicePairing.dll
2014-08-06 21:50:55 ----A---- C:\Windows\SYSWOW64\Magnify.exe
2014-08-06 21:50:55 ----A---- C:\Windows\SYSWOW64\DevicePairing.dll
2014-08-06 21:50:55 ----A---- C:\Windows\system32\AuthHost.exe
2014-08-06 21:50:54 ----A---- C:\Windows\SYSWOW64\netprofm.dll
2014-08-06 21:50:54 ----A---- C:\Windows\SYSWOW64\biwinrt.dll
2014-08-06 21:50:54 ----A---- C:\Windows\system32\biwinrt.dll
2014-08-06 21:50:53 ----A---- C:\Windows\system32\bisrv.dll
2014-08-06 21:50:52 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll
2014-08-06 21:50:52 ----A---- C:\Windows\system32\muifontsetup.dll
2014-08-06 21:50:51 ----A---- C:\Windows\SYSWOW64\npmproxy.dll
2014-08-06 21:50:51 ----A---- C:\Windows\SYSWOW64\nlmproxy.dll
2014-08-06 21:50:51 ----A---- C:\Windows\SYSWOW64\muifontsetup.dll
2014-08-06 21:50:50 ----A---- C:\Windows\SYSWOW64\nlmsprep.dll
2014-08-06 21:50:22 ----A---- C:\Windows\SYSWOW64\untfs.dll
2014-08-06 21:50:22 ----A---- C:\Windows\SYSWOW64\autochk.exe
2014-08-06 21:50:22 ----A---- C:\Windows\system32\untfs.dll
2014-08-06 21:50:22 ----A---- C:\Windows\system32\autochk.exe
2014-08-06 21:50:16 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2014-08-06 21:50:16 ----A---- C:\Windows\system32\DWrite.dll
2014-08-06 21:50:14 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2014-08-06 21:50:14 ----A---- C:\Windows\system32\WMVDECOD.DLL
2014-08-06 21:50:13 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-08-06 21:50:13 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-08-06 21:48:49 ----A---- C:\Windows\SYSWOW64\duser.dll
2014-08-06 21:48:49 ----A---- C:\Windows\system32\wlroamextension.dll
2014-08-06 21:48:49 ----A---- C:\Windows\system32\duser.dll
2014-08-06 21:48:47 ----A---- C:\Windows\system32\ncsi.dll
2014-08-06 21:48:46 ----A---- C:\Windows\system32\WWanAPI.dll
2014-08-06 21:48:46 ----A---- C:\Windows\system32\Windows.Networking.Connectivity.dll
2014-08-06 21:48:46 ----A---- C:\Windows\system32\hotspotauth.dll
2014-08-06 21:48:45 ----A---- C:\Windows\SYSWOW64\Windows.Networking.Connectivity.dll
2014-08-06 21:48:45 ----A---- C:\Windows\system32\drivers\ks.sys
2014-08-06 21:48:44 ----A---- C:\Windows\SYSWOW64\WWanAPI.dll
2014-08-06 21:48:44 ----A---- C:\Windows\SYSWOW64\wlroamextension.dll
2014-08-06 21:48:44 ----A---- C:\Windows\system32\tasklist.exe
2014-08-06 21:48:44 ----A---- C:\Windows\system32\taskkill.exe
2014-08-06 21:48:43 ----A---- C:\Windows\SYSWOW64\taskkill.exe
2014-08-06 21:48:43 ----A---- C:\Windows\system32\wpd_ci.dll
2014-08-06 21:48:42 ----A---- C:\Windows\SYSWOW64\tasklist.exe
2014-08-06 21:48:42 ----A---- C:\Windows\system32\wersvc.dll
2014-08-06 21:48:41 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2014-08-06 21:48:35 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2014-08-06 21:48:35 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2014-08-06 21:48:35 ----A---- C:\Windows\system32\atmlib.dll
2014-08-06 21:48:35 ----A---- C:\Windows\system32\atmfd.dll
2014-08-06 21:48:32 ----A---- C:\Windows\system32\win32spl.dll
2014-08-06 21:48:20 ----A---- C:\Windows\SYSWOW64\GdiPlus.dll
2014-08-06 21:48:20 ----A---- C:\Windows\system32\GdiPlus.dll
2014-08-06 21:48:18 ----A---- C:\Windows\system32\drivers\usb8023.sys
2014-08-06 21:47:52 ----A---- C:\Windows\system32\appinfo.dll
2014-08-06 21:47:26 ----A---- C:\Windows\system32\KernelBase.dll
2014-08-06 21:47:26 ----A---- C:\Windows\system32\kerberos.dll
2014-08-06 21:47:25 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-08-06 21:47:25 ----A---- C:\Windows\system32\drivers\cng.sys
2014-08-06 21:47:24 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-08-06 21:47:24 ----A---- C:\Windows\system32\winlogon.exe
2014-08-06 21:47:24 ----A---- C:\Windows\system32\sspicli.dll
2014-08-06 21:47:24 ----A---- C:\Windows\system32\schannel.dll
2014-08-06 21:47:24 ----A---- C:\Windows\system32\msv1_0.dll
2014-08-06 21:47:23 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-08-06 21:47:23 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-08-06 21:47:23 ----A---- C:\Windows\system32\objsel.dll
2014-08-06 21:47:22 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-08-06 21:47:22 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-08-06 21:47:22 ----A---- C:\Windows\system32\dpapisrv.dll
2014-08-06 21:47:21 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2014-08-06 21:47:21 ----A---- C:\Windows\system32\usercpl.dll
2014-08-06 21:47:21 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-08-06 21:47:20 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-08-06 21:47:20 ----A---- C:\Windows\system32\wdigest.dll
2014-08-06 21:47:19 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-08-06 21:47:19 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-08-06 21:47:19 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-08-06 21:47:19 ----A---- C:\Windows\system32\TSpkg.dll
2014-08-06 21:47:19 ----A---- C:\Windows\system32\sspisrv.dll
2014-08-06 21:47:19 ----A---- C:\Windows\system32\lsass.exe
2014-08-06 21:47:19 ----A---- C:\Windows\system32\dimsroam.dll
2014-08-06 21:47:18 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-08-06 21:47:18 ----A---- C:\Windows\system32\workerdd.dll
2014-08-06 21:47:18 ----A---- C:\Windows\system32\credssp.dll
2014-08-06 21:47:03 ----A---- C:\Windows\system32\msdrm.dll
2014-08-06 21:47:02 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-08-06 21:46:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-08-06 21:46:43 ----A---- C:\Windows\system32\msxml3.dll
2014-08-06 21:46:11 ----A---- C:\Windows\system32\d2d1.dll
2014-08-06 21:46:10 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-08-06 21:46:10 ----A---- C:\Windows\system32\d3d10warp.dll
2014-08-06 21:46:08 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-08-06 21:46:06 ----A---- C:\Windows\system32\drivers\afd.sys
2014-08-06 21:46:01 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-08-06 21:45:52 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-08-06 21:45:52 ----A---- C:\Windows\SYSWOW64\apprepsync.dll
2014-08-06 21:45:52 ----A---- C:\Windows\SYSWOW64\apprepapi.dll
2014-08-06 21:45:52 ----A---- C:\Windows\system32\wintrust.dll
2014-08-06 21:45:52 ----A---- C:\Windows\system32\cryptsvc.dll
2014-08-06 21:45:52 ----A---- C:\Windows\system32\apprepsync.dll
2014-08-06 21:45:52 ----A---- C:\Windows\system32\apprepapi.dll
2014-08-06 21:45:47 ----A---- C:\Windows\system32\qedit.dll
2014-08-06 21:45:46 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-08-06 21:45:44 ----A---- C:\Windows\system32\scrobj.dll
2014-08-06 21:45:43 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2014-08-06 21:45:43 ----A---- C:\Windows\SYSWOW64\scrobj.dll
2014-08-06 21:45:43 ----A---- C:\Windows\SYSWOW64\cscript.exe
2014-08-06 21:45:43 ----A---- C:\Windows\system32\scrrun.dll
2014-08-06 21:45:43 ----A---- C:\Windows\system32\cscript.exe
2014-08-06 21:45:42 ----A---- C:\Windows\system32\drivers\http.sys
2014-08-06 21:45:40 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2014-08-06 21:45:40 ----A---- C:\Windows\system32\cryptdlg.dll
2014-08-06 21:45:39 ----A---- C:\Windows\system32\d3d11.dll
2014-08-06 21:45:38 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2014-08-06 21:45:37 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2014-08-06 21:45:37 ----A---- C:\Windows\system32\WMPhoto.dll
2014-08-06 21:45:37 ----A---- C:\Windows\system32\schedsvc.dll
2014-08-06 21:45:36 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-08-06 21:45:35 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-08-06 21:45:34 ----A---- C:\Windows\SYSWOW64\esent.dll
2014-08-06 21:45:33 ----A---- C:\Windows\system32\esent.dll
2014-08-06 21:45:16 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2014-08-06 21:45:16 ----A---- C:\Windows\system32\msieftp.dll
2014-08-06 17:24:14 ----D---- C:\Windows.old
2014-08-06 01:55:58 ----D---- C:\Users\felicia\AppData\Roaming\clear.fiMVPSDK21
2014-08-06 01:27:35 ----N---- C:\Windows\system32\HPDiscoPMC211.dll
2014-08-06 01:26:56 ----D---- C:\ProgramData\HP
2014-08-06 01:26:53 ----D---- C:\Program Files (x86)\HP
2014-08-06 01:24:25 ----D---- C:\Program Files\HP
2014-08-05 23:49:26 ----D---- C:\Program Files (x86)\Adobe
2014-08-05 23:49:01 ----D---- C:\ProgramData\Adobe
2014-08-05 23:45:21 ----D---- C:\Users\felicia\AppData\Roaming\CyberLink
2014-08-05 23:43:04 ----D---- C:\Program Files (x86)\CyberLink
2014-08-05 23:09:44 ----D---- C:\Users\felicia\AppData\Roaming\OpenOffice
2014-08-05 23:03:10 ----D---- C:\Program Files (x86)\OpenOffice 4
2014-08-05 22:24:32 ----D---- C:\Users\felicia\AppData\Roaming\Mozilla
2014-08-05 22:24:25 ----D---- C:\ProgramData\Mozilla
2014-08-05 22:24:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 22:24:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-08-05 22:21:38 ----D---- C:\Users\felicia\AppData\Roaming\Macromedia
2014-08-05 21:35:32 ----A---- C:\Windows\system32\devinv.dll
2014-08-05 21:35:32 ----A---- C:\Windows\system32\aepic.dll
2014-08-05 21:17:57 ----A---- C:\Windows\system32\drivers\portcls.sys
2014-08-05 21:10:08 ----A---- C:\Windows\system32\poqexec.exe
2014-08-05 21:09:58 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2014-08-05 21:09:54 ----A---- C:\Windows\system32\VmHostAI.dll
2014-08-05 21:09:53 ----A---- C:\Windows\system32\tssdisai.dll
2014-08-05 21:09:53 ----A---- C:\Windows\system32\RDWebAI.dll
2014-08-05 21:09:53 ----A---- C:\Windows\system32\appserverai.dll
2014-08-05 21:05:59 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2014-08-05 21:05:55 ----A---- C:\Windows\system32\drivers\usbcir.sys
2014-08-05 21:03:02 ----A---- C:\Windows\system32\drivers\USBXHCI.SYS
2014-08-05 21:03:02 ----A---- C:\Windows\system32\drivers\UCX01000.SYS
2014-08-05 21:00:02 ----A---- C:\Windows\system32\drivers\usbscan.sys
2014-08-05 21:00:01 ----A---- C:\Windows\system32\drivers\usbprint.sys
2014-08-05 21:00:00 ----A---- C:\Windows\system32\drivers\hidusb.sys
2014-08-05 21:00:00 ----A---- C:\Windows\system32\drivers\hidparse.sys
2014-08-05 20:59:42 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-08-05 20:59:42 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-08-05 20:59:42 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-08-05 20:59:42 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-08-05 20:59:41 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-08-05 20:59:41 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-08-05 20:37:14 ----D---- C:\Users\felicia\AppData\Roaming\Atheros
2014-08-05 20:36:30 ----A---- C:\Windows\SYSWOW64\ReAgent.dll
2014-08-05 20:36:30 ----A---- C:\Windows\system32\reseteng.dll
2014-08-05 20:35:49 ----D---- C:\ProgramData\OEM_YAHOO
2014-08-05 20:31:37 ----D---- C:\Users\felicia\AppData\Roaming\Adobe
2014-08-05 20:31:01 ----D---- C:\Users\felicia\AppData\Roaming\Synaptics
2014-08-05 20:28:34 ----D---- C:\Windows\SoftwareDistribution
2014-08-05 20:27:00 ----SD---- C:\Users\felicia\AppData\Roaming\Microsoft
2014-08-05 19:53:26 ----HD---- C:\$SysReset

======List of files/folders modified in the last 1 month======

2014-09-03 11:13:24 ----D---- C:\Windows\system32\sru
2014-09-03 09:27:00 ----D---- C:\Windows\Prefetch
2014-09-03 09:15:13 ----D---- C:\Windows\Temp
2014-09-03 09:14:47 ----D---- C:\Windows\Microsoft.NET
2014-09-03 00:56:56 ----RD---- C:\Program Files
2014-09-02 21:09:15 ----RD---- C:\Windows\System32
2014-09-02 21:09:15 ----D---- C:\Windows\Inf
2014-09-02 21:09:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-02 06:38:59 ----SHD---- C:\System Volume Information
2014-08-27 23:10:06 ----D---- C:\Windows\system32\config
2014-08-26 03:43:18 ----D---- C:\Windows\CbsTemp
2014-08-21 21:27:15 ----D---- C:\Windows\WinSxS
2014-08-21 21:25:24 ----D---- C:\Windows\system32\catroot2
2014-08-20 19:28:28 ----D---- C:\Windows\system32\NDF
2014-08-20 11:34:45 ----SHD---- C:\Windows\Installer
2014-08-20 11:34:44 ----SHD---- C:\Config.Msi
2014-08-20 11:34:17 ----D---- C:\Windows\SysWOW64
2014-08-18 23:34:53 ----D---- C:\Windows\system32\Drivers
2014-08-18 23:34:51 ----D---- C:\Program Files (x86)
2014-08-18 01:47:42 ----D---- C:\Windows\system32\catroot
2014-08-17 15:02:50 ----D---- C:\ProgramData\Acer
2014-08-17 15:02:49 ----D---- C:\Program Files (x86)\Acer
2014-08-17 15:01:22 ----D---- C:\Program Files (x86)\Common Files
2014-08-17 15:00:58 ----D---- C:\ProgramData\Nero
2014-08-17 14:57:20 ----SHD---- C:\$Recycle.Bin
2014-08-17 14:52:36 ----D---- C:\FRST
2014-08-17 14:42:01 ----HD---- C:\ProgramData
2014-08-17 13:25:23 ----RSD---- C:\Windows\assembly
2014-08-17 00:32:48 ----D---- C:\ProgramData\McAfee
2014-08-16 14:32:06 ----D---- C:\Windows\rescache
2014-08-16 13:58:56 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-16 13:58:56 ----D---- C:\Windows\system32\en-US
2014-08-16 13:58:51 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-16 13:58:44 ----D---- C:\Program Files\Internet Explorer
2014-08-16 13:57:11 ----D---- C:\Windows\WinStore
2014-08-16 13:57:09 ----RD---- C:\Windows\ToastData
2014-08-16 13:57:02 ----D---- C:\Windows\system32\DriverStore
2014-08-15 19:35:39 ----D---- C:\Windows\AUInstallAgent
2014-08-15 19:35:16 ----HD---- C:\Program Files\WindowsApps
2014-08-15 19:34:07 ----D---- C:\Windows\system32\wdi
2014-08-14 20:54:44 ----D---- C:\Windows\Logs
2014-08-13 11:50:58 ----D---- C:\ProgramData\Atheros
2014-08-13 11:44:21 ----D---- C:\Program Files\Common Files\microsoft shared
2014-08-13 11:44:13 ----D---- C:\Windows\system32\migration
2014-08-13 11:44:13 ----D---- C:\Windows\PolicyDefinitions
2014-08-13 11:43:35 ----D---- C:\Program Files\Windows Defender
2014-08-13 11:43:34 ----D---- C:\Program Files (x86)\Windows Defender
2014-08-13 11:43:01 ----D---- C:\Windows\system32\wbem
2014-08-13 11:42:50 ----D---- C:\Windows\system32\SecureBootUpdates
2014-08-13 11:42:49 ----D---- C:\Windows\apppatch
2014-08-13 11:42:48 ----D---- C:\Program Files\Windows Journal
2014-08-13 11:41:57 ----D---- C:\Windows\SYSWOW64\wbem
2014-08-13 11:41:28 ----D---- C:\Windows\SYSWOW64\Dism
2014-08-13 11:41:28 ----D---- C:\Program Files\Windows Photo Viewer
2014-08-13 11:41:28 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2014-08-13 11:41:24 ----D---- C:\Windows\system32\Dism
2014-08-13 11:32:02 ----SD---- C:\ProgramData\Microsoft
2014-08-12 06:43:24 ----D---- C:\Windows\system32\LogFiles
2014-08-10 10:37:27 ----HD---- C:\Windows\ELAMBKUP
2014-08-10 02:48:26 ----D---- C:\Windows\system32\Boot
2014-08-10 02:48:23 ----D---- C:\Windows
2014-08-10 02:47:50 ----RSD---- C:\Windows\Fonts
2014-08-10 02:47:39 ----D---- C:\Windows\system32\oobe
2014-08-09 20:51:42 ----D---- C:\Windows\system32\Tasks
2014-08-08 22:34:17 ----D---- C:\Program Files (x86)\McAfee
2014-08-08 16:27:28 ----D---- C:\ProgramData\Norton
2014-08-08 16:27:10 ----D---- C:\Program Files\Common Files
2014-08-07 17:37:42 ----D---- C:\Windows\system32\drivers\UMDF
2014-08-07 14:36:37 ----D---- C:\Windows\servicing
2014-08-06 23:29:27 ----D---- C:\Windows\debug
2014-08-06 23:02:17 ----D---- C:\Program Files (x86)\Microsoft Office
2014-08-06 17:24:14 ----D---- C:\Windows.old(1)
2014-08-06 01:26:53 ----D---- C:\Windows\twain_32
2014-08-05 23:45:41 ----D---- C:\ProgramData\CyberLink
2014-08-05 23:42:45 ----D---- C:\ProgramData\Temp
2014-08-05 23:42:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 23:42:44 ----D---- C:\ProgramData\install_clap
2014-08-05 23:39:20 ----D---- C:\ProgramData\NortonInstaller
2014-08-05 23:23:20 ----D---- C:\Program Files (x86)\WildTangent Games
2014-08-05 23:22:51 ----D---- C:\ProgramData\WildTangent
2014-08-05 22:58:32 ----D---- C:\Windows\system32\restore
2014-08-05 20:36:35 ----HD---- C:\OEM
2014-08-05 20:36:28 ----D---- C:\Windows\system32\OEM
2014-08-05 20:28:40 ----RD---- C:\Windows\ImmersiveControlPanel
2014-08-05 20:28:28 ----D---- C:\Windows\system32\Recovery
2014-08-05 20:27:34 ----D---- C:\Windows\Panther
2014-08-05 20:27:00 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS [2013-09-10 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS [2014-07-23 1148120]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [2014-08-19 1588016]
R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [2013-09-26 162392]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-08-08 486192]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140901.001\IDSvia64.sys [2014-08-30 633560]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [2013-09-10 36952]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [2013-09-27 264280]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [2014-07-23 593112]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-13 11644416]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-13 581120]
R3 athr;@oem8.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-03-29 3776512]
R3 AthrSdSrv;AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [2012-12-01 48760]
R3 AtiHDAudioService;@oem2.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW86.sys [2013-02-15 94208]
R3 BTATH_BUS;@oem9.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-04-15 34384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-08-08 142128]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-20 3363016]
R3 L1C;@oem7.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C63x64.sys [2012-12-19 119528]
R3 LMDriver;@oem1.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\Windows\System32\drivers\LMDriver.sys [2013-01-10 21360]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.003\ENG64.SYS [2014-08-31 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140902.003\EX64.SYS [2014-08-31 2137304]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf_amd64.sys [2013-12-07 18456]
R3 RadioShim;@oem1.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\Windows\System32\drivers\RadioShim.sys [2013-01-10 15704]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [2014-07-23 875736]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2014-08-08 177752]
R3 SynTP;@oem5.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-02-06 469232]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2012-08-29 58536]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\drivers\NISx64\1505000.013\SymELAM.sys [2013-09-10 23568]
S3 AthBTPort;@oem13.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-04-15 89168]
S3 BTATH_A2DP;@oem12.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-04-15 346192]
S3 btath_avdt;@oem12.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-04-15 115280]
S3 BTATH_HCRP;@oem15.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-04-15 179432]
S3 BTATH_LWFLT;@oem17.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-04-15 77464]
S3 BTATH_RCP;@oem19.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-04-15 136784]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-04-15 584272]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\System32\drivers\usbscan.sys [2013-07-02 43008]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2012-07-26 57344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-13 241152]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-04-15 228480]
R2 LMSvc;Launch Manager Service; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-03-15 431656]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [2014-08-01 276376]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-03-15 662088]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-09 65432]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe []
S2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2013-12-07 1229528]
S2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-07 662232]
S3 DeviceFastLaneService;Device Fast-lane Service; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-17 119408]

-----------------EOF-----------------


----------



## wannabeageek (Nov 12, 2009)

ufah said:


> Forgot to mntion, that for some reason I can not get the info.txt this second time around that had to do the scans.
> But yesterday I saw it minimized in the taskbar. Should I uninstalled it and retry to see if I may get that log again??


There is no second time around for the info.txt file. Post the info.txt file from the first run.

Also, explain to me *why you have to run these programs twice*. I have a windows 8 machine and I have no problem running these programs once.

If you cannot post the info.txt file *LOCATED in this Folder> C:\rsit*
you are wasting my time and you will just have to format and re-install your operating system. This would also cure your network connection issue.


----------



## ufah (May 27, 2014)

found the folder thanks for the location,

info.txt logfile of random's system information tool 1.10 2014-09-03 00:57:15

======MBR======

0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AD6B0B000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

clear.fi SDK - Video 2-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}\setup.exe" /z-uninstall
clear.fi SDK- Movie 2-->"C:\Program Files (x86)\InstallShield Installation Information\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}\setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}\setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}\setup.exe" /z-uninstall
-->"C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\Uninstall.exe"
Acer Device Fast-lane-->MsiExec.exe /i {3F62D2FD-13C1-49A2-8B5D-47623D9460D7} PRODUCTNAME="Acer Device Fast-lane" BOOTSTRATOR=1 BRANDNAME="Acer" ISDT=0
Acer Launch Manager-->MsiExec.exe /i {C18D55BD-1EC6-466D-B763-8EEDDDA9100E} BOOTSTRATOR=1 GPRODUCTNAME="Acer Launch Manager" BRANDNAME="Acer" ISDT=0
Acer Power Management-->MsiExec.exe /i {91F52DE4-B789-42B0-9311-A349F10E5479} PRODUCTNAME="Acer Power Management" BRANDNAME="Acer" NEWUPGRADE=0 BOOTSTRATOR=1 ISDT=0
Acer Recovery Management-->Msiexec.exe /i {07F2005A-8CAC-4A4B-83A2-DA98A722CA61} ACER=1 PRODUCTNAME="Acer Recovery Management" REMOVEUSEC=1 BOOTSTRATOR=1 ACERPRELOAD=1
Adobe Flash Player 14 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.08)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
AMD Accelerated Video Transcoding-->MsiExec.exe /X{E1E0840D-AF8E-15D0-4C25-0C98EC5EF472}
AMD Catalyst Install Manager-->msiexec /q/x{29200C76-2ADF-0C62-BE0D-2AC087740379} REBOOT=ReallySuppress
Catalyst Control Center - Branding-->MsiExec.exe /I{5C56AD8F-7317-42CB-B5D9-955F4F4BF6A5}
clear.fi Media-->C:\Program Files (x86)\Acer\clear.fi Media\clearfiSetup.exe -uninstall
clear.fi Photo-->C:\Program Files (x86)\Acer\clear.fi Photo\clearfiSetup.exe -uninstall
CyberLink PowerDVD 13-->"C:\Program Files (x86)\InstallShield Installation Information\{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}\setup.exe" /z-uninstall
CyberLink PowerDVD 13-->"C:\Program Files (x86)\InstallShield Installation Information\{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}\setup.exe" /z-uninstall
HP Deskjet 2540 series Basic Device Software-->MsiExec.exe /I{BD1EFE20-246B-451F-B900-F1214324DF5F}
Identity Card-->MsiExec.exe /X{3D9CB654-99AD-4301-89C6-0D12A790767C}
Live Updater-->MsiExec.exe /X{EE26E302-876A-48D9-9058-3129E5B99999}
Microsoft Office-->MsiExec.exe /X{90150000-0138-0409-0000-0000000FF1CE}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Mozilla Firefox 31.0 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Norton Internet Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\21.5.0.19\InstStub.exe" /X /ARP
OEM Application Profile-->MsiExec.exe /X{C89A97B6-F991-EBB5-77B7-927BCF420EBE}
Office Addin-->MsiExec.exe /I{6D2BBE1D-E600-4695-BA37-0B0E605542CC}
OpenOffice 4.0.1-->MsiExec.exe /I{24B89186-2A56-4D28-B930-6F4FCF224E2F}
QCA CardReader Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{4E0BC999-655B-421D-87F3-640C6F2BFC11}\setup.exe" -runfromtemp -removeonly
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly
Qualcomm Atheros WLAN and Bluetooth Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Secunia PSI (3.0.0.9016)-->"C:\Program Files (x86)\Secunia\PSI\uninstall.exe"
Shared C Run-time for x64-->MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054}
Spotify-->"C:\Program Files (x86)\Spotify\Spotify.exe" /uninstall
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)-->c:\Windows\SysWOW64\msiexec.exe /package {8FB53850-246A-3507-8ADE-0060093FFEA6} /uninstall {1AF8622B-42B6-472C-A634-487025BD7B38} /qb+ REBOOTPROMPT=""
Visual Studio Tools for the Office system 3.0 Runtime-->c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}

======System event log======

Computer Name: allun
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 1185
Source Name: cdrom
Time Written: 20140805091805.645915-000
Event Type: Warning
User:

Computer Name: allun
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McOobeSv service.
Record Number: 1184
Source Name: Service Control Manager
Time Written: 20140805091751.543306-000
Event Type: Error
User:

Computer Name: allun
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
Record Number: 1183
Source Name: Service Control Manager
Time Written: 20140805091721.543260-000
Event Type: Error
User:

Computer Name: allun
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
Record Number: 1182
Source Name: Service Control Manager
Time Written: 20140805091651.542103-000
Event Type: Error
User:

Computer Name: allun
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
Record Number: 1181
Source Name: Service Control Manager
Time Written: 20140805091621.526623-000
Event Type: Error
User:

=====Application event log=====

Computer Name: allun
Event Code: 6005
Message: The winlogon notification subscriber <AUInstallAgent> is taking long time to handle the notification event (StartShell).
Record Number: 911
Source Name: Microsoft-Windows-Winlogon
Time Written: 20140805072940.000000-000
Event Type: Warning
User:

Computer Name: allun
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 882
Source Name: Microsoft-Windows-Search
Time Written: 20140805072722.000000-000
Event Type: Warning
User:

Computer Name: allun
Event Code: 454
Message: services (704) Database recovery/restore failed with unexpected error -1216.
Record Number: 878
Source Name: ESENT
Time Written: 20140805072615.000000-000
Event Type: Error
User:

Computer Name: allun
Event Code: 494
Message: services (704) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\Security\Database\secedit.sdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Record Number: 877
Source Name: ESENT
Time Written: 20140805072615.000000-000
Event Type: Error
User:

Computer Name: WIN-P24F2CTG5R2
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL - 
16 user registry handles leaked from \Registry\User\S-1-5-21-2431524154-3748180158-148446504-500:
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\Disallowed
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\trust
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\CA
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\My
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Policies\Microsoft\SystemCertificates
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Policies\Microsoft\SystemCertificates
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Policies\Microsoft\SystemCertificates
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Policies\Microsoft\SystemCertificates
Process 988 (\Device\HarddiskVolume4\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2431524154-3748180158-148446504-500\Software\Microsoft\SystemCertificates\Root

Record Number: 873
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130601155956.284926-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: WIN-P24F2CTG5R2
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 6472
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130601155942.135580-000
Event Type: Audit Success
User:

Computer Name: WIN-P24F2CTG5R2
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-P24F2CTG5R2$
Account Domain: WORKGROUP
Logon ID: 0x3E7

Logon Type: 5

Impersonation Level: Impersonation

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2c0
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name: 
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi 
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 6471
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130601155942.135580-000
Event Type: Audit Success
User:

Computer Name: WIN-P24F2CTG5R2
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 6470
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130601155939.889154-000
Event Type: Audit Success
User:

Computer Name: WIN-P24F2CTG5R2
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-P24F2CTG5R2$
Account Domain: WORKGROUP
Logon ID: 0x3E7

Logon Type: 5

Impersonation Level: Impersonation

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2c0
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name: 
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi 
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 6469
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130601155939.889154-000
Event Type: Audit Success
User:

Computer Name: WIN-P24F2CTG5R2
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2431524154-3748180158-148446504-500
Account Name: Administrator
Domain Name: WIN-P24F2CTG5R2
Logon ID: 0x1D834
Record Number: 6468
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130601155940.887602-000
Event Type: Audit Success
User:

======Environment variables======

"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=22
"PROCESSOR_IDENTIFIER"=AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0001

-----------------EOF-----------------


----------



## wannabeageek (Nov 12, 2009)

Hi ufah.

Run these while I look over your other logs.

*Step 1.*
*ESET online scanner*

*Note: You can use either Internet Explorer or Mozilla FireFox for this scan.*

_Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select *'Run as administrator' *to perform this scan._

First please *Disable* any* Antivirus * you have active, as shown in *This topic*. Scroll down to find your product.
*Note: Remember to re-enable it after the scan.*
Next hold down Control then click on the following link to open a new window to *ESET online scanner*
Press the Blue *Run ESET Online Scanner* button on the left side of the page.
A popup box will open.
Select the option *YES, I accept the Terms of Use* then click on *Start*.


> *Note:* If using Mozilla Firefox you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.
> _All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox._



When prompted allow the *Add-On/Active X* to install.
Make sure that the option *Remove found threats* is *NOT* checked, and the option *Scan archives* is checked.
Now click on *Advanced Settings* and select the following:


*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Now click on *Start*.
The *virus signature database... *will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the* Online Scan* will begin automatically.
When the scan is completed and you would like the program removed, select *Uninstall application on close. Be sure you have copied the log file first!*
Now click on *Finish*.
Use notepad to open the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt*.
Copy and paste that log as a reply to this topic.

*Note:* *Remember* to re-enable your Anti-Virus application after running the above scan!

*Step 2.*
*TDSSKiller*

Please download *TDSSKiller.exe* and save it to your *Desktop*.

Right click on *TDSSKiller.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Click on *Start Scan*, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to *Cure* and select *Skip*
Now click on *Report* to open the log file created by TDSSKiller in your root directory *C:\*
To find the log go to *Start* > *Computer* > *C:*
A log file should be created on your C: drive named something like *TDSSKiller.2.4.0.0 24.07.2010*.
*Post the contents of that log in your next reply please.*
*DO NOT TRY TO FIX ANYTHING AT THIS POINT*

*Step 3.*
*TSG - SysInfo utility* 
Please download and run SysInfo utility to your desktop.
Right Mouse click *SysInfo.exe*, select "Run As Administrator" to run it... if UAC prompts, please allow it.
Right click, select copy and then paste in your next post.


----------



## ufah (May 27, 2014)

Hi wbg,
Sorry its taking long,...
Had a bit of trouble doing the ESSET online scan, it did not give me the log
at the end but kept a window open where I was given the choice of signing
for a free trial and also checked in *C:\Program Files\ESET\EsetOnlineScanner\log.txt*, but there was no txt file. Should I try again, or should I go ahead with the other scans.


----------



## wannabeageek (Nov 12, 2009)

ufah said:


> Hi wbg,
> Sorry its taking long,...
> Had a bit of trouble doing the ESSET online scan, it did not give me the log
> at the end but kept a window open where I was given the choice of signing
> for a free trial and also checked in *C:\Program Files\ESET\EsetOnlineScanner\log.txt*, but there was no txt file. Should I try again, or should I go ahead with the other scans.


Hi ufah,
Sorry about the misunderstanding where the file is located.

Look in this folder: *C:\Program Files (x86)\ESET\ESET Online Scanner*

The file will be there. Post the complete file and then continue with the other scans.


----------



## ufah (May 27, 2014)

Hi wbg,

I did look in *C:\Program Files (x86)\ESET\ESET Online Scanner,
*but no log*. * I tried to do the scan this time with IE since I've used Mozilla before, still
does not give you a log at the end and it did found a threat.*
*Should I uninstalled it (ESET), can I continue with the remaining scans.*
*
cheers*
*


----------



## wannabeageek (Nov 12, 2009)

ufah said:


> Hi wbg,
> 
> I did look in *C:\Program Files (x86)\ESET\ESET Online Scanner,
> *but no log I tried to do the scan this time with IE since I've used Mozilla before, still
> ...


Run the ESET scan again, using Internet Explorer. When it finishes, it will create a log. Post it. I had a problem using chrome, myself. It works fine with Internet Explorer.


----------



## ufah (May 27, 2014)

Hi wbg,
I've tried twice doing the scan with IE and again with Mozilla Firefox (good three hrs), but no log from the scan in :*C:\Program Files (x86)\ESET\ESET Online Scanner*, all I get is one txt file named log with this on it:
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

We will get back to the eset issue.

Run the TDSSKiller scan in step 2 of my previous post: http://forums.techguy.org/8963179-post64.html


----------



## ufah (May 27, 2014)

Hi wbg,
There were two logs, I'll post the older first

21:37:56.0352 0x1778 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:37:56.0352 0x1778 UEFI system
21:38:04.0495 0x1778 ============================================================
21:38:04.0495 0x1778 Current date / time: 2014/09/09 21:38:04.0495
21:38:04.0495 0x1778 SystemInfo:
21:38:04.0495 0x1778 
21:38:04.0495 0x1778 OS Version: 6.2.9200 ServicePack: 0.0
21:38:04.0495 0x1778 Product type: Workstation
21:38:04.0495 0x1778 ComputerName: ALLUN
21:38:04.0495 0x1778 UserName: felicia
21:38:04.0495 0x1778 Windows directory: C:\Windows
21:38:04.0495 0x1778 System windows directory: C:\Windows
21:38:04.0495 0x1778 Running under WOW64
21:38:04.0495 0x1778 Processor architecture: Intel x64
21:38:04.0495 0x1778 Number of processors: 4
21:38:04.0495 0x1778 Page size: 0x1000
21:38:04.0495 0x1778 Boot type: Normal boot
21:38:04.0495 0x1778 ============================================================
21:38:05.0993 0x1778 KLMD registered as C:\Windows\system32\drivers\59749194.sys
21:38:06.0586 0x1778 System UUID: {0E7FB492-0533-EC73-D56B-6F8D3EADDABC}
21:38:08.0021 0x1778 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:08.0036 0x1778 ============================================================
21:38:08.0036 0x1778 \Device\Harddisk0\DR0:
21:38:08.0036 0x1778 GPT partitions:
21:38:08.0036 0x1778 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {522E7815-D96E-4C31-BF6D-1D73FA315335}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
21:38:08.0036 0x1778 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FDDFF885-5BCF-4DBD-A5F5-F560D2A74896}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
21:38:08.0036 0x1778 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {DF4AE630-F306-4FC4-B454-12924144D676}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
21:38:08.0036 0x1778 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C47FF04A-2D9C-45A6-A2D4-339D03C61D8B}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x385D3000
21:38:08.0036 0x1778 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {19AC1B7E-B8DA-48BA-8483-4E409033DE50}, Name: Basic data partition, StartLBA 0x38771800, BlocksNum 0x1C14800
21:38:08.0036 0x1778 MBR partitions:
21:38:08.0036 0x1778 ============================================================
21:38:08.0052 0x1778 C: <-> \Device\Harddisk0\DR0\Partition4
21:38:08.0052 0x1778 ============================================================
21:38:08.0052 0x1778 Initialize success
21:38:08.0052 0x1778 ============================================================
21:38:18.0879 0x0398 ============================================================
21:38:18.0879 0x0398 Scan started
21:38:18.0879 0x0398 Mode: Manual; 
21:38:18.0879 0x0398 ============================================================
21:38:18.0879 0x0398 KSN ping started
21:38:42.0747 0x0398 KSN ping finished: true
21:38:43.0886 0x0398 ================ Scan system memory ========================
21:38:43.0902 0x0398 System memory - ok
21:38:43.0902 0x0398 ================ Scan services =============================
21:38:44.0136 0x0398 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
21:38:44.0167 0x0398 1394ohci - ok
21:38:44.0245 0x0398 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\Windows\system32\drivers\3ware.sys
21:38:44.0260 0x0398 3ware - ok
21:38:44.0307 0x0398 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:38:44.0338 0x0398 ACPI - ok
21:38:44.0354 0x0398 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\Windows\system32\Drivers\acpiex.sys
21:38:44.0370 0x0398 acpiex - ok
21:38:44.0385 0x0398 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
21:38:44.0401 0x0398 acpipagr - ok
21:38:44.0416 0x0398 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
21:38:44.0416 0x0398 AcpiPmi - ok
21:38:44.0432 0x0398 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\Windows\System32\drivers\acpitime.sys
21:38:44.0432 0x0398 acpitime - ok
21:38:44.0541 0x0398 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:38:44.0557 0x0398 AdobeARMservice - ok
21:38:44.0619 0x0398 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:38:44.0635 0x0398 adp94xx - ok
21:38:44.0713 0x0398 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:38:44.0728 0x0398 adpahci - ok
21:38:44.0760 0x0398 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:38:44.0775 0x0398 adpu320 - ok
21:38:44.0822 0x0398 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:38:44.0838 0x0398 AeLookupSvc - ok
21:38:44.0916 0x0398 [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD C:\Windows\system32\drivers\afd.sys
21:38:44.0947 0x0398 AFD - ok
21:38:44.0994 0x0398 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:38:44.0994 0x0398 agp440 - ok
21:38:45.0040 0x0398 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\Windows\System32\alg.exe
21:38:45.0056 0x0398 ALG - ok
21:38:45.0103 0x0398 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
21:38:45.0118 0x0398 AllUserInstallAgent - ok
21:38:45.0165 0x0398 [ 33D72262D51147E9C7B48B6B68606B95, F5CC2D62D42A8E05F0E3AB35AA11FB85D626D19862A6D13E25CE142220D5C038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:38:45.0181 0x0398 AMD External Events Utility - ok
21:38:45.0212 0x0398 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
21:38:45.0228 0x0398 AmdK8 - ok
21:38:45.0820 0x0398 [ ABFA41E79C787CEF4985BFAE5FCE3BC3, A9BACDCFB9E4553CBA0FDB02BB6AE5808D874EAFFC35D796F18CB8060103F8D1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:46.0420 0x0398 amdkmdag - ok
21:38:46.0530 0x0398 [ 613E9491066C299B31E2AE7326527A6E, BE466465CDC0CC2D7FCDC32F9A732F8878DD908FC1019115BA4ED125B4A46A4D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:38:46.0593 0x0398 amdkmdap - ok
21:38:46.0639 0x0398 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
21:38:46.0655 0x0398 AmdPPM - ok
21:38:46.0686 0x0398 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:38:46.0702 0x0398 amdsata - ok
21:38:46.0749 0x0398 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:38:46.0764 0x0398 amdsbs - ok
21:38:46.0795 0x0398 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:38:46.0795 0x0398 amdxata - ok
21:38:46.0827 0x0398 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\Windows\system32\drivers\appid.sys
21:38:46.0858 0x0398 AppID - ok
21:38:46.0905 0x0398 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:38:46.0920 0x0398 AppIDSvc - ok
21:38:46.0951 0x0398 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\Windows\System32\appinfo.dll
21:38:46.0967 0x0398 Appinfo - ok
21:38:46.0998 0x0398 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\Windows\system32\drivers\arc.sys
21:38:47.0014 0x0398 arc - ok
21:38:47.0061 0x0398 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:38:47.0076 0x0398 arcsas - ok
21:38:47.0092 0x0398 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:47.0107 0x0398 AsyncMac - ok
21:38:47.0123 0x0398 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\Windows\system32\drivers\atapi.sys
21:38:47.0123 0x0398 atapi - ok
21:38:47.0170 0x0398 [ 1E71A166547A110CD66EA44326DB4552, F66502ACBB50760EB0A676CB2560A539511935F016CBA2747C554F709D3FA1FE ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
21:38:47.0185 0x0398 AthBTPort - ok
21:38:47.0310 0x0398 [ C8318A083DE9D8FFCA6E70D3E183490A, 6F8F81F51428B1213C70A3183B436B4DDE2950517B7D22642A7453A1980ACAFB ] AtherosSvc C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
21:38:47.0326 0x0398 AtherosSvc - ok
21:38:47.0544 0x0398 [ B21B37989D3B6E8A54A703DFE13A42D6, B199D9812583D79D3043F63B5FFBC3BA51245A6C9FE9C0DF3D094631A89AB76E ] athr C:\Windows\system32\DRIVERS\athw8x.sys
21:38:47.0778 0x0398 athr - ok
21:38:47.0856 0x0398 [ B18397F6E3BAF5D26DDAD3B3CC192018, F9D7AE4CDB7FD0B692F517EFFF1D54D14D7338DE93F0E7888FB2BF3EFB3171DB ] AthrSdSrv C:\Windows\system32\DRIVERS\athrsd.sys
21:38:47.0856 0x0398 AthrSdSrv - ok
21:38:47.0887 0x0398 [ 005D1AA28FFAA7FB327842B3CAFF726E, F61DC6DE76699DFED378ED96F87019F6DFAC1697AA86679556700D43581DDE61 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
21:38:47.0887 0x0398 AtiHDAudioService - ok
21:38:47.0934 0x0398 [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:38:47.0934 0x0398 AudioEndpointBuilder - ok
21:38:48.0012 0x0398 [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:38:48.0059 0x0398 Audiosrv - ok
21:38:48.0106 0x0398 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:38:48.0121 0x0398 AxInstSV - ok
21:38:48.0184 0x0398 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:38:48.0231 0x0398 b06bdrv - ok
21:38:48.0262 0x0398 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
21:38:48.0262 0x0398 BasicDisplay - ok
21:38:48.0277 0x0398 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
21:38:48.0277 0x0398 BasicRender - ok
21:38:48.0309 0x0398 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\Windows\System32\bdesvc.dll
21:38:48.0324 0x0398 BDESVC - ok
21:38:48.0340 0x0398 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\Windows\system32\drivers\Beep.sys
21:38:48.0340 0x0398 Beep - ok
21:38:48.0402 0x0398 [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE C:\Windows\System32\bfe.dll
21:38:48.0480 0x0398 BFE - ok
21:38:48.0652 0x0398 [ F0F1D0C0854978F9187EAA047E407EE6, C90B529F8A11F48C353450E932C85BEE3158E2E34A270A3676F4BE367DDBCAF1 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys
21:38:48.0761 0x0398 BHDrvx64 - ok
21:38:48.0870 0x0398 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\Windows\System32\qmgr.dll
21:38:48.0917 0x0398 BITS - ok
21:38:48.0948 0x0398 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:38:48.0964 0x0398 bowser - ok
21:38:48.0995 0x0398 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:38:49.0011 0x0398 BrokerInfrastructure - ok
21:38:49.0057 0x0398 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\Windows\System32\browser.dll
21:38:49.0073 0x0398 Browser - ok
21:38:49.0151 0x0398 [ 5ED7B1EE371751CF2ACAE89E7FC566FA, 965A4A754D8418F1DCF421277799754D55D78F8AD6652C56879D22208F5B5DCA ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
21:38:49.0167 0x0398 BTATH_A2DP - ok
21:38:49.0198 0x0398 [ 31BDF24D1C9213A0E891568FE643C79C, DA6C06A282934E87D4BB8E4356C76898B5AAC79C1634440CE09514F22EE3112B ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
21:38:49.0198 0x0398 btath_avdt - ok
21:38:49.0213 0x0398 [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
21:38:49.0213 0x0398 BTATH_BUS - ok
21:38:49.0229 0x0398 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
21:38:49.0229 0x0398 BTATH_HCRP - ok
21:38:49.0245 0x0398 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:38:49.0260 0x0398 BTATH_LWFLT - ok
21:38:49.0276 0x0398 [ 31EC5FC3FC5CB273F2709AAF4AD88ED4, 804401CEBBB24443AE0A304FCF5CB6B0D7679BA7FC5DC3BFF968B0B44FE34EC1 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
21:38:49.0276 0x0398 BTATH_RCP - ok
21:38:49.0323 0x0398 [ 0D70E980F91FDBF3DB55922CECCE4616, 8800CBFB91CFDE6980D689F928E259298330DF91357F0DDD9D6E51D4462AD144 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
21:38:49.0354 0x0398 BtFilter - ok
21:38:49.0385 0x0398 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
21:38:49.0385 0x0398 BthAvrcpTg - ok
21:38:49.0432 0x0398 [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
21:38:49.0447 0x0398 BthEnum - ok
21:38:49.0479 0x0398 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
21:38:49.0479 0x0398 BthHFEnum - ok
21:38:49.0510 0x0398 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
21:38:49.0510 0x0398 bthhfhid - ok
21:38:49.0525 0x0398 [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
21:38:49.0541 0x0398 BthLEEnum - ok
21:38:49.0557 0x0398 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
21:38:49.0557 0x0398 BTHMODEM - ok
21:38:49.0588 0x0398 [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:38:49.0603 0x0398 BthPan - ok
21:38:49.0697 0x0398 [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:38:49.0775 0x0398 BTHPORT - ok
21:38:49.0853 0x0398 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\Windows\system32\bthserv.dll
21:38:49.0853 0x0398 bthserv - ok
21:38:49.0900 0x0398 [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:38:49.0915 0x0398 BTHUSB - ok
21:38:49.0993 0x0398 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys
21:38:50.0009 0x0398 ccSet_NIS - ok
21:38:50.0040 0x0398 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:38:50.0056 0x0398 cdfs - ok
21:38:50.0118 0x0398 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\Windows\System32\drivers\cdrom.sys
21:38:50.0134 0x0398 cdrom - ok
21:38:50.0165 0x0398 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\Windows\System32\certprop.dll
21:38:50.0181 0x0398 CertPropSvc - ok
21:38:50.0196 0x0398 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\Windows\System32\drivers\circlass.sys
21:38:50.0212 0x0398 circlass - ok
21:38:50.0243 0x0398 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\Windows\system32\drivers\CLFS.sys
21:38:50.0274 0x0398 CLFS - ok
21:38:50.0321 0x0398 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
21:38:50.0321 0x0398 CmBatt - ok
21:38:50.0399 0x0398 [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG C:\Windows\system32\Drivers\cng.sys
21:38:50.0430 0x0398 CNG - ok
21:38:50.0446 0x0398 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
21:38:50.0446 0x0398 CompositeBus - ok
21:38:50.0461 0x0398 COMSysApp - ok
21:38:50.0477 0x0398 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\Windows\system32\drivers\condrv.sys
21:38:50.0477 0x0398 condrv - ok
21:38:50.0508 0x0398 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:38:50.0524 0x0398 CryptSvc - ok
21:38:50.0555 0x0398 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\Windows\system32\drivers\dam.sys
21:38:50.0555 0x0398 dam - ok
21:38:50.0649 0x0398 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:38:50.0695 0x0398 DcomLaunch - ok
21:38:50.0758 0x0398 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\Windows\System32\defragsvc.dll
21:38:50.0789 0x0398 defragsvc - ok
21:38:50.0836 0x0398 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
21:38:50.0867 0x0398 DeviceAssociationService - ok
21:38:50.0961 0x0398 [ D06DB4200F9444B2386E6C0E68CD574A, 7266A22D6AF86813CF8AB13BE40384D20C24CE72EF75B0C467C5F88F5B058B1E ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
21:38:50.0992 0x0398 DeviceFastLaneService - ok
21:38:51.0039 0x0398 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
21:38:51.0070 0x0398 DeviceInstall - ok
21:38:51.0117 0x0398 [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
21:38:51.0132 0x0398 Dfsc - ok
21:38:51.0195 0x0398 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:38:51.0226 0x0398 Dhcp - ok
21:38:51.0273 0x0398 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\Windows\system32\drivers\discache.sys
21:38:51.0273 0x0398 discache - ok
21:38:51.0319 0x0398 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\Windows\system32\drivers\disk.sys
21:38:51.0335 0x0398 disk - ok
21:38:51.0351 0x0398 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
21:38:51.0366 0x0398 dmvsc - ok
21:38:51.0413 0x0398 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:38:51.0429 0x0398 Dnscache - ok
21:38:51.0475 0x0398 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\Windows\System32\dot3svc.dll
21:38:51.0507 0x0398 dot3svc - ok
21:38:51.0538 0x0398 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\Windows\system32\dps.dll
21:38:51.0538 0x0398 DPS - ok
21:38:51.0585 0x0398 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:38:51.0585 0x0398 drmkaud - ok
21:38:51.0616 0x0398 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
21:38:51.0647 0x0398 DsmSvc - ok
21:38:51.0787 0x0398 [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:38:51.0881 0x0398 DXGKrnl - ok
21:38:51.0928 0x0398 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\Windows\System32\eapsvc.dll
21:38:51.0943 0x0398 Eaphost - ok
21:38:52.0146 0x0398 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:38:52.0396 0x0398 ebdrv - ok
21:38:52.0521 0x0398 [ 5E346ADBAD5110EAB2E9808ABE877A00, 4B72C34E41B8AA15D166F65B5A037A1230A9FF65F827D18A57E2198573616EAD ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:38:52.0552 0x0398 eeCtrl - ok
21:38:52.0599 0x0398 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS C:\Windows\System32\lsass.exe
21:38:52.0614 0x0398 EFS - ok
21:38:52.0661 0x0398 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
21:38:52.0677 0x0398 EhStorClass - ok
21:38:52.0708 0x0398 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:38:52.0723 0x0398 EhStorTcgDrv - ok
21:38:52.0833 0x0398 [ 616E1B9130314EB0E331197940AA625B, A4736A31EFF6D35A27B0EC14A7C855B7577301500E20CE936B0F1C0013F0FDF0 ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
21:38:52.0864 0x0398 ePowerSvc - ok
21:38:52.0911 0x0398 [ 773ACF5823046FA40D7FD898559A7228, 7DF39C42F781E7864CC791E3449CCDF0124930D128D168E8F9C80374640FFBE7 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:38:52.0911 0x0398 EraserUtilRebootDrv - ok
21:38:52.0942 0x0398 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\Windows\System32\drivers\errdev.sys
21:38:52.0942 0x0398 ErrDev - ok
21:38:53.0051 0x0398 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\Windows\system32\es.dll
21:38:53.0067 0x0398 EventSystem - ok
21:38:53.0098 0x0398 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\Windows\system32\drivers\exfat.sys
21:38:53.0113 0x0398 exfat - ok
21:38:53.0145 0x0398 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:38:53.0160 0x0398 fastfat - ok
21:38:53.0207 0x0398 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\Windows\system32\fxssvc.exe
21:38:53.0269 0x0398 Fax - ok
21:38:53.0301 0x0398 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\Windows\System32\drivers\fdc.sys
21:38:53.0301 0x0398 fdc - ok
21:38:53.0332 0x0398 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\Windows\system32\fdPHost.dll
21:38:53.0332 0x0398 fdPHost - ok
21:38:53.0363 0x0398 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\Windows\system32\fdrespub.dll
21:38:53.0363 0x0398 FDResPub - ok
21:38:53.0394 0x0398 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\Windows\system32\fhsvc.dll
21:38:53.0394 0x0398 fhsvc - ok

second log in next post


----------



## ufah (May 27, 2014)

second log created two minutes after

21:39:22.0474 0x1868 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:39:22.0474 0x1868 UEFI system
21:39:25.0999 0x1868 ============================================================
21:39:25.0999 0x1868 Current date / time: 2014/09/09 21:39:25.0999
21:39:25.0999 0x1868 SystemInfo:
21:39:25.0999 0x1868 
21:39:25.0999 0x1868 OS Version: 6.2.9200 ServicePack: 0.0
21:39:25.0999 0x1868 Product type: Workstation
21:39:25.0999 0x1868 ComputerName: ALLUN
21:39:25.0999 0x1868 UserName: felicia
21:39:25.0999 0x1868 Windows directory: C:\Windows
21:39:25.0999 0x1868 System windows directory: C:\Windows
21:39:25.0999 0x1868 Running under WOW64
21:39:25.0999 0x1868 Processor architecture: Intel x64
21:39:25.0999 0x1868 Number of processors: 4
21:39:25.0999 0x1868 Page size: 0x1000
21:39:25.0999 0x1868 Boot type: Normal boot
21:39:25.0999 0x1868 ============================================================
21:39:26.0561 0x1868 System UUID: {0E7FB492-0533-EC73-D56B-6F8D3EADDABC}
21:39:27.0825 0x1868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:39:27.0840 0x1868 ============================================================
21:39:27.0840 0x1868 \Device\Harddisk0\DR0:
21:39:27.0856 0x1868 GPT partitions:
21:39:27.0871 0x1868 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {522E7815-D96E-4C31-BF6D-1D73FA315335}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
21:39:27.0871 0x1868 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FDDFF885-5BCF-4DBD-A5F5-F560D2A74896}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
21:39:27.0871 0x1868 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {DF4AE630-F306-4FC4-B454-12924144D676}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
21:39:27.0871 0x1868 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C47FF04A-2D9C-45A6-A2D4-339D03C61D8B}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x385D3000
21:39:27.0871 0x1868 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {19AC1B7E-B8DA-48BA-8483-4E409033DE50}, Name: Basic data partition, StartLBA 0x38771800, BlocksNum 0x1C14800
21:39:27.0871 0x1868 MBR partitions:
21:39:27.0871 0x1868 ============================================================
21:39:27.0887 0x1868 C: <-> \Device\Harddisk0\DR0\Partition4
21:39:27.0887 0x1868 ============================================================
21:39:27.0887 0x1868 Initialize success
21:39:27.0887 0x1868 ============================================================
21:39:31.0600 0x1620 ============================================================
21:39:31.0600 0x1620 Scan started
21:39:31.0600 0x1620 Mode: Manual; 
21:39:31.0600 0x1620 ============================================================
21:39:31.0600 0x1620 KSN ping started
21:39:54.0938 0x1620 KSN ping finished: true
21:39:56.0045 0x1620 ================ Scan system memory ========================
21:39:56.0045 0x1620 System memory - ok
21:39:56.0045 0x1620 ================ Scan services =============================
21:39:56.0295 0x1620 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
21:39:56.0311 0x1620 1394ohci - ok
21:39:56.0357 0x1620 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\Windows\system32\drivers\3ware.sys
21:39:56.0357 0x1620 3ware - ok
21:39:56.0404 0x1620 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:39:56.0420 0x1620 ACPI - ok
21:39:56.0435 0x1620 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\Windows\system32\Drivers\acpiex.sys
21:39:56.0451 0x1620 acpiex - ok
21:39:56.0451 0x1620 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
21:39:56.0467 0x1620 acpipagr - ok
21:39:56.0482 0x1620 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
21:39:56.0482 0x1620 AcpiPmi - ok
21:39:56.0513 0x1620 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\Windows\System32\drivers\acpitime.sys
21:39:56.0513 0x1620 acpitime - ok
21:39:56.0623 0x1620 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:39:56.0638 0x1620 AdobeARMservice - ok
21:39:56.0701 0x1620 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:39:56.0716 0x1620 adp94xx - ok
21:39:56.0779 0x1620 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:39:56.0810 0x1620 adpahci - ok
21:39:56.0841 0x1620 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:39:56.0857 0x1620 adpu320 - ok
21:39:56.0919 0x1620 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:39:56.0935 0x1620 AeLookupSvc - ok
21:39:57.0013 0x1620 [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD C:\Windows\system32\drivers\afd.sys
21:39:57.0028 0x1620 AFD - ok
21:39:57.0091 0x1620 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:39:57.0091 0x1620 agp440 - ok
21:39:57.0153 0x1620 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\Windows\System32\alg.exe
21:39:57.0153 0x1620 ALG - ok
21:39:57.0215 0x1620 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
21:39:57.0215 0x1620 AllUserInstallAgent - ok
21:39:57.0278 0x1620 [ 33D72262D51147E9C7B48B6B68606B95, F5CC2D62D42A8E05F0E3AB35AA11FB85D626D19862A6D13E25CE142220D5C038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:39:57.0293 0x1620 AMD External Events Utility - ok
21:39:57.0325 0x1620 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
21:39:57.0340 0x1620 AmdK8 - ok
21:39:57.0933 0x1620 [ ABFA41E79C787CEF4985BFAE5FCE3BC3, A9BACDCFB9E4553CBA0FDB02BB6AE5808D874EAFFC35D796F18CB8060103F8D1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:39:58.0385 0x1620 amdkmdag - ok
21:39:58.0495 0x1620 [ 613E9491066C299B31E2AE7326527A6E, BE466465CDC0CC2D7FCDC32F9A732F8878DD908FC1019115BA4ED125B4A46A4D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:39:58.0526 0x1620 amdkmdap - ok
21:39:58.0573 0x1620 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
21:39:58.0588 0x1620 AmdPPM - ok
21:39:58.0604 0x1620 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:39:58.0619 0x1620 amdsata - ok
21:39:58.0666 0x1620 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:39:58.0682 0x1620 amdsbs - ok
21:39:58.0697 0x1620 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:39:58.0697 0x1620 amdxata - ok
21:39:58.0729 0x1620 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\Windows\system32\drivers\appid.sys
21:39:58.0729 0x1620 AppID - ok
21:39:58.0760 0x1620 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:39:58.0760 0x1620 AppIDSvc - ok
21:39:58.0807 0x1620 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\Windows\System32\appinfo.dll
21:39:58.0807 0x1620 Appinfo - ok
21:39:58.0822 0x1620 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\Windows\system32\drivers\arc.sys
21:39:58.0838 0x1620 arc - ok
21:39:58.0885 0x1620 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:39:58.0885 0x1620 arcsas - ok
21:39:58.0916 0x1620 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:58.0916 0x1620 AsyncMac - ok
21:39:58.0947 0x1620 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\Windows\system32\drivers\atapi.sys
21:39:58.0947 0x1620 atapi - ok
21:39:58.0994 0x1620 [ 1E71A166547A110CD66EA44326DB4552, F66502ACBB50760EB0A676CB2560A539511935F016CBA2747C554F709D3FA1FE ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
21:39:58.0994 0x1620 AthBTPort - ok
21:39:59.0103 0x1620 [ C8318A083DE9D8FFCA6E70D3E183490A, 6F8F81F51428B1213C70A3183B436B4DDE2950517B7D22642A7453A1980ACAFB ] AtherosSvc C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
21:39:59.0119 0x1620 AtherosSvc - ok
21:39:59.0353 0x1620 [ B21B37989D3B6E8A54A703DFE13A42D6, B199D9812583D79D3043F63B5FFBC3BA51245A6C9FE9C0DF3D094631A89AB76E ] athr C:\Windows\system32\DRIVERS\athw8x.sys
21:39:59.0509 0x1620 athr - ok
21:39:59.0587 0x1620 [ B18397F6E3BAF5D26DDAD3B3CC192018, F9D7AE4CDB7FD0B692F517EFFF1D54D14D7338DE93F0E7888FB2BF3EFB3171DB ] AthrSdSrv C:\Windows\system32\DRIVERS\athrsd.sys
21:39:59.0587 0x1620 AthrSdSrv - ok
21:39:59.0649 0x1620 [ 005D1AA28FFAA7FB327842B3CAFF726E, F61DC6DE76699DFED378ED96F87019F6DFAC1697AA86679556700D43581DDE61 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
21:39:59.0649 0x1620 AtiHDAudioService - ok
21:39:59.0696 0x1620 [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:39:59.0711 0x1620 AudioEndpointBuilder - ok
21:39:59.0821 0x1620 [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:39:59.0852 0x1620 Audiosrv - ok
21:39:59.0883 0x1620 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:39:59.0899 0x1620 AxInstSV - ok
21:39:59.0977 0x1620 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:40:00.0008 0x1620 b06bdrv - ok
21:40:00.0039 0x1620 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
21:40:00.0039 0x1620 BasicDisplay - ok
21:40:00.0055 0x1620 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
21:40:00.0055 0x1620 BasicRender - ok
21:40:00.0086 0x1620 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\Windows\System32\bdesvc.dll
21:40:00.0101 0x1620 BDESVC - ok
21:40:00.0117 0x1620 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\Windows\system32\drivers\Beep.sys
21:40:00.0117 0x1620 Beep - ok
21:40:00.0179 0x1620 [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE C:\Windows\System32\bfe.dll
21:40:00.0211 0x1620 BFE - ok
21:40:00.0398 0x1620 [ F0F1D0C0854978F9187EAA047E407EE6, C90B529F8A11F48C353450E932C85BEE3158E2E34A270A3676F4BE367DDBCAF1 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys
21:40:00.0460 0x1620 BHDrvx64 - ok
21:40:00.0601 0x1620 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\Windows\System32\qmgr.dll
21:40:00.0647 0x1620 BITS - ok
21:40:00.0663 0x1620 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:40:00.0663 0x1620 bowser - ok
21:40:00.0694 0x1620 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:40:00.0710 0x1620 BrokerInfrastructure - ok
21:40:00.0741 0x1620 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\Windows\System32\browser.dll
21:40:00.0757 0x1620 Browser - ok
21:40:00.0819 0x1620 [ 5ED7B1EE371751CF2ACAE89E7FC566FA, 965A4A754D8418F1DCF421277799754D55D78F8AD6652C56879D22208F5B5DCA ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
21:40:00.0835 0x1620 BTATH_A2DP - ok
21:40:00.0850 0x1620 [ 31BDF24D1C9213A0E891568FE643C79C, DA6C06A282934E87D4BB8E4356C76898B5AAC79C1634440CE09514F22EE3112B ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
21:40:00.0850 0x1620 btath_avdt - ok
21:40:00.0866 0x1620 [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
21:40:00.0866 0x1620 BTATH_BUS - ok
21:40:00.0881 0x1620 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
21:40:00.0897 0x1620 BTATH_HCRP - ok
21:40:00.0897 0x1620 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:40:00.0913 0x1620 BTATH_LWFLT - ok
21:40:00.0928 0x1620 [ 31EC5FC3FC5CB273F2709AAF4AD88ED4, 804401CEBBB24443AE0A304FCF5CB6B0D7679BA7FC5DC3BFF968B0B44FE34EC1 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
21:40:00.0928 0x1620 BTATH_RCP - ok
21:40:00.0975 0x1620 [ 0D70E980F91FDBF3DB55922CECCE4616, 8800CBFB91CFDE6980D689F928E259298330DF91357F0DDD9D6E51D4462AD144 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
21:40:01.0006 0x1620 BtFilter - ok
21:40:01.0037 0x1620 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
21:40:01.0037 0x1620 BthAvrcpTg - ok
21:40:01.0084 0x1620 [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
21:40:01.0084 0x1620 BthEnum - ok
21:40:01.0115 0x1620 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
21:40:01.0115 0x1620 BthHFEnum - ok
21:40:01.0131 0x1620 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
21:40:01.0147 0x1620 bthhfhid - ok
21:40:01.0178 0x1620 [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
21:40:01.0193 0x1620 BthLEEnum - ok
21:40:01.0209 0x1620 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
21:40:01.0225 0x1620 BTHMODEM - ok
21:40:01.0256 0x1620  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:40:01.0271 0x1620 BthPan - ok
21:40:01.0381 0x1620 [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:40:01.0427 0x1620 BTHPORT - ok
21:40:01.0474 0x1620 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\Windows\system32\bthserv.dll
21:40:01.0490 0x1620 bthserv - ok
21:40:01.0505 0x1620 [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:40:01.0521 0x1620 BTHUSB - ok
21:40:01.0583 0x1620 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys
21:40:01.0599 0x1620 ccSet_NIS - ok
21:40:01.0630 0x1620 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:40:01.0646 0x1620 cdfs - ok
21:40:01.0708 0x1620 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\Windows\System32\drivers\cdrom.sys
21:40:01.0724 0x1620 cdrom - ok
21:40:01.0771 0x1620 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\Windows\System32\certprop.dll
21:40:01.0786 0x1620 CertPropSvc - ok
21:40:01.0817 0x1620 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\Windows\System32\drivers\circlass.sys
21:40:01.0817 0x1620 circlass - ok
21:40:01.0864 0x1620 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\Windows\system32\drivers\CLFS.sys
21:40:01.0895 0x1620 CLFS - ok
21:40:01.0927 0x1620 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
21:40:01.0927 0x1620 CmBatt - ok
21:40:01.0973 0x1620 [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG C:\Windows\system32\Drivers\cng.sys
21:40:01.0989 0x1620 CNG - ok
21:40:02.0020 0x1620 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
21:40:02.0020 0x1620 CompositeBus - ok
21:40:02.0020 0x1620 COMSysApp - ok
21:40:02.0036 0x1620 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\Windows\system32\drivers\condrv.sys
21:40:02.0036 0x1620 condrv - ok
21:40:02.0083 0x1620 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:40:02.0083 0x1620 CryptSvc - ok
21:40:02.0114 0x1620 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\Windows\system32\drivers\dam.sys
21:40:02.0114 0x1620 dam - ok
21:40:02.0223 0x1620 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:40:02.0270 0x1620 DcomLaunch - ok
21:40:02.0332 0x1620 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\Windows\System32\defragsvc.dll
21:40:02.0348 0x1620 defragsvc - ok
21:40:02.0379 0x1620 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
21:40:02.0395 0x1620 DeviceAssociationService - ok
21:40:02.0488 0x1620 [ D06DB4200F9444B2386E6C0E68CD574A, 7266A22D6AF86813CF8AB13BE40384D20C24CE72EF75B0C467C5F88F5B058B1E ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
21:40:02.0519 0x1620 DeviceFastLaneService - ok
21:40:02.0566 0x1620 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
21:40:02.0566 0x1620 DeviceInstall - ok
21:40:02.0597 0x1620 [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
21:40:02.0613 0x1620 Dfsc - ok
21:40:02.0660 0x1620 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:40:02.0675 0x1620 Dhcp - ok
21:40:02.0722 0x1620 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\Windows\system32\drivers\discache.sys
21:40:02.0722 0x1620 discache - ok
21:40:02.0753 0x1620 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\Windows\system32\drivers\disk.sys
21:40:02.0753 0x1620 disk - ok
21:40:02.0785 0x1620 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
21:40:02.0785 0x1620 dmvsc - ok
21:40:02.0816 0x1620 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:40:02.0831 0x1620 Dnscache - ok
21:40:02.0863 0x1620 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\Windows\System32\dot3svc.dll
21:40:02.0878 0x1620 dot3svc - ok
21:40:02.0894 0x1620 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\Windows\system32\dps.dll
21:40:02.0894 0x1620 DPS - ok
21:40:02.0941 0x1620 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:40:02.0941 0x1620 drmkaud - ok
21:40:02.0972 0x1620 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
21:40:02.0987 0x1620 DsmSvc - ok
21:40:03.0097 0x1620 [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:40:03.0143 0x1620 DXGKrnl - ok
21:40:03.0206 0x1620 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\Windows\System32\eapsvc.dll
21:40:03.0206 0x1620 Eaphost - ok
21:40:03.0409 0x1620 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:40:03.0533 0x1620 ebdrv - ok
21:40:03.0596 0x1620 [ 5E346ADBAD5110EAB2E9808ABE877A00, 4B72C34E41B8AA15D166F65B5A037A1230A9FF65F827D18A57E2198573616EAD ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:40:03.0643 0x1620 eeCtrl - ok
21:40:03.0674 0x1620 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS C:\Windows\System32\lsass.exe
21:40:03.0674 0x1620 EFS - ok
21:40:03.0721 0x1620 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
21:40:03.0721 0x1620 EhStorClass - ok
21:40:03.0752 0x1620 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:40:03.0752 0x1620 EhStorTcgDrv - ok
21:40:03.0861 0x1620 [ 616E1B9130314EB0E331197940AA625B, A4736A31EFF6D35A27B0EC14A7C855B7577301500E20CE936B0F1C0013F0FDF0 ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
21:40:03.0892 0x1620 ePowerSvc - ok
21:40:03.0923 0x1620 [ 773ACF5823046FA40D7FD898559A7228, 7DF39C42F781E7864CC791E3449CCDF0124930D128D168E8F9C80374640FFBE7 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:40:03.0939 0x1620 EraserUtilRebootDrv - ok
21:40:03.0955 0x1620 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\Windows\System32\drivers\errdev.sys
21:40:03.0955 0x1620 ErrDev - ok
21:40:04.0033 0x1620 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\Windows\system32\es.dll
21:40:04.0064 0x1620 EventSystem - ok
21:40:04.0095 0x1620 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\Windows\system32\drivers\exfat.sys
21:40:04.0095 0x1620 exfat - ok
21:40:04.0142 0x1620 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:40:04.0142 0x1620 fastfat - ok
21:40:04.0204 0x1620 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\Windows\system32\fxssvc.exe
21:40:04.0235 0x1620 Fax - ok
21:40:04.0267 0x1620 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\Windows\System32\drivers\fdc.sys
21:40:04.0267 0x1620 fdc - ok
21:40:04.0282 0x1620 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\Windows\system32\fdPHost.dll
21:40:04.0298 0x1620 fdPHost - ok
21:40:04.0298 0x1620 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\Windows\system32\fdrespub.dll
21:40:04.0313 0x1620 FDResPub - ok
21:40:04.0329 0x1620 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\Windows\system32\fhsvc.dll
21:40:04.0329 0x1620 fhsvc - ok
21:40:04.0360 0x1620 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:40:04.0376 0x1620 FileInfo - ok
21:40:04.0391 0x1620 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:40:04.0391 0x1620 Filetrace - ok
21:40:04.0423 0x1620 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
21:40:04.0423 0x1620 flpydisk - ok
21:40:04.0454 0x1620 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:40:04.0469 0x1620 FltMgr - ok
21:40:04.0579 0x1620 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\Windows\system32\FntCache.dll
21:40:04.0672 0x1620 FontCache - ok
21:40:04.0813 0x1620 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:40:04.0828 0x1620 FontCache3.0.0.0 - ok
21:40:04.0844 0x1620 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:40:04.0844 0x1620 FsDepends - ok
21:40:04.0859 0x1620 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:40:04.0875 0x1620 Fs_Rec - ok
21:40:04.0937 0x1620 [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:40:04.0969 0x1620 fvevol - ok
21:40:05.0000 0x1620 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
21:40:05.0000 0x1620 FxPPM - ok
21:40:05.0015 0x1620 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:40:05.0031 0x1620 gagp30kx - ok
21:40:05.0062 0x1620 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
21:40:05.0062 0x1620 gencounter - ok
21:40:05.0093 0x1620 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
21:40:05.0093 0x1620 GPIOClx0101 - ok
21:40:05.0218 0x1620 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\Windows\System32\gpsvc.dll
21:40:05.0296 0x1620 gpsvc - ok
21:40:05.0359 0x1620 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:40:05.0374 0x1620 HdAudAddService - ok
21:40:05.0405 0x1620 [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
21:40:05.0405 0x1620 HDAudBus - ok
21:40:05.0452 0x1620 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
21:40:05.0452 0x1620 HidBatt - ok
21:40:05.0483 0x1620 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\Windows\System32\drivers\hidbth.sys
21:40:05.0483 0x1620 HidBth - ok
21:40:05.0515 0x1620 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
21:40:05.0515 0x1620 hidi2c - ok
21:40:05.0530 0x1620 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\Windows\System32\drivers\hidir.sys
21:40:05.0530 0x1620 HidIr - ok
21:40:05.0577 0x1620 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\Windows\system32\hidserv.dll
21:40:05.0577 0x1620 hidserv - ok
21:40:05.0608 0x1620 [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb C:\Windows\System32\drivers\hidusb.sys
21:40:05.0608 0x1620 HidUsb - ok
21:40:05.0655 0x1620 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:40:05.0655 0x1620 hkmsvc - ok
21:40:05.0686 0x1620 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:40:05.0702 0x1620 HomeGroupListener - ok
21:40:05.0764 0x1620 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:40:05.0780 0x1620 HomeGroupProvider - ok
21:40:05.0827 0x1620 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:40:05.0827 0x1620 HpSAMD - ok
21:40:05.0920 0x1620 [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:40:05.0967 0x1620 HTTP - ok
21:40:05.0998 0x1620 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:40:05.0998 0x1620 hwpolicy - ok
21:40:06.0029 0x1620 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
21:40:06.0029 0x1620 hyperkbd - ok
21:40:06.0061 0x1620 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
21:40:06.0061 0x1620 HyperVideo - ok
21:40:06.0092 0x1620 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
21:40:06.0107 0x1620 i8042prt - ok
21:40:06.0170 0x1620 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:40:06.0201 0x1620 iaStorV - ok
21:40:06.0310 0x1620 [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140907.003\IDSvia64.sys
21:40:06.0373 0x1620 IDSVia64 - ok
21:40:06.0404 0x1620 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:40:06.0419 0x1620 iirsp - ok
21:40:06.0513 0x1620 [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT C:\Windows\System32\ikeext.dll
21:40:06.0591 0x1620 IKEEXT - ok
21:40:06.0794 0x1620 [ 7D7711B0F972C73AE46105B42092D82E, AC66AE06B65C03BCEE2FF90732B13B651862382CDFEE85A6B5497DF3A2FF75A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:40:07.0028 0x1620 IntcAzAudAddService - ok
21:40:07.0106 0x1620 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\Windows\system32\drivers\intelide.sys
21:40:07.0121 0x1620 intelide - ok
21:40:07.0153 0x1620 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\Windows\System32\drivers\intelppm.sys
21:40:07.0168 0x1620 intelppm - ok
21:40:07.0199 0x1620 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:07.0215 0x1620 IpFilterDriver - ok
21:40:07.0309 0x1620 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:40:07.0371 0x1620 iphlpsvc - ok
21:40:07.0418 0x1620 [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
21:40:07.0418 0x1620 IPMIDRV - ok
21:40:07.0465 0x1620 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:40:07.0465 0x1620 IPNAT - ok
21:40:07.0496 0x1620 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:40:07.0496 0x1620 IRENUM - ok
21:40:07.0543 0x1620 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:40:07.0558 0x1620 isapnp - ok
21:40:07.0605 0x1620 [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
21:40:07.0636 0x1620 iScsiPrt - ok
21:40:07.0652 0x1620 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
21:40:07.0652 0x1620 kbdclass - ok
21:40:07.0667 0x1620 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
21:40:07.0683 0x1620 kbdhid - ok
21:40:07.0699 0x1620 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
21:40:07.0699 0x1620 kdnic - ok
21:40:07.0714 0x1620 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso C:\Windows\system32\lsass.exe
21:40:07.0730 0x1620 KeyIso - ok
21:40:07.0761 0x1620 [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:40:07.0761 0x1620 KSecDD - ok
21:40:07.0792 0x1620 [ 3DD9C86EA88E8B5A51904AD87E1F2E78, F9EC9A571212117C01934CD29057EB1B3FA095F670294244AF7D9387D3F6E555 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:40:07.0808 0x1620 KSecPkg - ok
21:40:07.0823 0x1620 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:40:07.0823 0x1620 ksthunk - ok
21:40:07.0901 0x1620 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:40:07.0933 0x1620 KtmRm - ok
21:40:07.0979 0x1620 [ B914A7133D759C53FAA5C08F33C09A4E, CBB24CECD689A56826EBA5CC6901ADD6E9BFCC27272B4DC2951E1E08B01609BC ] L1C C:\Windows\system32\DRIVERS\L1C63x64.sys
21:40:07.0979 0x1620 L1C - ok
21:40:08.0042 0x1620 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:40:08.0073 0x1620 LanmanServer - ok
21:40:08.0135 0x1620 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:08.0151 0x1620 LanmanWorkstation - ok
21:40:08.0182 0x1620 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:40:08.0198 0x1620 lltdio - ok
21:40:08.0245 0x1620 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:40:08.0260 0x1620 lltdsvc - ok
21:40:08.0307 0x1620 [ 95DD1E89A772A383E0FDC677A2E2ED44, 94701ACC1F4D5422CB7084609BC25D34A05F68829DB5030AA6697BD7DBC3B0B2 ] LMDriver C:\Windows\System32\drivers\LMDriver.sys
21:40:08.0307 0x1620 LMDriver - ok
21:40:08.0323 0x1620 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:40:08.0338 0x1620 lmhosts - ok
21:40:08.0416 0x1620 [ E1A37D1BF2F57345D078C324693F6A38, 99EF79344DB7EB1EBCABA716112FD23A350574BD67C451F421207E5341704504 ] LMSvc C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
21:40:08.0432 0x1620 LMSvc - ok
21:40:08.0479 0x1620 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:40:08.0494 0x1620 LSI_SAS - ok
21:40:08.0525 0x1620 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:40:08.0525 0x1620 LSI_SAS2 - ok
21:40:08.0557 0x1620 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:40:08.0557 0x1620 LSI_SCSI - ok
21:40:08.0588 0x1620 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
21:40:08.0588 0x1620 LSI_SSS - ok
21:40:08.0650 0x1620 [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM C:\Windows\System32\lsm.dll
21:40:08.0681 0x1620 LSM - ok
21:40:08.0713 0x1620 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\Windows\system32\drivers\luafv.sys
21:40:08.0713 0x1620 luafv - ok
21:40:08.0744 0x1620 McAfee SiteAdvisor Service - ok
21:40:08.0791 0x1620 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\Windows\system32\drivers\megasas.sys
21:40:08.0791 0x1620 megasas - ok
21:40:08.0837 0x1620 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:40:08.0853 0x1620 MegaSR - ok
21:40:08.0916 0x1620 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\Windows\system32\mmcss.dll
21:40:08.0931 0x1620 MMCSS - ok
21:40:08.0962 0x1620 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\Windows\system32\drivers\modem.sys
21:40:08.0962 0x1620 Modem - ok
21:40:08.0993 0x1620 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\Windows\System32\drivers\monitor.sys
21:40:09.0009 0x1620 monitor - ok
21:40:09.0040 0x1620 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\Windows\System32\drivers\mouclass.sys
21:40:09.0040 0x1620 mouclass - ok
21:40:09.0071 0x1620 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\Windows\System32\drivers\mouhid.sys
21:40:09.0071 0x1620 mouhid - ok
21:40:09.0118 0x1620 [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:40:09.0134 0x1620 mountmgr - ok
21:40:09.0181 0x1620 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:40:09.0196 0x1620 MozillaMaintenance - ok
21:40:09.0243 0x1620 [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:40:09.0243 0x1620 mpsdrv - ok
21:40:09.0337 0x1620 [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:40:09.0383 0x1620 MpsSvc - ok
21:40:09.0430 0x1620 [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:40:09.0446 0x1620 MRxDAV - ok
21:40:09.0508 0x1620 [ 7A761AEE58658378BBA45D360F874CB0, 31972E63D93E07D92EF69571B7ED1E69B1358DCA5BEED62A9372F6411B4DFDB3 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:09.0524 0x1620 mrxsmb - ok
21:40:09.0555 0x1620 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:09.0571 0x1620 mrxsmb10 - ok
21:40:09.0602 0x1620 [ 697B78CE3925E4FBFC544232A5E9E2EB, 2D03425513572F6098BAAF82C0EDB49EBAB88438971D349CA1917DA0BDB76334 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:09.0617 0x1620 mrxsmb20 - ok
21:40:09.0649 0x1620 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
21:40:09.0649 0x1620 MsBridge - ok
21:40:09.0696 0x1620 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\Windows\System32\msdtc.exe
21:40:09.0711 0x1620 MSDTC - ok
21:40:09.0758 0x1620 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:40:09.0773 0x1620 Msfs - ok
21:40:09.0789 0x1620 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
21:40:09.0789 0x1620 msgpiowin32 - ok
21:40:09.0805 0x1620 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:40:09.0805 0x1620 mshidkmdf - ok
21:40:09.0820 0x1620 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
21:40:09.0836 0x1620 mshidumdf - ok
21:40:09.0836 0x1620 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:40:09.0851 0x1620 msisadrv - ok
21:40:09.0883 0x1620 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:40:09.0883 0x1620 MSiSCSI - ok
21:40:09.0898 0x1620 msiserver - ok
21:40:09.0929 0x1620 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:40:09.0929 0x1620 MSKSSRV - ok
21:40:09.0929 0x1620 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
21:40:09.0945 0x1620 MsLldp - ok
21:40:09.0961 0x1620 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:09.0961 0x1620 MSPCLOCK - ok
21:40:09.0976 0x1620 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:40:09.0992 0x1620 MSPQM - ok


----------



## ufah (May 27, 2014)

and the rest of the second, since it was too many characters...

21:40:10.0054 0x1620 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:40:10.0085 0x1620 MsRPC - ok
21:40:10.0101 0x1620 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
21:40:10.0117 0x1620 mssmbios - ok
21:40:10.0132 0x1620 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:40:10.0132 0x1620 MSTEE - ok
21:40:10.0148 0x1620 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
21:40:10.0148 0x1620 MTConfig - ok
21:40:10.0163 0x1620 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\Windows\system32\Drivers\mup.sys
21:40:10.0179 0x1620 Mup - ok
21:40:10.0210 0x1620 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\Windows\system32\drivers\mvumis.sys
21:40:10.0210 0x1620 mvumis - ok
21:40:10.0288 0x1620 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\Windows\system32\qagentRT.dll
21:40:10.0304 0x1620 napagent - ok
21:40:10.0366 0x1620 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:40:10.0382 0x1620 NativeWifiP - ok
21:40:10.0475 0x1620 [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140908.018\ENG64.SYS
21:40:10.0475 0x1620 NAVENG - ok
21:40:10.0600 0x1620 [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140908.018\EX64.SYS
21:40:10.0709 0x1620 NAVEX15 - ok
21:40:10.0772 0x1620 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\Windows\System32\ncasvc.dll
21:40:10.0787 0x1620 NcaSvc - ok
21:40:10.0803 0x1620 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
21:40:10.0819 0x1620 NcdAutoSetup - ok
21:40:10.0897 0x1620 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\Windows\system32\drivers\ndis.sys
21:40:10.0975 0x1620 NDIS - ok
21:40:10.0990 0x1620 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:40:11.0006 0x1620 NdisCap - ok
21:40:11.0022 0x1620 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
21:40:11.0037 0x1620 NdisImPlatform - ok
21:40:11.0053 0x1620 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:11.0053 0x1620 NdisTapi - ok
21:40:11.0068 0x1620 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:11.0068 0x1620 Ndisuio - ok
21:40:11.0099 0x1620 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:11.0115 0x1620 NdisWan - ok
21:40:11.0131 0x1620 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:11.0146 0x1620 NDISWANLEGACY - ok
21:40:11.0178 0x1620 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:40:11.0178 0x1620 NDProxy - ok
21:40:11.0193 0x1620 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\Windows\system32\drivers\Ndu.sys
21:40:11.0209 0x1620 Ndu - ok
21:40:11.0209 0x1620 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:40:11.0224 0x1620 NetBIOS - ok
21:40:11.0240 0x1620 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:40:11.0255 0x1620 NetBT - ok
21:40:11.0287 0x1620 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon C:\Windows\system32\lsass.exe
21:40:11.0287 0x1620 Netlogon - ok
21:40:11.0349 0x1620 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman  C:\Windows\System32\netman.dll
21:40:11.0365 0x1620 Netman - ok
21:40:11.0411 0x1620 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\Windows\System32\netprofmsvc.dll
21:40:11.0443 0x1620 netprofm - ok
21:40:11.0505 0x1620 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:40:11.0552 0x1620 NetTcpPortSharing - ok
21:40:11.0614 0x1620 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:40:11.0630 0x1620 nfrd960 - ok
21:40:11.0692 0x1620 [ DA97E7798C1B1B265436BF6B2026E74D, 0A9B176D46E53A5B28262C143410CFB3C4D7ABC12F9F0E0BCE6526E11C01FF4B ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
21:40:11.0724 0x1620 NIS - ok
21:40:11.0786 0x1620 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:40:11.0817 0x1620 NlaSvc - ok
21:40:11.0833 0x1620 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:40:11.0848 0x1620 Npfs - ok
21:40:11.0880 0x1620 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
21:40:11.0895 0x1620 npsvctrig - ok
21:40:11.0926 0x1620 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\Windows\system32\nsisvc.dll
21:40:11.0942 0x1620 nsi - ok
21:40:11.0958 0x1620 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:40:11.0973 0x1620 nsiproxy - ok
21:40:12.0129 0x1620 [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:40:12.0223 0x1620 Ntfs - ok
21:40:12.0285 0x1620 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\Windows\system32\drivers\Null.sys
21:40:12.0285 0x1620 Null - ok
21:40:12.0316 0x1620 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:40:12.0332 0x1620 nvraid - ok
21:40:12.0363 0x1620 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:40:12.0379 0x1620 nvstor - ok
21:40:12.0410 0x1620 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:40:12.0425 0x1620 nv_agp - ok
21:40:12.0472 0x1620 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:40:12.0488 0x1620 p2pimsvc - ok
21:40:12.0535 0x1620 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\Windows\system32\p2psvc.dll
21:40:12.0550 0x1620 p2psvc - ok
21:40:12.0597 0x1620 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\Windows\System32\drivers\parport.sys
21:40:12.0597 0x1620 Parport - ok
21:40:12.0628 0x1620 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:40:12.0628 0x1620 partmgr - ok
21:40:12.0691 0x1620 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:40:12.0722 0x1620 PcaSvc - ok
21:40:12.0737 0x1620 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\Windows\system32\drivers\pci.sys
21:40:12.0753 0x1620 pci - ok
21:40:12.0784 0x1620 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\Windows\system32\drivers\pciide.sys
21:40:12.0784 0x1620 pciide - ok
21:40:12.0815 0x1620 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:40:12.0831 0x1620 pcmcia - ok
21:40:12.0847 0x1620 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\Windows\system32\drivers\pcw.sys
21:40:12.0847 0x1620 pcw - ok
21:40:12.0878 0x1620 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\Windows\system32\drivers\pdc.sys
21:40:12.0878 0x1620 pdc - ok
21:40:12.0940 0x1620 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:40:13.0003 0x1620 PEAUTH - ok
21:40:13.0190 0x1620 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:40:13.0206 0x1620 PerfHost - ok
21:40:13.0361 0x1620 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\Windows\system32\pla.dll
21:40:13.0439 0x1620 pla - ok
21:40:13.0471 0x1620 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:40:13.0486 0x1620 PlugPlay - ok
21:40:13.0502 0x1620 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:40:13.0517 0x1620 PNRPAutoReg - ok
21:40:13.0533 0x1620 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:40:13.0549 0x1620 PNRPsvc - ok
21:40:13.0627 0x1620 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:40:13.0658 0x1620 PolicyAgent - ok
21:40:13.0720 0x1620 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\Windows\system32\umpo.dll
21:40:13.0720 0x1620 Power - ok
21:40:13.0767 0x1620 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:40:13.0767 0x1620 PptpMiniport - ok
21:40:13.0985 0x1620 [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
21:40:14.0142 0x1620 PrintNotify - ok
21:40:14.0204 0x1620 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\Windows\System32\drivers\processr.sys
21:40:14.0204 0x1620 Processor - ok
21:40:14.0251 0x1620 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc C:\Windows\system32\profsvc.dll
21:40:14.0266 0x1620 ProfSvc - ok
21:40:14.0298 0x1620 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:40:14.0313 0x1620 Psched - ok
21:40:14.0360 0x1620 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
21:40:14.0360 0x1620 PSI - ok
21:40:14.0407 0x1620 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\Windows\system32\qwave.dll
21:40:14.0422 0x1620 QWAVE - ok
21:40:14.0438 0x1620 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:40:14.0453 0x1620 QWAVEdrv - ok
21:40:14.0485 0x1620 [ E94067155C8AA4EF134CB2528E0C9CD7, 6EEF603F64827AB138930DFE379BF8E48E64AE8AA5EE7B9E0CA369022BAAA2EA ] RadioShim C:\Windows\System32\drivers\RadioShim.sys
21:40:14.0485 0x1620 RadioShim - ok
21:40:14.0500 0x1620 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:40:14.0500 0x1620 RasAcd - ok
21:40:14.0532 0x1620 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:40:14.0547 0x1620 RasAgileVpn - ok
21:40:14.0594 0x1620 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\Windows\System32\rasauto.dll
21:40:14.0609 0x1620 RasAuto - ok
21:40:14.0656 0x1620 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:14.0672 0x1620 Rasl2tp - ok
21:40:14.0719 0x1620 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\Windows\System32\rasmans.dll
21:40:14.0734 0x1620 RasMan - ok
21:40:14.0765 0x1620 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:14.0765 0x1620 RasPppoe - ok
21:40:14.0781 0x1620 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:40:14.0781 0x1620 RasSstp - ok
21:40:14.0828 0x1620 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:40:14.0843 0x1620 rdbss - ok
21:40:14.0875 0x1620 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
21:40:14.0875 0x1620 rdpbus - ok
21:40:14.0890 0x1620 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:40:14.0890 0x1620 RDPDR - ok
21:40:14.0921 0x1620 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:40:14.0921 0x1620 RdpVideoMiniport - ok
21:40:14.0953 0x1620 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:40:14.0968 0x1620 RDPWD - ok
21:40:14.0984 0x1620 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:40:14.0999 0x1620 rdyboost - ok
21:40:15.0046 0x1620 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:40:15.0062 0x1620 RemoteAccess - ok
21:40:15.0109 0x1620 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:40:15.0124 0x1620 RemoteRegistry - ok
21:40:15.0156 0x1620 [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
21:40:15.0171 0x1620 RFCOMM - ok
21:40:15.0187 0x1620 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:40:15.0202 0x1620 RpcEptMapper - ok
21:40:15.0234 0x1620 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\Windows\system32\locator.exe
21:40:15.0234 0x1620 RpcLocator - ok
21:40:15.0327 0x1620 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\Windows\system32\rpcss.dll
21:40:15.0358 0x1620 RpcSs - ok
21:40:15.0405 0x1620 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:40:15.0421 0x1620 rspndr - ok
21:40:15.0436 0x1620 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
21:40:15.0436 0x1620 s3cap - ok
21:40:15.0468 0x1620 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs C:\Windows\system32\lsass.exe
21:40:15.0468 0x1620 SamSs - ok
21:40:15.0499 0x1620 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:40:15.0499 0x1620 sbp2port - ok
21:40:15.0546 0x1620 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:40:15.0577 0x1620 SCardSvr - ok
21:40:15.0624 0x1620 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:40:15.0624 0x1620 scfilter - ok
21:40:15.0717 0x1620 [ 03F58B3FA4B5329F21F770B1EF8D984A, 32976E64E4960E5996E3CA2F8BA9374E01201C461DE52AF0FA14BA75C784AC25 ] Schedule C:\Windows\system32\schedsvc.dll
21:40:15.0842 0x1620 Schedule - ok
21:40:15.0889 0x1620 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:40:15.0904 0x1620 SCPolicySvc - ok
21:40:15.0951 0x1620 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\Windows\System32\drivers\sdbus.sys
21:40:15.0982 0x1620 sdbus - ok
21:40:16.0029 0x1620 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:40:16.0060 0x1620 SDRSVC - ok
21:40:16.0092 0x1620 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\Windows\System32\drivers\sdstor.sys
21:40:16.0107 0x1620 sdstor - ok
21:40:16.0138 0x1620 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:40:16.0138 0x1620 secdrv - ok
21:40:16.0170 0x1620 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\Windows\system32\seclogon.dll
21:40:16.0170 0x1620 seclogon - ok
21:40:16.0279 0x1620 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:40:16.0341 0x1620 Secunia PSI Agent - ok
21:40:16.0388 0x1620 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
21:40:16.0435 0x1620 Secunia Update Agent - ok
21:40:16.0482 0x1620 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\Windows\System32\sens.dll
21:40:16.0497 0x1620 SENS - ok
21:40:16.0559 0x1620 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:40:16.0591 0x1620 SensrSvc - ok
21:40:16.0638 0x1620 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\Windows\system32\drivers\SerCx.sys
21:40:16.0638 0x1620 SerCx - ok
21:40:16.0669 0x1620 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\Windows\System32\drivers\serenum.sys
21:40:16.0669 0x1620 Serenum - ok
21:40:16.0700 0x1620 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\Windows\System32\drivers\serial.sys
21:40:16.0700 0x1620 Serial - ok
21:40:16.0731 0x1620 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\Windows\System32\drivers\sermouse.sys
21:40:16.0731 0x1620 sermouse - ok
21:40:16.0794 0x1620 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\Windows\system32\sessenv.dll
21:40:16.0825 0x1620 SessionEnv - ok
21:40:16.0872 0x1620 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
21:40:16.0872 0x1620 sfloppy - ok
21:40:16.0934 0x1620 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:40:16.0950 0x1620 SharedAccess - ok
21:40:17.0043 0x1620 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:17.0090 0x1620 ShellHWDetection - ok
21:40:17.0137 0x1620 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:40:17.0152 0x1620 SiSRaid2 - ok
21:40:17.0199 0x1620 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:40:17.0215 0x1620 SiSRaid4 - ok
21:40:17.0262 0x1620 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:40:17.0277 0x1620 SNMPTRAP - ok
21:40:17.0324 0x1620 [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport C:\Windows\system32\drivers\spaceport.sys
21:40:17.0355 0x1620 spaceport - ok
21:40:17.0371 0x1620 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
21:40:17.0386 0x1620 SpbCx - ok
21:40:17.0464 0x1620 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\Windows\System32\spoolsv.exe
21:40:17.0496 0x1620 Spooler - ok
21:40:17.0792 0x1620 [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc C:\Windows\system32\sppsvc.exe
21:40:18.0104 0x1620 sppsvc - ok
21:40:18.0291 0x1620 [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] SRTSP C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS
21:40:18.0338 0x1620 SRTSP - ok
21:40:18.0369 0x1620 [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS
21:40:18.0385 0x1620 SRTSPX - ok
21:40:18.0432 0x1620 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\Windows\system32\DRIVERS\srv.sys
21:40:18.0463 0x1620 srv - ok
21:40:18.0510 0x1620 [ 8504ADDE9C146C6295B16D13A0007560, 715E3752AE4A276FA8DAFA3B52B699C45D97E747CB25FE4AE307241D206319B7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:40:18.0588 0x1620 srv2 - ok
21:40:18.0634 0x1620 [ BB0F9E19C5CE4DC765B263E2A5561DE1, F7DBC96E049625E4312D8F588FCF2B4AC6318C04D04758982FE9B51DABEC2DAE ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:40:18.0650 0x1620 srvnet - ok
21:40:18.0712 0x1620 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:40:18.0728 0x1620 SSDPSRV - ok
21:40:18.0744 0x1620 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:40:18.0759 0x1620 SstpSvc - ok
21:40:18.0790 0x1620 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:40:18.0790 0x1620 stexstor - ok
21:40:18.0853 0x1620 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\Windows\System32\wiaservc.dll
21:40:18.0915 0x1620 stisvc - ok
21:40:18.0946 0x1620 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\Windows\system32\drivers\storahci.sys
21:40:18.0946 0x1620 storahci - ok
21:40:18.0962 0x1620 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:40:18.0978 0x1620 storflt - ok
21:40:18.0993 0x1620 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\Windows\system32\storsvc.dll
21:40:18.0993 0x1620 StorSvc - ok
21:40:19.0009 0x1620 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:40:19.0024 0x1620 storvsc - ok
21:40:19.0040 0x1620 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\Windows\system32\svsvc.dll
21:40:19.0040 0x1620 svsvc - ok
21:40:19.0056 0x1620 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\Windows\System32\drivers\swenum.sys
21:40:19.0056 0x1620 swenum - ok
21:40:19.0087 0x1620 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\Windows\System32\swprv.dll
21:40:19.0134 0x1620 swprv - ok
21:40:19.0212 0x1620 [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS
21:40:19.0243 0x1620 SymDS - ok
21:40:19.0352 0x1620 [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS
21:40:19.0414 0x1620 SymEFA - ok
21:40:19.0446 0x1620 [ 20F758E6339A16F97DD83389D582E09A, 837016154B7952B645B5545AEB8E2A8878EFA8674E6B96471C3DB5E458B06960 ] SymELAM C:\Windows\system32\drivers\NISx64\1505000.013\SymELAM.sys
21:40:19.0446 0x1620 SymELAM - ok
21:40:19.0492 0x1620 [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:40:19.0508 0x1620 SymEvent - ok
21:40:19.0570 0x1620 [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS
21:40:19.0586 0x1620 SymIRON - ok
21:40:19.0648 0x1620 [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS
21:40:19.0695 0x1620 SymNetS - ok
21:40:19.0758 0x1620 [ 58D6878DACD9C4EA81D352914254426B, 54642AC8ED9360F99A2B3962F5F0DD42A8B2249A2A4DD4E69E6048894A199604 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:40:19.0804 0x1620 SynTP - ok
21:40:19.0898 0x1620 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\Windows\system32\sysmain.dll
21:40:19.0992 0x1620 SysMain - ok
21:40:20.0038 0x1620 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
21:40:20.0054 0x1620 SystemEventsBroker - ok
21:40:20.0101 0x1620 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:20.0116 0x1620 TabletInputService - ok
21:40:20.0132 0x1620 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:40:20.0148 0x1620 TapiSrv - ok
21:40:20.0319 0x1620 [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:40:20.0428 0x1620 Tcpip - ok
21:40:20.0569 0x1620 [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:40:20.0662 0x1620 TCPIP6 - ok
21:40:20.0740 0x1620 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:40:20.0740 0x1620 tcpipreg - ok
21:40:20.0772 0x1620 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:40:20.0772 0x1620 tdx - ok
21:40:20.0803 0x1620 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\Windows\System32\drivers\terminpt.sys
21:40:20.0803 0x1620 terminpt - ok
21:40:20.0881 0x1620 [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService C:\Windows\System32\termsrv.dll
21:40:20.0928 0x1620 TermService - ok
21:40:20.0943 0x1620 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\Windows\system32\themeservice.dll
21:40:20.0943 0x1620 Themes - ok
21:40:20.0974 0x1620 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\Windows\system32\mmcss.dll
21:40:20.0990 0x1620 THREADORDER - ok
21:40:21.0021 0x1620 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
21:40:21.0037 0x1620 TimeBroker - ok
21:40:21.0068 0x1620 [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM C:\Windows\system32\drivers\tpm.sys
21:40:21.0084 0x1620 TPM - ok
21:40:21.0115 0x1620 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\Windows\System32\trkwks.dll
21:40:21.0130 0x1620 TrkWks - ok
21:40:21.0193 0x1620 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:40:21.0208 0x1620 TrustedInstaller - ok
21:40:21.0271 0x1620 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:40:21.0271 0x1620 TsUsbFlt - ok
21:40:21.0302 0x1620 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
21:40:21.0302 0x1620 TsUsbGD - ok
21:40:21.0333 0x1620 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:40:21.0349 0x1620 tunnel - ok
21:40:21.0380 0x1620 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:40:21.0380 0x1620 uagp35 - ok
21:40:21.0411 0x1620 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
21:40:21.0411 0x1620 UASPStor - ok
21:40:21.0458 0x1620 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
21:40:21.0458 0x1620 UCX01000 - ok
21:40:21.0520 0x1620 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:40:21.0552 0x1620 udfs - ok
21:40:21.0598 0x1620 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:40:21.0598 0x1620 UI0Detect - ok
21:40:21.0645 0x1620 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:40:21.0661 0x1620 uliagpkx - ok
21:40:21.0676 0x1620 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\Windows\System32\drivers\umbus.sys
21:40:21.0692 0x1620 umbus - ok
21:40:21.0708 0x1620 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\Windows\System32\drivers\umpass.sys
21:40:21.0723 0x1620 UmPass - ok
21:40:21.0754 0x1620 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\Windows\System32\umrdp.dll
21:40:21.0770 0x1620 UmRdpService - ok
21:40:21.0817 0x1620 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\Windows\System32\upnphost.dll
21:40:21.0879 0x1620 upnphost - ok
21:40:21.0910 0x1620 [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
21:40:21.0926 0x1620 usbccgp - ok
21:40:21.0942 0x1620 [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir C:\Windows\System32\drivers\usbcir.sys
21:40:21.0957 0x1620 usbcir - ok
21:40:21.0973 0x1620 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci C:\Windows\System32\drivers\usbehci.sys
21:40:21.0988 0x1620 usbehci - ok
21:40:22.0020 0x1620 [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:40:22.0020 0x1620 usbfilter - ok
21:40:22.0082 0x1620 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub C:\Windows\System32\drivers\usbhub.sys
21:40:22.0113 0x1620 usbhub - ok
21:40:22.0160 0x1620 [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
21:40:22.0191 0x1620 USBHUB3 - ok
21:40:22.0222 0x1620 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\Windows\System32\drivers\usbohci.sys
21:40:22.0238 0x1620 usbohci - ok
21:40:22.0254 0x1620 [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint C:\Windows\System32\drivers\usbprint.sys
21:40:22.0269 0x1620 usbprint - ok
21:40:22.0285 0x1620 [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan C:\Windows\System32\drivers\usbscan.sys
21:40:22.0285 0x1620 usbscan - ok
21:40:22.0316 0x1620 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
21:40:22.0316 0x1620 USBSTOR - ok
21:40:22.0347 0x1620 [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
21:40:22.0347 0x1620 usbuhci - ok
21:40:22.0394 0x1620 [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:40:22.0410 0x1620 usbvideo - ok
21:40:22.0441 0x1620 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
21:40:22.0456 0x1620 USBXHCI - ok
21:40:22.0472 0x1620 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc C:\Windows\system32\lsass.exe
21:40:22.0488 0x1620 VaultSvc - ok
21:40:22.0534 0x1620 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:40:22.0534 0x1620 vdrvroot - ok
21:40:22.0612 0x1620 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\Windows\System32\vds.exe
21:40:22.0675 0x1620 vds - ok
21:40:22.0690 0x1620 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
21:40:22.0690 0x1620 VerifierExt - ok
21:40:22.0753 0x1620 [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
21:40:22.0768 0x1620 vhdmp - ok
21:40:22.0800 0x1620 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\Windows\system32\drivers\viaide.sys
21:40:22.0800 0x1620 viaide - ok
21:40:22.0831 0x1620 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:40:22.0831 0x1620 vmbus - ok
21:40:22.0846 0x1620 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
21:40:22.0846 0x1620 VMBusHID - ok
21:40:22.0909 0x1620 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\Windows\System32\ICSvc.dll
21:40:22.0940 0x1620 vmicheartbeat - ok
21:40:22.0956 0x1620 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
21:40:22.0971 0x1620 vmickvpexchange - ok
21:40:23.0002 0x1620 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\Windows\System32\ICSvc.dll
21:40:23.0018 0x1620 vmicrdv - ok
21:40:23.0049 0x1620 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\Windows\System32\ICSvc.dll
21:40:23.0065 0x1620 vmicshutdown - ok
21:40:23.0080 0x1620 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\Windows\System32\ICSvc.dll
21:40:23.0096 0x1620 vmictimesync - ok
21:40:23.0127 0x1620 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\Windows\System32\ICSvc.dll
21:40:23.0143 0x1620 vmicvss - ok
21:40:23.0174 0x1620 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:40:23.0174 0x1620 volmgr - ok
21:40:23.0205 0x1620 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:40:23.0221 0x1620 volmgrx - ok
21:40:23.0330 0x1620 [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:40:23.0361 0x1620 volsnap - ok
21:40:23.0377 0x1620 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\Windows\System32\drivers\vpci.sys
21:40:23.0392 0x1620 vpci - ok
21:40:23.0408 0x1620 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:40:23.0424 0x1620 vsmraid - ok
21:40:23.0533 0x1620 [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS C:\Windows\system32\vssvc.exe
21:40:23.0626 0x1620 VSS - ok
21:40:23.0689 0x1620 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
21:40:23.0689 0x1620 VSTXRAID - ok
21:40:23.0720 0x1620 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:40:23.0720 0x1620 vwifibus - ok
21:40:23.0751 0x1620 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:23.0751 0x1620 vwififlt - ok
21:40:23.0767 0x1620 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:40:23.0767 0x1620 vwifimp - ok
21:40:23.0829 0x1620 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\Windows\system32\w32time.dll
21:40:23.0845 0x1620 W32Time - ok
21:40:23.0876 0x1620 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\Windows\System32\drivers\wacompen.sys
21:40:23.0876 0x1620 WacomPen - ok
21:40:23.0907 0x1620 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:40:23.0923 0x1620 Wanarp - ok
21:40:23.0938 0x1620 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:40:23.0954 0x1620 Wanarpv6 - ok
21:40:24.0079 0x1620 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\Windows\system32\wbengine.exe
21:40:24.0188 0x1620 wbengine - ok
21:40:24.0219 0x1620 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:40:24.0235 0x1620 WbioSrvc - ok
21:40:24.0282 0x1620 [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
21:40:24.0313 0x1620 Wcmsvc - ok
21:40:24.0344 0x1620 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:40:24.0375 0x1620 wcncsvc - ok
21:40:24.0391 0x1620 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:24.0406 0x1620 WcsPlugInService - ok
21:40:24.0453 0x1620 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\Windows\system32\drivers\wd.sys
21:40:24.0453 0x1620 Wd - ok
21:40:24.0484 0x1620 [ 3772FF85F0098686B0DCD77076AE0786, 8B0221F6003C53856676FFD9CDCFF43DF29B410AB2F340C10BB858F0E6EC14CE ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
21:40:24.0500 0x1620 WdBoot - ok
21:40:24.0594 0x1620 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:40:24.0687 0x1620 Wdf01000 - ok
21:40:24.0718 0x1620  [ AB6F7DE8BFBF61A42F8764D9A621BD8B, DEFDC9FDC0B234403EE1339105B8D12B486D77B3BA01A703339B5DB8B95FA4D8 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
21:40:24.0734 0x1620 WdFilter - ok
21:40:24.0781 0x1620 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:40:24.0812 0x1620 WdiServiceHost - ok
21:40:24.0828 0x1620 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:40:24.0843 0x1620 WdiSystemHost - ok
21:40:24.0890 0x1620 [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient C:\Windows\System32\webclnt.dll
21:40:24.0921 0x1620 WebClient - ok
21:40:24.0968 0x1620 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:40:24.0999 0x1620 Wecsvc - ok
21:40:25.0030 0x1620 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:40:25.0030 0x1620 wercplsupport - ok
21:40:25.0062 0x1620 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\Windows\System32\WerSvc.dll
21:40:25.0077 0x1620 WerSvc - ok
21:40:25.0124 0x1620 [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
21:40:25.0124 0x1620 WFPLWFS - ok
21:40:25.0140 0x1620 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\Windows\System32\wiarpc.dll
21:40:25.0155 0x1620 WiaRpc - ok
21:40:25.0186 0x1620 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:40:25.0202 0x1620 WIMMount - ok
21:40:25.0249 0x1620 WinDefend - ok
21:40:25.0358 0x1620 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
21:40:25.0389 0x1620 WinHttpAutoProxySvc - ok
21:40:25.0498 0x1620 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:40:25.0514 0x1620 Winmgmt - ok
21:40:25.0764 0x1620 [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM C:\Windows\system32\WsmSvc.dll
21:40:25.0951 0x1620 WinRM - ok
21:40:26.0029 0x1620 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:40:26.0044 0x1620 WinUsb - ok
21:40:26.0122 0x1620 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\Windows\System32\wlansvc.dll
21:40:26.0216 0x1620 WlanSvc - ok
21:40:26.0388 0x1620 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\Windows\system32\wlidsvc.dll
21:40:26.0528 0x1620 wlidsvc - ok
21:40:26.0653 0x1620 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
21:40:26.0668 0x1620 WmiAcpi - ok
21:40:26.0731 0x1620 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:40:26.0762 0x1620 wmiApSrv - ok
21:40:26.0856 0x1620 WMPNetworkSvc - ok
21:40:26.0902 0x1620 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
21:40:26.0918 0x1620 wpcfltr - ok
21:40:26.0965 0x1620 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:40:26.0980 0x1620 WPCSvc - ok
21:40:27.0027 0x1620 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:40:27.0043 0x1620 WPDBusEnum - ok
21:40:27.0074 0x1620 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
21:40:27.0090 0x1620 WpdUpFltr - ok
21:40:27.0105 0x1620 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:40:27.0105 0x1620 ws2ifsl - ok
21:40:27.0152 0x1620 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\Windows\System32\wscsvc.dll
21:40:27.0168 0x1620 wscsvc - ok
21:40:27.0183 0x1620 WSearch - ok
21:40:27.0324 0x1620 [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService C:\Windows\System32\WSService.dll
21:40:27.0433 0x1620 WSService - ok
21:40:27.0760 0x1620 [ D460D4F3D6B1D46DD5E8249D8340B15D, 2A694793226B68764920A8AF8F9E66CD3C6B819B77C8073F991019709166408F ] wuauserv C:\Windows\system32\wuaueng.dll
21:40:27.0979 0x1620 wuauserv - ok
21:40:28.0072 0x1620 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:40:28.0088 0x1620 WudfPf - ok
21:40:28.0119 0x1620 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
21:40:28.0135 0x1620 WUDFRd - ok
21:40:28.0213 0x1620 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:40:28.0244 0x1620 wudfsvc - ok
21:40:28.0260 0x1620 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:28.0275 0x1620 WUDFWpdFs - ok
21:40:28.0291 0x1620 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:28.0291 0x1620 WUDFWpdMtp - ok
21:40:28.0478 0x1620 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:40:28.0540 0x1620 WwanSvc - ok
21:40:28.0603 0x1620 ================ Scan global ===============================
21:40:28.0696 0x1620 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
21:40:28.0774 0x1620 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
21:40:28.0806 0x1620 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
21:40:28.0915 0x1620 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
21:40:28.0930 0x1620 [ Global ] - ok
21:40:28.0930 0x1620 ================ Scan MBR ==================================
21:40:28.0993 0x1620 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:40:29.0040 0x1620 \Device\Harddisk0\DR0 - ok
21:40:29.0040 0x1620 ================ Scan VBR ==================================
21:40:29.0055 0x1620 [ 3CB0E81DC9D1462679E30528040D7AAE ] \Device\Harddisk0\DR0\Partition1
21:40:29.0071 0x1620 \Device\Harddisk0\DR0\Partition1 - ok
21:40:29.0086 0x1620 [ 3CCDC15DA335836C683979788B8891F3 ] \Device\Harddisk0\DR0\Partition2
21:40:29.0102 0x1620 \Device\Harddisk0\DR0\Partition2 - ok
21:40:29.0118 0x1620 [ E50B87112DE277BE5AD15F67320B8B3E ] \Device\Harddisk0\DR0\Partition3
21:40:29.0118 0x1620 \Device\Harddisk0\DR0\Partition3 - ok
21:40:29.0133 0x1620 [ 1AEA10505F78D66A89F4966DD13DF15F ] \Device\Harddisk0\DR0\Partition4
21:40:29.0149 0x1620 \Device\Harddisk0\DR0\Partition4 - ok
21:40:29.0227 0x1620 [ 4897C4A363AE9DC11617D4EE28806004 ] \Device\Harddisk0\DR0\Partition5
21:40:29.0289 0x1620 \Device\Harddisk0\DR0\Partition5 - ok
21:40:29.0305 0x1620 ================ Scan generic autorun ======================
21:40:30.0303 0x1620 [ 6DDA13FB28B620FEE52E0E616F4E7B70, 8C75E17E2C0C81BA3D1660ACB73591C181C3BD15237DF3A2E9734A7FF365C16A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:40:30.0958 0x1620 RTHDVCPL - ok
21:40:31.0099 0x1620 [ 3A6209AC494296C24C2065CB4392B5F4, 944556A8521D4E59EE35B364C9FB1A3846924D512E73C2CB32DD440022E6B1B5 ] C:\Windows\system32\rundll32.exe
21:40:31.0114 0x1620 Logitech Download Assistant - ok
21:40:31.0114 0x1620 mcui_exe - ok
21:40:31.0255 0x1620 [ B81D3D2FE2A8B1D9789234922883C3D0, 9F72067131907590EC9CB5F334B7B64ABCEE8F38C3AA47EA70E7E3E2826F074E ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
21:40:31.0520 0x1620 StartCCC - ok
21:40:31.0614 0x1620 [ 9119B48B62562E8094FCBCCC9D21F16B, 83728AF3942D7EDA832AF8C92D47B3A49161417556B108ED0289C7F0B89CA8DB ] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
21:40:31.0738 0x1620 PowerDVD13Agent - ok
21:40:31.0863 0x1620 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:40:31.0894 0x1620 Adobe ARM - ok
21:40:31.0910 0x1620 Waiting for KSN requests completion. In queue: 71
21:40:32.0924 0x1620 Waiting for KSN requests completion. In queue: 71
21:40:33.0938 0x1620 Waiting for KSN requests completion. In queue: 71
21:40:35.0077 0x1620 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
21:40:35.0092 0x1620 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51000 ( enabled : updated )
21:40:35.0092 0x1620 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51010 ( enabled )
21:40:37.0963 0x1620 ============================================================
21:40:37.0963 0x1620 Scan finished
21:40:37.0963 0x1620 ============================================================
21:40:37.0979 0x07a0 Detected object count: 0
21:40:37.0979 0x07a0 Actual detected object count: 0
21:40:56.0839 0x126c Deinitialize success

cheers


----------



## wannabeageek (Nov 12, 2009)

Please run the step 3 from this post: http://forums.techguy.org/8963179-post64.html


----------



## ufah (May 27, 2014)

Hi wbg,


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
Processor Count: 4
RAM: 3525 Mb
Graphics Card: AMD Radeon HD 8330, 512 Mb
Hard Drives: C: Total - 461733 MB, Free - 187168 MB;
Motherboard: Acer, Aspire E1-522
Antivirus: Windows Defender, Disabled


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

Looking over your past logs from the beginning, It looks like you have been removing and adding programs other than what I have asked you to.
Also, your notebook is what is referred to as a "low end" notebook: 
The AMD A4-5000 is a mobile quad-core SoC for low-end laptops,
Besides the Aspire E1-522-45004G50Mnkk with AMD's A4-5000 CPU (4x 1.5 GHz; TDP 15 W)....
From looking at some of the programs you have used, you will most likely encounter issues as you push the limits of the CPU processing power.

Lets look at a few more things.

*Step 1.*
*ZOAK - Scanner*
First please *Disable* any* Antivirus * you have active, as shown in *This topic*.
*Note: Don't forget to re-enable it after the scan.*

Next please download * zoek.exe* and save it to your *desktop*.

Close any open browsers.
Right click on *zoek.exe* and select * " Run as administrator " *to run it. 
Please wait while the tool starts. *It will appear to be doing nothing and may take a few seconds to come up.*
Click the *More Options* button below the large panel and check the box:
Make sure the "Scan All Users" button is also selected.
*Auto Clean*

Click on *Run script* button
Please wait patiently (*it may take a few minutes*) until a log report will open (this may be after reboot, if required)
Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

*Note:* It will also create a log in the C:\ directory named "zoek-results.log"

*Step 2.*
*MiniToolBox*
Please download *MiniToolBox.exe* and save it to your *Desktop*.

Right click on *MiniToolBox* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Check the following in the list:
List contents of Hosts.
List Installed Programs.
List Restore Points.

Click *Go*.
A file name *Result.txt* will be created in the same location where you downloaded MiniToolBox.exe
Please post the contents of the* Result.txt *in your next Reply.

*What I need back from you:*
*Post each separately.*

Contents of zoek-results.log
Contents of Result.txt
*Any problem executing the instructions?*
Thanks, 
wbg


----------



## ufah (May 27, 2014)

Hi WBG,

Zoek logs',

cheers

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by felicia on Tue 16/09/2014 at 16:04:59.55.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\felicia\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

16/09/2014 4:06:38 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2431524154-3748180158-148446504-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\dfebbkxa.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_20141609_0425_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\windows\Installer\46784.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [02/09/2014 01:54 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\felicia\AppData\Roaming\Mozilla\Firefox\Profiles\dfebbkxa.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx[31/07/2014 06:47 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer13.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6373B1FB-6035-4DB4-82AB-4DB5FCAF4148}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer13.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2431524154-3748180158-148446504-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6373B1FB-6035-4DB4-82AB-4DB5FCAF4148} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\felicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\felicia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=2 3657455 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\felicia\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\felicia\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 16/09/2014 at 16:34:04.52 ======================


----------



## ufah (May 27, 2014)

the minitoolBox log:


MiniToolBox by Farbar Version: 21-07-2014
Ran by felicia (administrator) on 16-09-2014 at 16:43:31
Running from "C:\Users\felicia\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================





clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
=========================== Installed Programs ============================
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
HP Deskjet 2540 series Basic Device Software (HKLM\...\{BD1EFE20-246B-451F-B900-F1214324DF5F}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.1 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
========================= Restore Points ==================================

29-08-2014 01:55:07 Scheduled Checkpoint
05-09-2014 14:42:28 Scheduled Checkpoint
10-09-2014 08:23:34 Windows Update
16-09-2014 03:06:12 zoek.exe restore point

**** End of log ****


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

*MiniToolBox*
MiniToolBox.exe should still be on your *Desktop*.

Double click *MiniToolBox* to run it.
Check the following in the list:
Report IE proxy settings.
Report FireFox proxy settings.
List contents of Hosts.
List IP Configuration.
List Winsock Entries.
List last 10 Event Viewer Errors.
List Users, partitions, and memory size.
List Minidump Files.

Click *Go*.
A file name *Result.txt* will be created in the same location where you downloaded MiniToolBox.exe
Please post the contents of the* Result.txt *in your next Reply.


----------



## ufah (May 27, 2014)

Hi Wbg,

MiniToolBox by Farbar Version: 21-07-2014
Ran by felicia (administrator) on 19-09-2014 at 03:11:50
Running from "C:\Users\felicia\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

========================= IP Configuration: ================================

Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Disconnected)
Qualcomm Atheros AR956x Wireless Network Adapter = Wi-Fi (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : allun
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 16-FD-52-96-56-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
Physical Address. . . . . . . . . : 24-FD-52-96-56-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c598:6706:1ee5:846%15(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, 18 September 2014 9:49:51 PM
Lease Expires . . . . . . . . . . : Friday, 19 September 2014 9:49:51 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 388300114
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-3B-C7-0F-30-65-EC-00-9A-84
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
 IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:82:115a:3f57:fefb(Preferred) 
Link-local IPv6 Address . . . . . : fe80::82:115a:3f57:fefb%19(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{B12B19E4-AC50-4337-957B-1EC86FA3FA54}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4006:806::1009
74.125.237.194
74.125.237.199
74.125.237.201
74.125.237.197
74.125.237.192
74.125.237.196
74.125.237.193
74.125.237.200
74.125.237.195
74.125.237.198
74.125.237.206

Pinging google.com [74.125.237.193] with 32 bytes of data:
Reply from 74.125.237.193: bytes=32 time=19ms TTL=54
Reply from 74.125.237.193: bytes=32 time=12ms TTL=54

Ping statistics for 74.125.237.193:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 19ms, Average = 15ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=203ms TTL=42
Reply from 98.138.253.109: bytes=32 time=205ms TTL=42

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 203ms, Maximum = 205ms, Average = 204ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...16 fd 52 96 56 57 ......Microsoft Wi-Fi Direct Virtual Adapter
15...24 fd 52 96 56 57 ......Qualcomm Atheros AR956x Wireless Network Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 306 ::/0 On-link
1 306 ::1/128 On-link
19 306 2001::/32 On-link
19 306 2001:0:5ef5:79fb:82:115a:3f57:fefb/128
On-link
15 281 fe80::/64 On-link
19 306 fe80::/64 On-link
19 306 fe80::82:115a:3f57:fefb/128
On-link
15 281 fe80::c598:6706:1ee5:846/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/18/2014 11:36:42 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (09/18/2014 09:36:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2014 09:31:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2014 04:47:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2014 04:42:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2014 04:29:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2014 03:54:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2014 03:39:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/17/2014 08:52:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/17/2014 08:42:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

System errors:
=============
Error: (09/18/2014 09:49:49 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.3 with the system
having network hardware address A4-DB-30-19-E2-63. Network operations on this system may
be disrupted as a result.

Error: (09/16/2014 04:33:49 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
%%2

Error: (09/16/2014 04:25:55 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/16/2014 04:25:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/16/2014 04:25:53 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/16/2014 04:25:53 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/16/2014 04:25:52 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/13/2014 10:52:43 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
%%2

Error: (09/10/2014 01:32:50 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
%%2

Error: (09/07/2014 00:52:25 AM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (09/18/2014 11:36:42 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (09/18/2014 09:36:13 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2014 09:31:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2014 04:47:58 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2014 04:42:47 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2014 04:29:15 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2014 03:54:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2014 03:39:12 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/17/2014 08:52:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/17/2014 08:42:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

CodeIntegrity Errors:
===================================
Date: 2014-08-13 15:45:56.865
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:56.677
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:56.287
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:56.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:55.726
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:55.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:55.164
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:54.977
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:54.587
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2014-08-13 15:45:54.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3525 MB
Available physical RAM: 1812.38 MB
Total Pagefile: 4165 MB
Available Pagefile: 2227.44 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.56 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:450.91 GB) (Free:182.74 GB) NTFS
2 Drive d: (EMMA) (CDROM) (Total:4.31 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\ALLUN

Administrator felicia Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

cheers


----------



## wannabeageek (Nov 12, 2009)

Hi ufah,

There does not appear to be any malware and the logs look clean. Also, the logs I had you post for your network card and software look normal. Without knowing what the ESET report said, I cannot clear you of malware.

Unfortunately if you are still having issues, you may want to reset your operating system to factory new.

*Time for some housekeeping*

Please download *Delfix* and save it to your *desktop.*

Right-click on *delfix.exe* and select "*Run as administrator*" to run it.
Check the following boxes then click on *Run*.

*Remove disinfection tools*

All tools we used to clean your computer should be gone now.
You can now delete any tools/logs we used if they remain on your computer.


----------



## ufah (May 27, 2014)

Hi wbg,

Before I do house keeping should I accept the fix that the ESET scan proposed, even if I could not find a log by the end of the scan, it said it found some malware but I had ticked the box not to fixed as instructed? so what ever it found is still there.

cheers


----------



## wannabeageek (Nov 12, 2009)

ufah,

I cannot help you with results you cannot produce. I cannot help you fix what is broken when you are unable to produce logs showing what is broken.

Run the tool and post the log.


----------



## ufah (May 27, 2014)

hi wbg,

Fair enough, I'll try running the tool.. .


----------



## ufah (May 27, 2014)

Hi wbg,
Sorry for the delay ...got really busy.
Will try to do the scan (which usually takes around an hour) this week, to conclude this.

cheers


----------



## ufah (May 27, 2014)

sorry haven't had the chance to do the scan and finding it hard to connect again so have been using other pcs....


----------

