Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

mail.com malware [Solved]

univited default

  • This topic is locked This topic is locked

#1
GregMiller

GregMiller

    Member

  • Member
  • PipPipPip
  • 210 posts

This websearch link attached itself to my home page. I use Mazilla Firefox and have Google as my home page. When I click on the additional tab, mail.com opens up. In the url is this link:

 

 

http://search.mail.c...c=tb_lasttab_ff

 

I can't find how to delte this- it's not in startup, there's no program I can see in my uninstall list.

 

Searching on the net on how to remove just truns up ways to cancell your free accouint.

 

But I never set up an account so I can't cancel.

 

I can't contact them because their customer service form requires the mail.com account -- which I don;t have or want.

 

I'm running the latest Firefox and Windows 7.

 


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello GregMiller, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

  • 0

#3
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Yes, you can call me Greg. I wanted to ask you the nature of this thing. Is this just a hard-to-remove malware?

 

In orther words, how would you categorize it?


  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Greg, 
 
Without seeing any sort of diagnostic log I cannot tell you the exact nature of the issue(s) you're experiencing. 
 
From what you've described, it doesn't sound particularly serious or concerning. A PUM (Potentially Unwanted Modification) associated with your browser may be the only cause, but without seeing a diagnostic log I cannot say for certain.


  • 0

#5
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Greg (administrator) on GREG-PC on 20-01-2015 09:44:03
Running from C:\Users\Greg\Favorites\Desktop
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\MountPoints2: {f0aaaf4d-4413-11e3-acf9-88ae1df6f7ee} - D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://start.google....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.google....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {018BDDFB-579A-460B-8136-D9F6295FD622} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {18790A84-9C6D-45D9-A1D3-70AAC3407F6A} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {18790A84-9C6D-45D9-A1D3-70AAC3407F6A} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {018BDDFB-579A-460B-8136-D9F6295FD622} URL =
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.google.co...1I7TSND_enUS414
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {55D8F856-50AD-41A6-AC3F-96EB8F877A9F} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {F45EF7A8-05F9-420D-AF4A-EDC86654572E} URL = http://astromenda.co...r=710996435&ir=
BHO: No Name -> {4F524A2D-5350-4500-76A7-7A786E7484D7} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name -> {4F524A2D-5350-4500-76A7-7A786E7484D7} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://eg.remoteacc...SetupClient.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: mail.com MailCheck - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\[email protected] [2014-12-23]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-02]
FF HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-23]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/", "www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
CHR HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-01-20] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [612352 2010-04-08] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 09:43 - 2015-01-20 09:44 - 00000000 ____D () C:\FRST
2015-01-19 14:02 - 2015-01-19 14:02 - 00000000 ____D () C:\1-Video stills from VHS conversions
2015-01-19 13:26 - 2015-01-19 13:26 - 00000000 ____D () C:\Users\Greg\AppData\Local\{80639CF9-D713-4A9F-9629-CB6AD614E769}
2015-01-16 15:02 - 2015-01-16 15:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:10 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 23:34 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 23:34 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 23:34 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 23:34 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 23:34 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 23:33 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 23:33 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 23:33 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 23:33 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 23:33 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 23:33 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 23:33 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-03 00:46 - 2015-01-17 10:11 - 00856576 _____ () C:\Users\Greg\Documents\daily_ benefits_training_2015.xls
2015-01-02 19:29 - 2015-01-02 19:29 - 00009308 _____ () C:\Users\Greg\Documents\Cholesterol-Blood work.xlsx
2014-12-23 22:11 - 2014-12-23 22:11 - 00001507 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-12-23 22:11 - 2014-12-23 22:11 - 00001214 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-12-23 22:11 - 2014-12-23 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-23 22:10 - 2014-12-23 22:11 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-12-23 22:10 - 2014-12-23 22:10 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\RHEng
2014-12-23 22:10 - 2014-12-23 22:10 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-12-23 22:09 - 2014-12-23 22:11 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\DVDVideoSoft
2014-12-23 21:26 - 2014-12-23 21:26 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 09:37 - 2010-08-09 23:28 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 09:29 - 2011-01-12 20:06 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\SoftGrid Client
2015-01-20 09:27 - 2014-03-15 10:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 09:06 - 2010-10-27 14:56 - 02093079 _____ () C:\windows\WindowsUpdate.log
2015-01-20 09:06 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 09:06 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 08:58 - 2014-03-21 14:37 - 00004184 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-01-20 08:57 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2015-01-20 08:56 - 2010-08-09 23:28 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 08:55 - 2012-10-29 13:27 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-01-20 08:55 - 2011-09-18 15:29 - 00000408 _____ () C:\windows\Tasks\PC Optimizer Pro64 startups.job
2015-01-20 08:55 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-20 08:55 - 2009-07-13 23:51 - 00179558 _____ () C:\windows\setupact.log
2015-01-19 14:58 - 2011-04-16 11:56 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8E236068-3AF5-4A97-8CCA-5767EA1CC28F}
2015-01-19 14:28 - 2009-07-14 00:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-19 13:26 - 2011-01-28 17:25 - 00000000 ____D () C:\Users\Greg\AppData\Local\Windows Live
2015-01-16 21:06 - 2013-11-02 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:27 - 2014-03-15 10:46 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 12:27 - 2014-03-15 10:46 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 12:27 - 2014-03-15 10:46 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 12:18 - 2013-08-17 14:26 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 12:03 - 2011-01-28 22:14 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 12:10 - 2013-11-17 12:36 - 00000000 ____D () C:\Hockey video
2015-01-09 22:39 - 2011-01-12 22:24 - 00089312 _____ () C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 13:27 - 2011-09-27 15:57 - 00000000 ____D () C:\Users\Greg\Documents\Fastnacht League - Master  file
2015-01-09 12:58 - 2011-03-26 09:44 - 94106112 _____ () C:\Users\Greg\Documents\Miller_restore_4_2.FBK
2015-01-09 12:58 - 2011-03-26 09:18 - 94106112 _____ () C:\Users\Greg\Documents\Miller_restore_4_2.FTW
2015-01-09 12:58 - 2011-01-12 22:21 - 00000000 ____D () C:\Users\Greg\AppData\Local\VirtualStore
2015-01-09 12:04 - 2009-07-14 00:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-09 07:26 - 2014-06-28 07:47 - 00070144 _____ () C:\Users\Greg\Documents\401K.xls
2015-01-06 04:36 - 2011-01-12 20:07 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-02 19:30 - 2014-05-23 11:47 - 00256512 _____ () C:\Users\Greg\Documents\auto maintenance costs- 2014.xls
2015-01-02 18:08 - 2014-10-26 20:22 - 00000000 ____D () C:\Users\Greg\Documents\BC Hockey
2015-01-02 12:35 - 2011-09-19 12:54 - 00000000 ____D () C:\Users\Greg\Documents\Yankees
2014-12-28 08:15 - 2010-08-09 23:33 - 00663344 _____ () C:\windows\PFRO.log

==================== Files in the root of some directories =======
2013-03-01 23:06 - 2013-03-01 23:06 - 0836132 _____ () C:\Program Files (x86)\Memorex Users Guide.pdf
2012-07-25 15:23 - 2012-07-25 15:23 - 0000697 _____ () C:\Users\Greg\AppData\Roaming\ConvAPIPlugin.log
2012-01-16 09:10 - 2014-09-01 05:47 - 0002576 _____ () C:\Users\Greg\AppData\Roaming\mainhst.zgh
2013-08-25 21:57 - 2013-08-25 21:57 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\pdfperformer
2013-07-27 10:50 - 2013-09-10 20:53 - 0000094 _____ () C:\Users\Greg\AppData\Roaming\WB.CFG
2013-06-24 17:50 - 2013-06-24 17:50 - 0000005 _____ () C:\Users\Greg\AppData\Roaming\WBPU-TTL.DAT
2011-03-04 23:01 - 2014-03-16 20:58 - 0006144 _____ () C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-19 07:25 - 2011-05-19 07:25 - 0000000 _____ () C:\Users\Greg\AppData\Local\{2C9E5785-B563-401C-811E-7DF9823306A2}
2014-03-14 15:27 - 2014-03-14 15:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-07-24 19:49 - 2013-11-24 11:37 - 0010159 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Greg\address.dat
C:\Users\Greg\wlsetup-web.exe
C:\Users\Greg\xobglu16.dll
C:\Users\Greg\xobglu32.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 12:56

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Greg at 2015-01-20 09:45:35
Running from C:\Users\Greg\Favorites\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.64 - ArcSoft)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audacity Recovery Utility (HKLM-x32\...\AURC_is1) (Version:  - Markus Meyer)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
Driver Install 64-Bit (x32 Version: 6.0.107.0 - China) Hidden
Dyyno Broadcaster (HKLM-x32\...\Dyyno Broadcaster) (Version:  - Dyyno, Inc.)
EzGrabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - )
Family Tree Maker 9.0 (HKLM-x32\...\Family Tree Maker) (Version:  - )
FastFixPRO (x32 Version: 2.4.7 - FixSoftUSA) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FoxTab FLV Player (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\FoxTab FLV Player) (Version:  - ) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GIMP (HKLM-x32\...\{46BBA993-5554-42E7-8042-E760D92A580A}) (Version: 2.6.11 - Spencer Kimball)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B03 - )
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.42.3 - JMicron Technology Corp.)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Juniper_Setup_Client) (Version: 7.1.3.11013 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Juniper_Term_Services) (Version: 7.1.0.18671 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Snipping Tool 3.0 (HKLM\...\PDF Snipping Tool_is1) (Version: 3.0 - Authorsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicPick (HKLM-x32\...\PicPick) (Version: 3.0.4 - Wiziple software)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuotePad 2.2 (HKLM-x32\...\QuotePad_is1) (Version: 2.2 - QuotePad.info)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1200}) (Version: 12.18.0.82 - APN, LLC) <==== ATTENTION
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Spotify (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Spotify) (Version: 0.8.1.64.g5c5914e3 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.5.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.24 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
YTD YouTube Downloader & Converter 3.7 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)
ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-12-2014 21:30:26 Windows Update
27-12-2014 09:59:13 Windows Update
30-12-2014 19:36:38 Windows Update
09-01-2015 07:18:17 Windows Update
14-01-2015 23:33:23 Windows Update
16-01-2015 12:00:29 Windows Update
17-01-2015 00:46:05 Windows Update
20-01-2015 09:04:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-08-24 16:14 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {021F0272-9BA7-44AD-A03B-3DE28C5F458A} - System32\Tasks\FastFix_Popup => C:\Program Files (x86)\FastFixPRO\Splash.exe
Task: {03DE061C-97D1-4B9E-811B-C723EBBA2CDD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {0615B0B5-5928-4A43-993B-E2B5340891FB} - System32\Tasks\UpdaterEX => C:\Users\Greg\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {0C7FEB72-3B59-47AD-8F0B-A044EFDF191A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1E50C9B8-F429-45DF-8F01-FF28471CDE25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2E9632A1-FB60-424A-B127-3A9E0CE3AD69} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {447D0E1A-2F9B-443C-984D-2F5256737C71} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {50A9CFDB-E00A-46AB-AC03-F7E246A941BA} - System32\Tasks\{39A71475-FB64-4AAC-8714-F36A2290E52C} => pcalua.exe -a "E:\Diamond Multimedia\Driver\setup.exe" -d "E:\Diamond Multimedia\Driver"
Task: {6D63228D-B419-420A-AE8E-8E786DE0EB03} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {830C1BC9-8032-4F46-98A2-60034217377E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {90D638E1-B414-4EE3-B1E1-78A56CF4D18B} - System32\Tasks\{EC75D4F0-2035-469E-8B71-E2C00CEFAA88} => pcalua.exe -a C:\Users\Greg\Favorites\Desktop\Cleanup.exe -d C:\Users\Greg\Favorites\Desktop
Task: {A8520527-4F07-4B29-B415-B70A5A26C10B} - System32\Tasks\{5124F67A-F0A4-49AE-AC86-45D37D9E3383} => pcalua.exe -a "C:\PALMIII (D)\Instapp.exe" -d "C:\PALMIII (D)"
Task: {B708452C-7E32-4E18-8F71-1074817616D5} - System32\Tasks\FastFix_Start => C:\Program Files (x86)\FastFixPRO\FastFix.exe
Task: {C1B904B7-37AC-4C29-89EA-34654B3C9FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CB1EE60A-9D11-4733-A056-332774BD937B} - \DSite No Task File <==== ATTENTION
Task: {ECCFC06C-D175-4BC9-983C-FA8FA10B38CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {EDC60AD9-82B9-4D38-9C08-3E8E58DC704A} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
Task: {F51857AD-23D0-4CF2-BE09-3339030CDD53} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\Greg\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-08-25 21:48 - 2011-10-04 21:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll
2011-01-20 16:06 - 2011-01-20 16:06 - 00415072 _____ () C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-02-28 05:33 - 2010-02-28 05:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-01-19 18:59 - 2015-01-19 18:59 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15011901\algo.dll
2015-01-20 08:57 - 2015-01-20 08:57 - 02911744 _____ () C:\Program Files\Alwil Software\Avast5\defs\15012000\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-16 15:02 - 2015-01-16 15:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-26 07:43 - 2014-11-26 07:43 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QuotePad.lnk => C:\windows\pss\QuotePad.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BrowserSafeguard => C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
MSCONFIG\startupreg: ConduitFloatingPlugin_knllpfimimccdfnihbikigiagifmllol => "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3279415\plugins\TBVerifier.dll",RunConduitFloatingPlugin knllpfimimccdfnihbikigiagifmllol
MSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Greg\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-2497666269-2284711120-3944443307-500 - Administrator - Disabled)
Greg (S-1-5-21-2497666269-2284711120-3944443307-1000 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-2497666269-2284711120-3944443307-501 - Limited - Enabled) => C:\Users\TEMP.Greg-PC

==================== Faulty Device Manager Devices =============

Name: Officejet 6600
Description: Officejet 6600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 4300
Description: hp LaserJet 4300
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 09:04:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0491535d-2ee7-4950-8bbc-7e75a8a7897e}

Error: (01/19/2015 01:10:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EZ Grabber.exe, version: 2.0.0.0, time stamp: 0x4e571794
Faulting module name: PlayMovie.dll, version: 0.0.0.0, time stamp: 0x4cd4f157
Exception code: 0xc0000005
Fault offset: 0x000019e0
Faulting process id: 0x1450
Faulting application start time: 0xEZ Grabber.exe0
Faulting application path: EZ Grabber.exe1
Faulting module path: EZ Grabber.exe2
Report Id: EZ Grabber.exe3

Error: (01/18/2015 07:33:13 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (01/17/2015 00:46:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {145e159f-7d9c-41e1-b482-917eb36c2f61}

Error: (01/16/2015 00:00:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {89d7f6be-9005-4eed-a94a-a1a78bc66bbd}

Error: (01/16/2015 11:57:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.18150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f0c

Start Time: 01d031ad52ade006

Termination Time: 20

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: b34b5194-9da0-11e4-82c0-88ae1df6f7ee

Error: (01/14/2015 11:38:01 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (01/14/2015 11:33:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e3ae0331-bf00-49bb-a446-f7ee2cde617c}

Error: (01/11/2015 09:11:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fb0

Start Time: 01d02e0b97149605

Termination Time: 0

Application Path: C:\windows\Explorer.EXE

Report Id:

Error: (01/11/2015 01:20:49 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service


System errors:
=============
Error: (01/20/2015 08:59:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1058

Error: (01/20/2015 08:57:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/19/2015 11:02:30 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1058

Error: (01/19/2015 10:59:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/19/2015 08:39:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1058

Error: (01/19/2015 08:37:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/18/2015 07:21:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1058

Error: (01/18/2015 07:18:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/18/2015 07:18:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WD Backup service failed to start due to the following error:
%%1053

Error: (01/18/2015 07:18:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect.


Microsoft Office Sessions:
=========================
Error: (01/20/2015 09:04:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0491535d-2ee7-4950-8bbc-7e75a8a7897e}

Error: (01/19/2015 01:10:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EZ Grabber.exe2.0.0.04e571794PlayMovie.dll0.0.0.04cd4f157c0000005000019e0145001d0340f3975ddb6C:\Program Files (x86)\EzGrabber\EZ Grabber.exeC:\Program Files (x86)\EzGrabber\PlayMovie.dll7bfb9733-a006-11e4-9609-88ae1df6f7ee

Error: (01/18/2015 07:33:13 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (01/17/2015 00:46:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {145e159f-7d9c-41e1-b482-917eb36c2f61}

Error: (01/16/2015 00:00:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {89d7f6be-9005-4eed-a94a-a1a78bc66bbd}

Error: (01/16/2015 11:57:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.18150f0c01d031ad52ade00620C:\Program Files (x86)\Windows Media Player\wmplayer.exeb34b5194-9da0-11e4-82c0-88ae1df6f7ee

Error: (01/14/2015 11:38:01 PM) (Source: TestWorker) (EventID: 1) (User: )
Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher

Error: (01/14/2015 11:33:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2497666269-2284711120-3944443307-501.bak)0x80070539, The security ID structure is invalid.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e3ae0331-bf00-49bb-a446-f7ee2cde617c}

Error: (01/11/2015 09:11:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567fb001d02e0b971496050C:\windows\Explorer.EXE

Error: (01/11/2015 01:20:49 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service


==================== Memory info ===========================

Processor: Intel® Pentium® CPU U5400 @ 1.20GHz
Percentage of memory in use: 53%
Total physical RAM: 3890.67 MB
Available physical RAM: 1814.16 MB
Total Pagefile: 7779.53 MB
Available Pagefile: 5512.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI105974W0B) (Fixed) (Total:287.4 GB) (Free:55.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: A06DF6C6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.2 GB) - (Type=17)

==================== End Of Log ============================

 

09:49:32.0085 0x1360  TDSS rootkit removing tool 3.0.0.43 Jan 19 2015 18:43:19
09:49:36.0902 0x1360  ============================================================
09:49:36.0902 0x1360  Current date / time: 2015/01/20 09:49:36.0902
09:49:36.0902 0x1360  SystemInfo:
09:49:36.0902 0x1360  
09:49:36.0902 0x1360  OS Version: 6.1.7601 ServicePack: 1.0
09:49:36.0902 0x1360  Product type: Workstation
09:49:36.0902 0x1360  ComputerName: GREG-PC
09:49:36.0903 0x1360  UserName: Greg
09:49:36.0903 0x1360  Windows directory: C:\windows
09:49:36.0903 0x1360  System windows directory: C:\windows
09:49:36.0903 0x1360  Running under WOW64
09:49:36.0903 0x1360  Processor architecture: Intel x64
09:49:36.0903 0x1360  Number of processors: 2
09:49:36.0903 0x1360  Page size: 0x1000
09:49:36.0903 0x1360  Boot type: Normal boot
09:49:36.0903 0x1360  ============================================================
09:49:37.0272 0x1360  KLMD registered as C:\windows\system32\drivers\15877053.sys
09:49:38.0722 0x1360  System UUID: {9D382B56-07C3-3DA1-5DEB-021B9E34E469}
09:49:39.0823 0x1360  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:49:39.0828 0x1360  ============================================================
09:49:39.0828 0x1360  \Device\Harddisk0\DR0:
09:49:39.0828 0x1360  MBR partitions:
09:49:39.0828 0x1360  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23ECC800
09:49:39.0828 0x1360  ============================================================
09:49:39.0868 0x1360  C: <-> \Device\Harddisk0\DR0\Partition1
09:49:39.0869 0x1360  ============================================================
09:49:39.0869 0x1360  Initialize success
09:49:39.0869 0x1360  ============================================================
09:50:15.0427 0x0784  ============================================================
09:50:15.0427 0x0784  Scan started
09:50:15.0427 0x0784  Mode: Manual; SigCheck; TDLFS;
09:50:15.0427 0x0784  ============================================================
09:50:15.0427 0x0784  KSN ping started
09:50:18.0174 0x0784  KSN ping finished: true
09:50:19.0296 0x0784  ================ Scan system memory ========================
09:50:19.0296 0x0784  System memory - ok
09:50:19.0297 0x0784  ================ Scan services =============================
09:50:19.0564 0x0784  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:50:19.0774 0x0784  1394ohci - ok
09:50:19.0995 0x0784  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:50:20.0065 0x0784  ACDaemon - ok
09:50:20.0157 0x0784  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:50:20.0244 0x0784  ACPI - ok
09:50:20.0304 0x0784  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:50:20.0370 0x0784  AcpiPmi - ok
09:50:20.0456 0x0784  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:50:20.0517 0x0784  AdobeARMservice - ok
09:50:20.0715 0x0784  [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:50:20.0781 0x0784  AdobeFlashPlayerUpdateSvc - ok
09:50:20.0852 0x0784  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
09:50:20.0940 0x0784  adp94xx - ok
09:50:20.0986 0x0784  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
09:50:21.0048 0x0784  adpahci - ok
09:50:21.0093 0x0784  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
09:50:21.0143 0x0784  adpu320 - ok
09:50:21.0169 0x0784  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:50:21.0273 0x0784  AeLookupSvc - ok
09:50:21.0374 0x0784  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
09:50:21.0460 0x0784  AFD - ok
09:50:21.0519 0x0784  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
09:50:21.0603 0x0784  agp440 - ok
09:50:21.0643 0x0784  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
09:50:21.0709 0x0784  ALG - ok
09:50:21.0762 0x0784  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
09:50:21.0815 0x0784  aliide - ok
09:50:21.0830 0x0784  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
09:50:21.0868 0x0784  amdide - ok
09:50:21.0906 0x0784  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
09:50:21.0956 0x0784  AmdK8 - ok
09:50:21.0976 0x0784  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
09:50:22.0025 0x0784  AmdPPM - ok
09:50:22.0097 0x0784  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:50:22.0178 0x0784  amdsata - ok
09:50:22.0204 0x0784  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
09:50:22.0259 0x0784  amdsbs - ok
09:50:22.0281 0x0784  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:50:22.0331 0x0784  amdxata - ok
09:50:22.0393 0x0784  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
09:50:22.0516 0x0784  AppID - ok
09:50:22.0553 0x0784  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:50:22.0653 0x0784  AppIDSvc - ok
09:50:22.0711 0x0784  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
09:50:22.0787 0x0784  Appinfo - ok
09:50:22.0867 0x0784  [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:50:22.0939 0x0784  Apple Mobile Device - ok
09:50:22.0991 0x0784  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
09:50:23.0039 0x0784  arc - ok
09:50:23.0049 0x0784  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
09:50:23.0096 0x0784  arcsas - ok
09:50:23.0220 0x0784  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:50:23.0280 0x0784  aspnet_state - ok
09:50:23.0390 0x0784  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\windows\system32\drivers\aswHwid.sys
09:50:23.0462 0x0784  aswHwid - ok
09:50:23.0489 0x0784  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
09:50:23.0534 0x0784  aswMonFlt - ok
09:50:23.0585 0x0784  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
09:50:23.0628 0x0784  aswRdr - ok
09:50:23.0686 0x0784  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
09:50:23.0737 0x0784  aswRvrt - ok
09:50:23.0926 0x0784  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
09:50:24.0059 0x0784  aswSnx - ok
09:50:24.0166 0x0784  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\windows\system32\drivers\aswSP.sys
09:50:24.0252 0x0784  aswSP - ok
09:50:24.0300 0x0784  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\windows\system32\drivers\aswStm.sys
09:50:24.0344 0x0784  aswStm - ok
09:50:24.0456 0x0784  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
09:50:24.0539 0x0784  aswVmm - ok
09:50:24.0562 0x0784  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:50:24.0672 0x0784  AsyncMac - ok
09:50:24.0708 0x0784  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
09:50:24.0749 0x0784  atapi - ok
09:50:24.0846 0x0784  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:50:24.0962 0x0784  AudioEndpointBuilder - ok
09:50:24.0997 0x0784  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:50:25.0098 0x0784  AudioSrv - ok
09:50:25.0194 0x0784  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
09:50:25.0256 0x0784  avast! Antivirus - ok
09:50:25.0329 0x0784  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:50:25.0389 0x0784  AxInstSV - ok
09:50:25.0479 0x0784  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
09:50:25.0573 0x0784  b06bdrv - ok
09:50:25.0616 0x0784  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:50:25.0684 0x0784  b57nd60a - ok
09:50:25.0731 0x0784  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
09:50:25.0791 0x0784  BDESVC - ok
09:50:25.0806 0x0784  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
09:50:25.0937 0x0784  Beep - ok
09:50:26.0067 0x0784  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
09:50:26.0178 0x0784  BFE - ok
09:50:26.0370 0x0784  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
09:50:26.0538 0x0784  BITS - ok
09:50:26.0581 0x0784  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:50:26.0628 0x0784  blbdrive - ok
09:50:26.0696 0x0784  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:50:26.0774 0x0784  bowser - ok
09:50:26.0805 0x0784  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
09:50:26.0862 0x0784  BrFiltLo - ok
09:50:26.0883 0x0784  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
09:50:26.0934 0x0784  BrFiltUp - ok
09:50:27.0004 0x0784  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
09:50:27.0081 0x0784  Browser - ok
09:50:27.0113 0x0784  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:50:27.0194 0x0784  Brserid - ok
09:50:27.0205 0x0784  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:50:27.0256 0x0784  BrSerWdm - ok
09:50:27.0283 0x0784  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:50:27.0334 0x0784  BrUsbMdm - ok
09:50:27.0359 0x0784  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:50:27.0405 0x0784  BrUsbSer - ok
09:50:27.0445 0x0784  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
09:50:27.0502 0x0784  BTHMODEM - ok
09:50:27.0565 0x0784  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
09:50:27.0712 0x0784  bthserv - ok
09:50:27.0734 0x0784  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:50:27.0839 0x0784  cdfs - ok
09:50:27.0912 0x0784  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
09:50:27.0987 0x0784  cdrom - ok
09:50:28.0047 0x0784  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
09:50:28.0164 0x0784  CertPropSvc - ok
09:50:28.0195 0x0784  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
09:50:28.0245 0x0784  circlass - ok
09:50:28.0278 0x0784  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
09:50:28.0345 0x0784  CLFS - ok
09:50:28.0439 0x0784  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:50:28.0497 0x0784  clr_optimization_v2.0.50727_32 - ok
09:50:28.0550 0x0784  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:50:28.0604 0x0784  clr_optimization_v2.0.50727_64 - ok
09:50:28.0713 0x0784  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:50:28.0775 0x0784  clr_optimization_v4.0.30319_32 - ok
09:50:28.0795 0x0784  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:50:28.0845 0x0784  clr_optimization_v4.0.30319_64 - ok
09:50:28.0872 0x0784  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:50:28.0917 0x0784  CmBatt - ok
09:50:28.0949 0x0784  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:50:28.0987 0x0784  cmdide - ok
09:50:29.0069 0x0784  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
09:50:29.0164 0x0784  CNG - ok
09:50:29.0216 0x0784  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
09:50:29.0282 0x0784  Compbatt - ok
09:50:29.0330 0x0784  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
09:50:29.0400 0x0784  CompositeBus - ok
09:50:29.0414 0x0784  COMSysApp - ok
09:50:29.0431 0x0784  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
09:50:29.0469 0x0784  crcdisk - ok
09:50:29.0529 0x0784  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:50:29.0589 0x0784  CryptSvc - ok
09:50:29.0777 0x0784  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:50:29.0926 0x0784  cvhsvc - ok
09:50:30.0025 0x0784  [ E0DA1A61814C330FDBE89DD15AF57FAE, B0C83E430DE1442039503C2CA89A8106D21BB082D3319EC2001E1996D182B117 ] CXPLRCAP        C:\windows\system32\drivers\CxPlrCap.sys
09:50:30.0094 0x0784  CXPLRCAP - ok
09:50:30.0218 0x0784  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:50:30.0357 0x0784  DcomLaunch - ok
09:50:30.0396 0x0784  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
09:50:30.0512 0x0784  defragsvc - ok
09:50:30.0585 0x0784  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:50:30.0709 0x0784  DfsC - ok
09:50:30.0739 0x0784  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
09:50:30.0809 0x0784  Dhcp - ok
09:50:30.0855 0x0784  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
09:50:30.0971 0x0784  discache - ok
09:50:31.0121 0x0784  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
09:50:31.0180 0x0784  Disk - ok
09:50:31.0217 0x0784  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:50:31.0275 0x0784  Dnscache - ok
09:50:31.0336 0x0784  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
09:50:31.0450 0x0784  dot3svc - ok
09:50:31.0527 0x0784  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
09:50:31.0619 0x0784  Dot4 - ok
09:50:31.0676 0x0784  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\windows\system32\drivers\Dot4Prt.sys
09:50:31.0739 0x0784  Dot4Print - ok
09:50:31.0759 0x0784  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
09:50:31.0814 0x0784  dot4usb - ok
09:50:31.0885 0x0784  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
09:50:32.0021 0x0784  DPS - ok
09:50:32.0075 0x0784  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:50:32.0128 0x0784  drmkaud - ok
09:50:32.0196 0x0784  [ 0040A0132AAC1004E50055F8FBB14C08, A336CA41DA09AC749242852827C1F2FB645E8E81A707217C360C5E4ACD1760BA ] dsNcAdpt        C:\windows\system32\DRIVERS\dsNcAdpt.sys
09:50:32.0255 0x0784  dsNcAdpt - ok
09:50:32.0367 0x0784  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:50:32.0488 0x0784  DXGKrnl - ok
09:50:32.0573 0x0784  [ 0826007B98815710666C217FDAE2AA6B, 8A1391D33E29B6EAA812845F8D93C0E01EA7C225ADA73E2F126BF0A2CBC8F67A ] Dyyno Launcher  C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
09:50:32.0653 0x0784  Dyyno Launcher - ok
09:50:32.0692 0x0784  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
09:50:32.0796 0x0784  EapHost - ok
09:50:33.0008 0x0784  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
09:50:33.0293 0x0784  ebdrv - ok
09:50:33.0345 0x0784  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
09:50:33.0409 0x0784  EFS - ok
09:50:33.0529 0x0784  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
09:50:33.0686 0x0784  ehRecvr - ok
09:50:33.0776 0x0784  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
09:50:33.0848 0x0784  ehSched - ok
09:50:33.0917 0x0784  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
09:50:34.0008 0x0784  elxstor - ok
09:50:34.0068 0x0784  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:50:34.0130 0x0784  ErrDev - ok
09:50:34.0182 0x0784  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
09:50:34.0323 0x0784  EventSystem - ok
09:50:34.0367 0x0784  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
09:50:34.0486 0x0784  exfat - ok
09:50:34.0573 0x0784  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:50:34.0706 0x0784  fastfat - ok
09:50:34.0818 0x0784  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
09:50:34.0922 0x0784  Fax - ok
09:50:34.0955 0x0784  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
09:50:34.0999 0x0784  fdc - ok
09:50:35.0024 0x0784  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
09:50:35.0119 0x0784  fdPHost - ok
09:50:35.0134 0x0784  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
09:50:35.0229 0x0784  FDResPub - ok
09:50:35.0251 0x0784  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:50:35.0293 0x0784  FileInfo - ok
09:50:35.0313 0x0784  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:50:35.0408 0x0784  Filetrace - ok
09:50:35.0437 0x0784  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
09:50:35.0484 0x0784  flpydisk - ok
09:50:35.0560 0x0784  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:50:35.0620 0x0784  FltMgr - ok
09:50:35.0753 0x0784  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
09:50:35.0900 0x0784  FontCache - ok
09:50:36.0021 0x0784  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:50:36.0076 0x0784  FontCache3.0.0.0 - ok
09:50:36.0107 0x0784  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:50:36.0147 0x0784  FsDepends - ok
09:50:36.0183 0x0784  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
09:50:36.0219 0x0784  fssfltr - ok
09:50:36.0456 0x0784  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:50:36.0604 0x0784  fsssvc - ok
09:50:36.0715 0x0784  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:50:36.0771 0x0784  Fs_Rec - ok
09:50:36.0843 0x0784  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:50:36.0927 0x0784  fvevol - ok
09:50:36.0963 0x0784  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
09:50:37.0004 0x0784  gagp30kx - ok
09:50:37.0081 0x0784  [ CE16683CFD11FE70BDE435DDA5EA1FCA, 43D850361F2B5C9389F7FABC3C62BD1517349C03834F436579DD01CFD09919F4 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
09:50:37.0146 0x0784  GameConsoleService - ok
09:50:37.0211 0x0784  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:50:37.0268 0x0784  GEARAspiWDM - ok
09:50:37.0383 0x0784  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
09:50:37.0564 0x0784  gpsvc - ok
09:50:37.0695 0x0784  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:50:37.0755 0x0784  gupdate - ok
09:50:37.0794 0x0784  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:50:37.0852 0x0784  gupdatem - ok
09:50:37.0913 0x0784  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:50:37.0985 0x0784  gusvc - ok
09:50:38.0012 0x0784  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:50:38.0057 0x0784  hcw85cir - ok
09:50:38.0158 0x0784  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:50:38.0285 0x0784  HdAudAddService - ok
09:50:38.0421 0x0784  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
09:50:38.0489 0x0784  HDAudBus - ok
09:50:38.0526 0x0784  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
09:50:38.0564 0x0784  HECIx64 - ok
09:50:38.0598 0x0784  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
09:50:38.0644 0x0784  HidBatt - ok
09:50:38.0665 0x0784  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
09:50:38.0722 0x0784  HidBth - ok
09:50:38.0744 0x0784  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
09:50:38.0796 0x0784  HidIr - ok
09:50:38.0836 0x0784  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
09:50:38.0945 0x0784  hidserv - ok
09:50:38.0997 0x0784  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
09:50:39.0066 0x0784  HidUsb - ok
09:50:39.0132 0x0784  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:50:39.0239 0x0784  hkmsvc - ok
09:50:39.0307 0x0784  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:50:39.0382 0x0784  HomeGroupListener - ok
09:50:39.0438 0x0784  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:50:39.0509 0x0784  HomeGroupProvider - ok
09:50:39.0576 0x0784  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:50:39.0648 0x0784  HpSAMD - ok
09:50:39.0888 0x0784  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:50:40.0065 0x0784  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
09:50:42.0776 0x0784  Detect skipped due to KSN trusted
09:50:42.0776 0x0784  HPSLPSVC - ok
09:50:42.0902 0x0784  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:50:43.0073 0x0784  HTTP - ok
09:50:43.0122 0x0784  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:50:43.0181 0x0784  hwpolicy - ok
09:50:43.0253 0x0784  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
09:50:43.0331 0x0784  i8042prt - ok
09:50:43.0397 0x0784  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
09:50:43.0469 0x0784  iaStor - ok
09:50:43.0551 0x0784  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:50:43.0620 0x0784  iaStorV - ok
09:50:43.0754 0x0784  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:50:43.0860 0x0784  idsvc - ok
09:50:43.0961 0x0784  IEEtwCollectorService - ok
09:50:44.0526 0x0784  [ 2A22AB054F4630D2EF4BAB2853F6D5F6, 9CD7A5FFB7E25B51E9D311531EE5EC20CEAC356C7A27D52B61DA810DB412437B ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
09:50:45.0318 0x0784  igfx - ok
09:50:45.0404 0x0784  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
09:50:45.0457 0x0784  iirsp - ok
09:50:45.0581 0x0784  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
09:50:45.0692 0x0784  IKEEXT - ok
09:50:45.0796 0x0784  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
09:50:45.0861 0x0784  Impcd - ok
09:50:46.0028 0x0784  [ A73CC9BD3A7236E686BE6667F0106C16, B9ABE8EE63867CBD9E439A3D4603D1F7D9ED3206768B28509D812DCBD046B64D ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
09:50:46.0227 0x0784  IntcAzAudAddService - ok
09:50:46.0291 0x0784  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
09:50:46.0356 0x0784  IntcDAud - ok
09:50:46.0391 0x0784  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
09:50:46.0428 0x0784  intelide - ok
09:50:46.0464 0x0784  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:50:46.0510 0x0784  intelppm - ok
09:50:46.0551 0x0784  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:50:46.0663 0x0784  IPBusEnum - ok
09:50:46.0780 0x0784  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:50:46.0888 0x0784  IpFilterDriver - ok
09:50:46.0977 0x0784  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:50:47.0078 0x0784  iphlpsvc - ok
09:50:47.0185 0x0784  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:50:47.0253 0x0784  IPMIDRV - ok
09:50:47.0291 0x0784  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:50:47.0421 0x0784  IPNAT - ok
09:50:47.0531 0x0784  [ 46D249F9DB7844CC01050A9345F0F61B, 4F667F08094AE703F48C7D976133658DCA731BBFE612422D3A06C3476C57EB85 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:50:47.0630 0x0784  iPod Service - ok
09:50:47.0675 0x0784  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:50:47.0730 0x0784  IRENUM - ok
09:50:47.0783 0x0784  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:50:47.0822 0x0784  isapnp - ok
09:50:47.0875 0x0784  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:50:47.0940 0x0784  iScsiPrt - ok
09:50:48.0005 0x0784  [ 3A7D9638A50B45D1E20B9911961AB97C, 2D34206411D3A614B7A6F30AFF68B9BB85F505ED6AE416DE79FE3AD950662EA7 ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys
09:50:48.0060 0x0784  JMCR - ok
09:50:48.0119 0x0784  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
09:50:48.0172 0x0784  kbdclass - ok
09:50:48.0243 0x0784  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
09:50:48.0309 0x0784  kbdhid - ok
09:50:48.0347 0x0784  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
09:50:48.0409 0x0784  KeyIso - ok
09:50:48.0464 0x0784  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:50:48.0507 0x0784  KSecDD - ok
09:50:48.0560 0x0784  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:50:48.0634 0x0784  KSecPkg - ok
09:50:48.0665 0x0784  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:50:48.0785 0x0784  ksthunk - ok
09:50:48.0841 0x0784  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
09:50:49.0009 0x0784  KtmRm - ok
09:50:49.0126 0x0784  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
09:50:49.0263 0x0784  LanmanServer - ok
09:50:49.0389 0x0784  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:50:49.0532 0x0784  LanmanWorkstation - ok
09:50:49.0605 0x0784  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:50:49.0743 0x0784  lltdio - ok
09:50:49.0780 0x0784  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:50:49.0910 0x0784  lltdsvc - ok
09:50:49.0927 0x0784  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:50:50.0024 0x0784  lmhosts - ok
09:50:50.0112 0x0784  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:50:50.0182 0x0784  LMS - detected UnsignedFile.Multi.Generic ( 1 )
09:50:52.0899 0x0784  Detect skipped due to KSN trusted
09:50:52.0899 0x0784  LMS - ok
09:50:52.0948 0x0784  [ 41E122F6D1448C94CC05196BC41D6BFB, DC027B897A14359669C6C93CCC7FCEEA2FDCEE281489589DDAEE008FAD0B15E2 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
09:50:52.0995 0x0784  LPCFilter - ok
09:50:53.0036 0x0784  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
09:50:53.0083 0x0784  LSI_FC - ok
09:50:53.0106 0x0784  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
09:50:53.0150 0x0784  LSI_SAS - ok
09:50:53.0168 0x0784  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
09:50:53.0209 0x0784  LSI_SAS2 - ok
09:50:53.0223 0x0784  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
09:50:53.0268 0x0784  LSI_SCSI - ok
09:50:53.0303 0x0784  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
09:50:53.0410 0x0784  luafv - ok
09:50:53.0481 0x0784  [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus       C:\windows\system32\DRIVERS\MarvinBus64.sys
09:50:53.0556 0x0784  MarvinBus - detected UnsignedFile.Multi.Generic ( 1 )
09:50:56.0503 0x0784  Detect skipped due to KSN trusted
09:50:56.0503 0x0784  MarvinBus - ok
09:50:56.0610 0x0784  [ D7F57860E779B84AB982E8F4F23E30D1, 118E98F8999A2CBA469FBFF8C776BFC9D92D0445AE30060EA4028731224C68B8 ] massfilter_hs   C:\windows\system32\drivers\massfilter_hs.sys
09:50:56.0649 0x0784  massfilter_hs - ok
09:50:56.0735 0x0784  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
09:50:56.0788 0x0784  Mcx2Svc - ok
09:50:56.0806 0x0784  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
09:50:56.0845 0x0784  megasas - ok
09:50:56.0890 0x0784  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
09:50:56.0948 0x0784  MegaSR - ok
09:50:56.0985 0x0784  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
09:50:57.0084 0x0784  MMCSS - ok
09:50:57.0103 0x0784  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
09:50:57.0203 0x0784  Modem - ok
09:50:57.0237 0x0784  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:50:57.0288 0x0784  monitor - ok
09:50:57.0309 0x0784  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\drivers\mouclass.sys
09:50:57.0349 0x0784  mouclass - ok
09:50:57.0411 0x0784  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:50:57.0489 0x0784  mouhid - ok
09:50:57.0564 0x0784  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:50:57.0624 0x0784  mountmgr - ok
09:50:57.0764 0x0784  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:50:57.0825 0x0784  MozillaMaintenance - ok
09:50:57.0879 0x0784  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
09:50:57.0927 0x0784  mpio - ok
09:50:57.0963 0x0784  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:50:58.0066 0x0784  mpsdrv - ok
09:50:58.0168 0x0784  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:50:58.0335 0x0784  MpsSvc - ok
09:50:58.0383 0x0784  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:50:58.0436 0x0784  MRxDAV - ok
09:50:58.0506 0x0784  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:50:58.0572 0x0784  mrxsmb - ok
09:50:58.0653 0x0784  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:50:58.0734 0x0784  mrxsmb10 - ok
09:50:58.0757 0x0784  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:50:58.0807 0x0784  mrxsmb20 - ok
09:50:58.0835 0x0784  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
09:50:58.0874 0x0784  msahci - ok
09:50:58.0927 0x0784  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:50:58.0976 0x0784  msdsm - ok
09:50:58.0997 0x0784  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
09:50:59.0058 0x0784  MSDTC - ok
09:50:59.0113 0x0784  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:50:59.0240 0x0784  Msfs - ok
09:50:59.0266 0x0784  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:50:59.0362 0x0784  mshidkmdf - ok
09:50:59.0421 0x0784  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:50:59.0476 0x0784  msisadrv - ok
09:50:59.0509 0x0784  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:50:59.0618 0x0784  MSiSCSI - ok
09:50:59.0624 0x0784  msiserver - ok
09:50:59.0665 0x0784  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:50:59.0761 0x0784  MSKSSRV - ok
09:50:59.0770 0x0784  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:50:59.0865 0x0784  MSPCLOCK - ok
09:50:59.0875 0x0784  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:50:59.0970 0x0784  MSPQM - ok
09:51:00.0047 0x0784  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:51:00.0111 0x0784  MsRPC - ok
09:51:00.0171 0x0784  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
09:51:00.0241 0x0784  mssmbios - ok
09:51:00.0265 0x0784  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:51:00.0375 0x0784  MSTEE - ok
09:51:00.0400 0x0784  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
09:51:00.0443 0x0784  MTConfig - ok
09:51:00.0485 0x0784  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
09:51:00.0528 0x0784  Mup - ok
09:51:00.0625 0x0784  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
09:51:00.0772 0x0784  napagent - ok
09:51:00.0893 0x0784  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:51:00.0983 0x0784  NativeWifiP - ok
09:51:01.0098 0x0784  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
09:51:01.0208 0x0784  NDIS - ok
09:51:01.0266 0x0784  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:51:01.0393 0x0784  NdisCap - ok
09:51:01.0434 0x0784  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:51:01.0534 0x0784  NdisTapi - ok
09:51:01.0589 0x0784  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:51:01.0719 0x0784  Ndisuio - ok
09:51:01.0757 0x0784  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:51:01.0871 0x0784  NdisWan - ok
09:51:01.0933 0x0784  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:51:02.0071 0x0784  NDProxy - ok
09:51:02.0175 0x0784  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:51:02.0224 0x0784  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
09:51:05.0099 0x0784  Detect skipped due to KSN trusted
09:51:05.0099 0x0784  Net Driver HPZ12 - ok
09:51:05.0141 0x0784  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:51:05.0252 0x0784  NetBIOS - ok
09:51:05.0327 0x0784  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:51:05.0457 0x0784  NetBT - ok
09:51:05.0481 0x0784  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
09:51:05.0526 0x0784  Netlogon - ok
09:51:05.0563 0x0784  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
09:51:05.0700 0x0784  Netman - ok
09:51:05.0764 0x0784  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:51:05.0837 0x0784  NetMsmqActivator - ok
09:51:05.0848 0x0784  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:51:05.0900 0x0784  NetPipeActivator - ok
09:51:05.0944 0x0784  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
09:51:06.0085 0x0784  netprofm - ok
09:51:06.0098 0x0784  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:51:06.0150 0x0784  NetTcpActivator - ok
09:51:06.0160 0x0784  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:51:06.0212 0x0784  NetTcpPortSharing - ok
09:51:06.0274 0x0784  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
09:51:06.0328 0x0784  nfrd960 - ok
09:51:06.0402 0x0784  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
09:51:06.0504 0x0784  NlaSvc - ok
09:51:06.0526 0x0784  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:51:06.0634 0x0784  Npfs - ok
09:51:06.0665 0x0784  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
09:51:06.0792 0x0784  nsi - ok
09:51:06.0803 0x0784  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:51:06.0897 0x0784  nsiproxy - ok
09:51:07.0074 0x0784  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:51:07.0261 0x0784  Ntfs - ok
09:51:07.0362 0x0784  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
09:51:07.0487 0x0784  Null - ok
09:51:07.0554 0x0784  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:51:07.0611 0x0784  nvraid - ok
09:51:07.0650 0x0784  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:51:07.0703 0x0784  nvstor - ok
09:51:07.0781 0x0784  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:51:07.0839 0x0784  nv_agp - ok
09:51:07.0896 0x0784  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:51:07.0965 0x0784  ohci1394 - ok
09:51:08.0019 0x0784  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:51:08.0098 0x0784  ose - ok
09:51:08.0395 0x0784  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:51:08.0737 0x0784  osppsvc - ok
09:51:08.0806 0x0784  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:51:08.0879 0x0784  p2pimsvc - ok
09:51:08.0929 0x0784  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
09:51:09.0010 0x0784  p2psvc - ok
09:51:09.0047 0x0784  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
09:51:09.0135 0x0784  Parport - ok
09:51:09.0177 0x0784  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:51:09.0227 0x0784  partmgr - ok
09:51:09.0262 0x0784  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
09:51:09.0333 0x0784  PcaSvc - ok
09:51:09.0384 0x0784  [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
09:51:09.0444 0x0784  PCCUJobMgr - ok
09:51:09.0515 0x0784  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
09:51:09.0585 0x0784  pci - ok
09:51:09.0635 0x0784  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
09:51:09.0674 0x0784  pciide - ok
09:51:09.0715 0x0784  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
09:51:09.0769 0x0784  pcmcia - ok
09:51:09.0806 0x0784  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
09:51:09.0847 0x0784  pcw - ok
09:51:09.0905 0x0784  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:51:10.0051 0x0784  PEAUTH - ok
09:51:10.0134 0x0784  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:51:10.0208 0x0784  PerfHost - ok
09:51:10.0260 0x0784  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
09:51:10.0296 0x0784  PGEffect - ok
09:51:10.0426 0x0784  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
09:51:10.0631 0x0784  pla - ok
09:51:10.0750 0x0784  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:51:10.0843 0x0784  PlugPlay - ok
09:51:10.0937 0x0784  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:51:10.0983 0x0784  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
09:51:13.0706 0x0784  Detect skipped due to KSN trusted
09:51:13.0706 0x0784  Pml Driver HPZ12 - ok
09:51:13.0750 0x0784  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:51:13.0823 0x0784  PNRPAutoReg - ok
09:51:13.0851 0x0784  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:51:13.0919 0x0784  PNRPsvc - ok
09:51:14.0008 0x0784  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:51:14.0147 0x0784  PolicyAgent - ok
09:51:14.0177 0x0784  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
09:51:14.0287 0x0784  Power - ok
09:51:14.0341 0x0784  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:51:14.0476 0x0784  PptpMiniport - ok
09:51:14.0575 0x0784  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
09:51:14.0646 0x0784  Processor - ok
09:51:14.0695 0x0784  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
09:51:14.0766 0x0784  ProfSvc - ok
09:51:14.0781 0x0784  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
09:51:14.0829 0x0784  ProtectedStorage - ok
09:51:14.0905 0x0784  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:51:15.0039 0x0784  Psched - ok
09:51:15.0142 0x0784  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
09:51:15.0289 0x0784  ql2300 - ok
09:51:15.0375 0x0784  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
09:51:15.0433 0x0784  ql40xx - ok
09:51:15.0474 0x0784  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
09:51:15.0551 0x0784  QWAVE - ok
09:51:15.0568 0x0784  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:51:15.0623 0x0784  QWAVEdrv - ok
09:51:15.0643 0x0784  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:51:15.0740 0x0784  RasAcd - ok
09:51:15.0777 0x0784  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:51:15.0874 0x0784  RasAgileVpn - ok
09:51:15.0893 0x0784  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
09:51:15.0999 0x0784  RasAuto - ok
09:51:16.0060 0x0784  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:51:16.0167 0x0784  Rasl2tp - ok
09:51:16.0277 0x0784  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
09:51:16.0409 0x0784  RasMan - ok
09:51:16.0458 0x0784  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:51:16.0562 0x0784  RasPppoe - ok
09:51:16.0656 0x0784  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:51:16.0786 0x0784  RasSstp - ok
09:51:16.0875 0x0784  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:51:17.0014 0x0784  rdbss - ok
09:51:17.0078 0x0784  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
09:51:17.0137 0x0784  rdpbus - ok
09:51:17.0161 0x0784  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:51:17.0252 0x0784  RDPCDD - ok
09:51:17.0277 0x0784  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:51:17.0370 0x0784  RDPENCDD - ok
09:51:17.0392 0x0784  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:51:17.0486 0x0784  RDPREFMP - ok
09:51:17.0551 0x0784  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:51:17.0640 0x0784  RDPWD - ok
09:51:17.0713 0x0784  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:51:17.0775 0x0784  rdyboost - ok
09:51:17.0812 0x0784  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:51:17.0918 0x0784  RemoteAccess - ok
09:51:17.0967 0x0784  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:51:18.0117 0x0784  RemoteRegistry - ok
09:51:18.0158 0x0784  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:51:18.0288 0x0784  RpcEptMapper - ok
09:51:18.0361 0x0784  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
09:51:18.0417 0x0784  RpcLocator - ok
09:51:18.0509 0x0784  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
09:51:18.0678 0x0784  RpcSs - ok
09:51:18.0767 0x0784  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:51:18.0890 0x0784  rspndr - ok
09:51:18.0938 0x0784  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
09:51:18.0997 0x0784  RTL8167 - ok
09:51:19.0102 0x0784  [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se       C:\windows\system32\DRIVERS\rtl8192se.sys
09:51:19.0225 0x0784  rtl8192se - ok
09:51:19.0354 0x0784  [ DBA89D7C8C888BB7161BB63A60B2CCE8, B29E3FAB6B74CB9A0F02792F1F49834423B321BB4CC3A23650434B83A1BEE2E0 ] rtl819xp        C:\windows\system32\DRIVERS\rtl819xp.sys
09:51:19.0464 0x0784  rtl819xp - ok
09:51:19.0560 0x0784  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
09:51:19.0633 0x0784  SamSs - ok
09:51:19.0690 0x0784  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:51:19.0747 0x0784  sbp2port - ok
09:51:19.0803 0x0784  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:51:19.0943 0x0784  SCardSvr - ok
09:51:20.0000 0x0784  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:51:20.0115 0x0784  scfilter - ok
09:51:20.0238 0x0784  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
09:51:20.0430 0x0784  Schedule - ok
09:51:20.0472 0x0784  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
09:51:20.0596 0x0784  SCPolicySvc - ok
09:51:20.0666 0x0784  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\windows\system32\drivers\sdbus.sys
09:51:20.0753 0x0784  sdbus - ok
09:51:20.0822 0x0784  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:51:20.0913 0x0784  SDRSVC - ok
09:51:20.0949 0x0784  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:51:21.0055 0x0784  secdrv - ok
09:51:21.0076 0x0784  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
09:51:21.0174 0x0784  seclogon - ok
09:51:21.0209 0x0784  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
09:51:21.0313 0x0784  SENS - ok
09:51:21.0334 0x0784  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:51:21.0382 0x0784  SensrSvc - ok
09:51:21.0397 0x0784  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
09:51:21.0440 0x0784  Serenum - ok
09:51:21.0478 0x0784  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
09:51:21.0530 0x0784  Serial - ok
09:51:21.0593 0x0784  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
09:51:21.0661 0x0784  sermouse - ok
09:51:21.0737 0x0784  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
09:51:21.0883 0x0784  SessionEnv - ok
09:51:21.0971 0x0784  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:51:22.0039 0x0784  sffdisk - ok
09:51:22.0095 0x0784  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:51:22.0165 0x0784  sffp_mmc - ok
09:51:22.0219 0x0784  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:51:22.0277 0x0784  sffp_sd - ok
09:51:22.0307 0x0784  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
09:51:22.0349 0x0784  sfloppy - ok
09:51:22.0469 0x0784  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
09:51:22.0585 0x0784  Sftfs - ok
09:51:22.0736 0x0784  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:51:22.0821 0x0784  sftlist - ok
09:51:22.0884 0x0784  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
09:51:22.0950 0x0784  Sftplay - ok
09:51:23.0002 0x0784  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
09:51:23.0060 0x0784  Sftredir - ok
09:51:23.0109 0x0784  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
09:51:23.0160 0x0784  Sftvol - ok
09:51:23.0181 0x0784  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:51:23.0235 0x0784  sftvsa - ok
09:51:23.0322 0x0784  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:51:23.0458 0x0784  SharedAccess - ok
09:51:23.0595 0x0784  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:51:23.0732 0x0784  ShellHWDetection - ok
09:51:23.0759 0x0784  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
09:51:23.0798 0x0784  SiSRaid2 - ok
09:51:23.0843 0x0784  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
09:51:23.0903 0x0784  SiSRaid4 - ok
09:51:23.0929 0x0784  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:51:24.0031 0x0784  Smb - ok
09:51:24.0082 0x0784  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:51:24.0176 0x0784  SNMPTRAP - ok
09:51:24.0186 0x0784  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
09:51:24.0226 0x0784  spldr - ok
09:51:24.0315 0x0784  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
09:51:24.0408 0x0784  Spooler - ok
09:51:24.0654 0x0784  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
09:51:25.0007 0x0784  sppsvc - ok
09:51:25.0052 0x0784  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:51:25.0157 0x0784  sppuinotify - ok
09:51:25.0235 0x0784  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
09:51:25.0319 0x0784  srv - ok
09:51:25.0399 0x0784  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:51:25.0487 0x0784  srv2 - ok
09:51:25.0546 0x0784  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:51:25.0627 0x0784  srvnet - ok
09:51:25.0657 0x0784  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:51:25.0771 0x0784  SSDPSRV - ok
09:51:25.0784 0x0784  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:51:25.0892 0x0784  SstpSvc - ok
09:51:25.0930 0x0784  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
09:51:25.0996 0x0784  stexstor - ok
09:51:26.0101 0x0784  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
09:51:26.0213 0x0784  stisvc - ok
09:51:26.0267 0x0784  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
09:51:26.0325 0x0784  swenum - ok
09:51:26.0378 0x0784  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
09:51:26.0522 0x0784  swprv - ok
09:51:26.0605 0x0784  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:51:26.0665 0x0784  SynTP - ok
09:51:26.0817 0x0784  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
09:51:27.0014 0x0784  SysMain - ok
09:51:27.0063 0x0784  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
09:51:27.0129 0x0784  TabletInputService - ok
09:51:27.0196 0x0784  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
09:51:27.0339 0x0784  TapiSrv - ok
09:51:27.0374 0x0784  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
09:51:27.0477 0x0784  TBS - ok
09:51:27.0674 0x0784  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:51:27.0852 0x0784  Tcpip - ok
09:51:27.0949 0x0784  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:51:28.0126 0x0784  TCPIP6 - ok
09:51:28.0176 0x0784  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:51:28.0251 0x0784  tcpipreg - ok
09:51:28.0299 0x0784  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
09:51:28.0340 0x0784  tdcmdpst - ok
09:51:28.0371 0x0784  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:51:28.0416 0x0784  TDPIPE - ok
09:51:28.0462 0x0784  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:51:28.0525 0x0784  TDTCP - ok
09:51:28.0580 0x0784  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:51:28.0641 0x0784  tdx - ok
09:51:28.0659 0x0784  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
09:51:28.0699 0x0784  TermDD - ok
09:51:28.0789 0x0784  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
09:51:28.0888 0x0784  TermService - ok
09:51:28.0920 0x0784  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
09:51:28.0982 0x0784  Themes - ok
09:51:29.0017 0x0784  [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
09:51:29.0053 0x0784  Thpdrv - ok
09:51:29.0086 0x0784  [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS
09:51:29.0118 0x0784  Thpevm - ok
09:51:29.0172 0x0784  [ F6927BBA3B09AFF26A53A9191F7378F9, ECB6FD262882E9E2714DC61A634045B4C4906BF159A42ECB5D3166BD42EC65D1 ] Thpsrv          C:\windows\system32\ThpSrv.exe
09:51:29.0246 0x0784  Thpsrv - ok
09:51:29.0277 0x0784  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
09:51:29.0378 0x0784  THREADORDER - ok
09:51:29.0449 0x0784  [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:51:29.0504 0x0784  TMachInfo - ok
09:51:29.0551 0x0784  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
09:51:29.0604 0x0784  TODDSrv - ok
09:51:29.0708 0x0784  [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:51:29.0776 0x0784  TosCoSrv - ok
09:51:29.0843 0x0784  [ 2AB7A4697462EDB0C9DFAFC529746BA9, 4EAF4839CA35C8FCE9C086D43E7417E52F0714A2227AE983C0B5C88A66A1B554 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
09:51:29.0916 0x0784  TOSHIBA eco Utility Service - ok
09:51:29.0989 0x0784  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:51:30.0042 0x0784  TOSHIBA HDD SSD Alert Service - ok
09:51:30.0123 0x0784  [ 570080AD1278381B066848FFE72973CD, 1D66477A29C9B389D4BC1A69DBD1CEDAFA6F1777504E2D4772E796FCE788F360 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
09:51:30.0217 0x0784  TPCHSrv - ok
09:51:30.0248 0x0784  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
09:51:30.0356 0x0784  TrkWks - ok
09:51:30.0450 0x0784  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:51:30.0580 0x0784  TrustedInstaller - ok
09:51:30.0638 0x0784  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:51:30.0709 0x0784  tssecsrv - ok
09:51:30.0744 0x0784  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:51:30.0796 0x0784  TsUsbFlt - ok
09:51:30.0876 0x0784  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:51:30.0999 0x0784  tunnel - ok
09:51:31.0029 0x0784  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:51:31.0063 0x0784  TVALZ - ok
09:51:31.0086 0x0784  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
09:51:31.0119 0x0784  TVALZFL - ok
09:51:31.0145 0x0784  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
09:51:31.0187 0x0784  uagp35 - ok
09:51:31.0223 0x0784  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:51:31.0339 0x0784  udfs - ok
09:51:31.0372 0x0784  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:51:31.0423 0x0784  UI0Detect - ok
09:51:31.0458 0x0784  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:51:31.0512 0x0784  uliagpkx - ok
09:51:31.0561 0x0784  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\drivers\umbus.sys
09:51:31.0609 0x0784  umbus - ok
09:51:31.0633 0x0784  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
09:51:31.0676 0x0784  UmPass - ok
09:51:31.0895 0x0784  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:51:32.0137 0x0784  UNS - detected UnsignedFile.Multi.Generic ( 1 )
09:51:35.0340 0x0784  Detect skipped due to KSN trusted
09:51:35.0341 0x0784  UNS - ok
09:51:35.0415 0x0784  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
09:51:35.0564 0x0784  upnphost - ok
09:51:35.0636 0x0784  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
09:51:35.0705 0x0784  usbaudio - ok
09:51:35.0732 0x0784  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
09:51:35.0781 0x0784  usbccgp - ok
09:51:35.0809 0x0784  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:51:35.0860 0x0784  usbcir - ok
09:51:35.0882 0x0784  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
09:51:35.0929 0x0784  usbehci - ok
09:51:35.0963 0x0784  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
09:51:36.0037 0x0784  usbhub - ok
09:51:36.0054 0x0784  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
09:51:36.0096 0x0784  usbohci - ok
09:51:36.0123 0x0784  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:51:36.0175 0x0784  usbprint - ok
09:51:36.0233 0x0784  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
09:51:36.0301 0x0784  usbscan - ok
09:51:36.0357 0x0784  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:51:36.0430 0x0784  USBSTOR - ok
09:51:36.0462 0x0784  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:51:36.0503 0x0784  usbuhci - ok
09:51:36.0544 0x0784  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
09:51:36.0603 0x0784  usbvideo - ok
09:51:36.0665 0x0784  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\windows\system32\drivers\usb8023x.sys
09:51:36.0745 0x0784  usb_rndisx - ok
09:51:36.0780 0x0784  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
09:51:36.0884 0x0784  UxSms - ok
09:51:36.0895 0x0784  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
09:51:36.0942 0x0784  VaultSvc - ok
09:51:36.0953 0x0784  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:51:36.0993 0x0784  vdrvroot - ok
09:51:37.0085 0x0784  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
09:51:37.0241 0x0784  vds - ok
09:51:37.0281 0x0784  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:51:37.0333 0x0784  vga - ok
09:51:37.0357 0x0784  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
09:51:37.0453 0x0784  VgaSave - ok
09:51:37.0507 0x0784  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:51:37.0563 0x0784  vhdmp - ok
09:51:37.0608 0x0784  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
09:51:37.0646 0x0784  viaide - ok
09:51:37.0674 0x0784  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:51:37.0716 0x0784  volmgr - ok
09:51:37.0787 0x0784  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:51:37.0882 0x0784  volmgrx - ok
09:51:37.0958 0x0784  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:51:38.0040 0x0784  volsnap - ok
09:51:38.0073 0x0784  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
09:51:38.0122 0x0784  vsmraid - ok
09:51:38.0265 0x0784  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
09:51:38.0508 0x0784  VSS - ok
09:51:38.0554 0x0784  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:51:38.0606 0x0784  vwifibus - ok
09:51:38.0637 0x0784  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:51:38.0696 0x0784  vwififlt - ok
09:51:38.0741 0x0784  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:51:38.0821 0x0784  vwifimp - ok
09:51:38.0863 0x0784  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
09:51:38.0996 0x0784  W32Time - ok
09:51:39.0025 0x0784  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
09:51:39.0072 0x0784  WacomPen - ok
09:51:39.0145 0x0784  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:51:39.0269 0x0784  WANARP - ok
09:51:39.0278 0x0784  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:51:39.0379 0x0784  Wanarpv6 - ok
09:51:39.0506 0x0784  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:51:39.0630 0x0784  WatAdminSvc - ok
09:51:39.0769 0x0784  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
09:51:39.0933 0x0784  wbengine - ok
09:51:39.0991 0x0784  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:51:40.0085 0x0784  WbioSrvc - ok
09:51:40.0168 0x0784  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:51:40.0261 0x0784  wcncsvc - ok
09:51:40.0286 0x0784  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:51:40.0335 0x0784  WcsPlugInService - ok
09:51:40.0364 0x0784  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
09:51:40.0402 0x0784  Wd - ok
09:51:40.0612 0x0784  [ 96C4C98FE4866C16FC64E4578A0AA975, 978942885AE949BC131E991B8FB6C773FA4F925E5CF5EC653F3E1ED8CCB8886F ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
09:51:40.0738 0x0784  WDBackup - ok
09:51:40.0793 0x0784  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam64.sys
09:51:40.0851 0x0784  WDC_SAM - ok
09:51:40.0951 0x0784  [ 80F8944EA183004D6EDCBBDCEC166404, AA89D6A49AB0B0E049485977E36E54A06AB1BC7D92DD3924AA8A12C5005BF5F6 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
09:51:41.0015 0x0784  WDDriveService - ok
09:51:41.0123 0x0784  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:51:41.0219 0x0784  Wdf01000 - ok
09:51:41.0247 0x0784  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:51:41.0314 0x0784  WdiServiceHost - ok
09:51:41.0322 0x0784  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:51:41.0388 0x0784  WdiSystemHost - ok
09:51:41.0515 0x0784  [ FD2D1C60CDBDFAB63EF182539D8FFC2D, 6774CACC3EAC8764E860C2AABD6F3843AD2C8E6E8D4943B3785E8C7A85FAB1E0 ] WDRulesService  C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
09:51:41.0638 0x0784  WDRulesService - ok
09:51:41.0701 0x0784  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
09:51:41.0775 0x0784  WebClient - ok
09:51:41.0817 0x0784  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:51:41.0938 0x0784  Wecsvc - ok
09:51:41.0963 0x0784  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:51:42.0068 0x0784  wercplsupport - ok
09:51:42.0096 0x0784  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
09:51:42.0211 0x0784  WerSvc - ok
09:51:42.0228 0x0784  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:51:42.0323 0x0784  WfpLwf - ok
09:51:42.0346 0x0784  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:51:42.0384 0x0784  WIMMount - ok
09:51:42.0412 0x0784  WinDefend - ok
09:51:42.0459 0x0784  WinHttpAutoProxySvc - ok
09:51:42.0519 0x0784  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:51:42.0636 0x0784  Winmgmt - ok
09:51:42.0794 0x0784  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
09:51:43.0001 0x0784  WinRM - ok
09:51:43.0085 0x0784  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
09:51:43.0165 0x0784  WinUsb - ok
09:51:43.0256 0x0784  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
09:51:43.0387 0x0784  Wlansvc - ok
09:51:43.0564 0x0784  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:51:43.0615 0x0784  wlcrasvc - ok
09:51:43.0831 0x0784  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:51:44.0055 0x0784  wlidsvc - ok
09:51:44.0105 0x0784  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
09:51:44.0151 0x0784  WmiAcpi - ok
09:51:44.0180 0x0784  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:51:44.0241 0x0784  wmiApSrv - ok
09:51:44.0287 0x0784  WMPNetworkSvc - ok
09:51:44.0316 0x0784  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:51:44.0378 0x0784  WPCSvc - ok
09:51:44.0432 0x0784  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:51:44.0503 0x0784  WPDBusEnum - ok
09:51:44.0528 0x0784  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:51:44.0627 0x0784  ws2ifsl - ok
09:51:44.0652 0x0784  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
09:51:44.0716 0x0784  wscsvc - ok
09:51:44.0722 0x0784  WSearch - ok
09:51:44.0934 0x0784  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
09:51:45.0200 0x0784  wuauserv - ok
09:51:45.0280 0x0784  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:51:45.0351 0x0784  WudfPf - ok
09:51:45.0434 0x0784  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
09:51:45.0502 0x0784  WUDFRd - ok
09:51:45.0566 0x0784  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:51:45.0648 0x0784  wudfsvc - ok
09:51:45.0721 0x0784  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
09:51:45.0804 0x0784  WwanSvc - ok
09:51:45.0985 0x0784  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:51:46.0069 0x0784  YahooAUService - ok
09:51:46.0177 0x0784  ================ Scan global ===============================
09:51:46.0209 0x0784  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
09:51:46.0275 0x0784  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
09:51:46.0326 0x0784  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
09:51:46.0379 0x0784  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
09:51:46.0442 0x0784  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
09:51:46.0464 0x0784  [ Global ] - ok
09:51:46.0465 0x0784  ================ Scan MBR ==================================
09:51:46.0478 0x0784  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
09:51:46.0906 0x0784  \Device\Harddisk0\DR0 - ok
09:51:46.0907 0x0784  ================ Scan VBR ==================================
09:51:46.0912 0x0784  [ 46240BBCEC9875540CA5ACF38AE0DDC6 ] \Device\Harddisk0\DR0\Partition1
09:51:46.0914 0x0784  \Device\Harddisk0\DR0\Partition1 - ok
09:51:46.0916 0x0784  ================ Scan generic autorun ======================
09:51:46.0995 0x0784  [ 55AEB735E6B471C238F565339A63DB12, DD8547A4FE31DD35F46A16DA04B73655B6A865E7ED1EC7B3B93CE62C68465136 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
09:51:47.0065 0x0784  TSleepSrv - ok
09:51:47.0128 0x0784  [ DB04E6CBFCB38A8E224239CE2185D9E6, 7DBAF41EB3BE0A21DB9CFB72FA22879238089E32879D2E2D7FC651CC9778C30B ] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
09:51:47.0236 0x0784  SVPWUTIL - detected UnsignedFile.Multi.Generic ( 1 )
09:51:50.0119 0x0784  Detect skipped due to KSN trusted
09:51:50.0119 0x0784  SVPWUTIL - ok
09:51:50.0180 0x0784  [ 8107E3A186C034DDEB14718D71332714, 641AD52C6F624A59648043D6E044B772B76DA1C82C4B3258A109A2FB67AACFA3 ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
09:51:50.0243 0x0784  HWSetup - detected UnsignedFile.Multi.Generic ( 1 )
09:51:52.0968 0x0784  Detect skipped due to KSN trusted
09:51:52.0968 0x0784  HWSetup - ok
09:51:53.0075 0x0784  [ 552B331DC253F28C6B3B0B2A2B9BA398, 7FB0DBF7551DB7DFB67BD5FFD601CE0FE6D12FDDA3B3A3DD9AA92ADD891D8854 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
09:51:53.0204 0x0784  ToshibaServiceStation - ok
09:51:53.0540 0x0784  [ EF6CEC2BAE95B5DCBD95E0BD0F4F65B7, 90D587F514623204F672FACE59FD392D71A606931BE3409F390594E841C8CFEE ] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
09:51:54.0060 0x0784  WD Quick View - ok
09:51:54.0417 0x0784  [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\Alwil Software\Avast5\AvastUI.exe
09:51:54.0978 0x0784  AvastUI.exe - ok
09:51:55.0135 0x0784  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:51:55.0325 0x0784  Sidebar - ok
09:51:55.0362 0x0784  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:51:55.0465 0x0784  mctadmin - ok
09:51:55.0553 0x0784  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:51:55.0703 0x0784  Sidebar - ok
09:51:55.0751 0x0784  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:51:55.0841 0x0784  mctadmin - ok
09:51:55.0887 0x0784  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
09:51:56.0012 0x0784  RESTART_STICKY_NOTES - ok
09:51:56.0015 0x0784  Waiting for KSN requests completion. In queue: 8
09:51:57.0015 0x0784  Waiting for KSN requests completion. In queue: 8
09:51:58.0015 0x0784  Waiting for KSN requests completion. In queue: 8
09:51:59.0015 0x0784  Waiting for KSN requests completion. In queue: 8
09:52:00.0105 0x0784  AV detected via SS2: avast! Antivirus, C:\Program Files\Alwil Software\Avast5\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
09:52:00.0145 0x0784  Win FW state via NFP2: enabled
09:52:02.0977 0x0784  ============================================================
09:52:02.0977 0x0784  Scan finished
09:52:02.0977 0x0784  ============================================================
09:52:02.0996 0x03d4  Detected object count: 0
09:52:02.0996 0x03d4  Actual detected object count: 0
09:53:21.0525 0x0f68  Deinitialize success
 


  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 
 
Please do the following. 
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Search App by Ask
    • FoxTab FLV Player
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W7).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 4
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Your version of Malwarebytes Anti-Malware is outdated. Download the update on top of your current version. 
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK?
  • JRT.txt
  • AdwCleaner[S0].txt
  • MBAM log
  • FRST.txt
  • Addition.txt

  • 0

#7
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

The programs did uninstall although there was a warning that I might have to manually uninstall some files (probably routine)

 

 

The Malware-Bytes log was posted last - it was run in the correct order but it took me a bit to find the text file.

 

Please note- I will leave by 10:30 EST tomorrow for a wake and an overnight night stay at a hotal and then the funeral - my mother-in-law. I may not be able to respond to your reply until possiby Sunday January 25th.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Greg on Thu 01/22/2015 at 14:56:47.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SaltarSmart_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SaltarSmart_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SaltarSmart_tg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SaltarSmart_tg_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SaltarSmart_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SaltarSmart_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SaltarSmart_tg_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SaltarSmart_tg_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{55D8F856-50AD-41A6-AC3F-96EB8F877A9F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F45EF7A8-05F9-420D-AF4A-EDC86654572E}



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\PC Optimizer Pro64 startups.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Greg\AppData\Roaming\updaterex"
Successfully deleted: [Folder] "C:\Users\Greg\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Greg\appdata\local\pro_pc_cleaner"
Successfully deleted: [Folder] "C:\Users\Greg\documents\propccleaner"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\j11syqoo.default-1399081118986\astrmndant
Successfully deleted the following from C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\j11syqoo.default-1399081118986\prefs.js

user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_39_ie&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0FyC0FyB0E0EtCtByE0FtN0D0Tzu0StCtDtDtBtN1L2XzutAtF
user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_39_ie&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0FyC0FyB0E0EtCtByE0FtN0D0Tzu0StCtDtDtBtN1L2XzutA
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_39_ie&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0FyC0FyB0E0EtCtByE0FtN0D0Tzu0StCtDtDtBtN1L2Xzu
user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Emptied folder: C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\j11syqoo.default-1399081118986\minidumps [48 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 15:06:51.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v4.108 - Report created 22/01/2015 at 15:16:32
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Greg - GREG-PC
# Running from : C:\Users\Greg\Documents\Saved Games\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Greg\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Greg\AppData\Roaming\RHEng
File Deleted : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : BrowserSafeguard Update Task
Task Deleted : DSite
Task Deleted : UpdaterEX
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\USyndication
Key Deleted : HKLM\SOFTWARE\Video Converter
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromendagames.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[j11syqoo.default-1399081118986\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v40.0.2214.91

[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_39_ie&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0FyC0FyB0E0EtCtByE0FtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyBtCyEtDzy0A0BtGtBtAyBzytG0B0AyE0AtGyBtAyD0FtGyBtByCtD0AtDtDtDtAyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyE0AyDtAtGtA0FyCzytGyEyC0A0DtG0ByEtD0EtG0BtDtDzztD0AyCtDyB0B0EtD2Q&cr=710996435&ir=

-\\ Chromium v

[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_39_ie&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0D0FyC0FyB0E0EtCtByE0FtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyBtCyEtDzy0A0BtGtBtAyBzytG0B0AyE0AtGyBtAyD0FtGyBtByCtD0AtDtDtDtAyE0D0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0DzyyE0AyDtAtGtA0FyCzytGyEyC0A0DtG0ByEtD0EtG0BtDtDzztD0AyCtDyB0B0EtD2Q&cr=710996435&ir=

*************************

AdwCleaner[R0].txt - [77204 octets] - [18/11/2013 22:02:53]
AdwCleaner[R1].txt - [4394 octets] - [02/05/2014 12:04:50]
AdwCleaner[R2].txt - [4504 octets] - [22/01/2015 15:12:19]
AdwCleaner[S0].txt - [73204 octets] - [18/11/2013 22:05:17]
AdwCleaner[S1].txt - [4334 octets] - [02/05/2014 12:07:05]
AdwCleaner[S2].txt - [5074 octets] - [22/01/2015 15:16:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5134 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Greg (administrator) on GREG-PC on 22-01-2015 17:11:49
Running from C:\Users\Greg\Favorites\Desktop
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\MountPoints2: {f0aaaf4d-4413-11e3-acf9-88ae1df6f7ee} - D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://start.google....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.google....q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {018BDDFB-579A-460B-8136-D9F6295FD622} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {18790A84-9C6D-45D9-A1D3-70AAC3407F6A} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {18790A84-9C6D-45D9-A1D3-70AAC3407F6A} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {018BDDFB-579A-460B-8136-D9F6295FD622} URL =
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://eg.remoteacc...SetupClient.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchUrl: https://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: mail.com MailCheck - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\[email protected] [2014-12-23]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-02]
FF HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-23]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/", "www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-01-20] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [612352 2010-04-08] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 15:29 - 2015-01-22 16:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 15:29 - 2015-01-22 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 15:29 - 2015-01-22 15:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-22 15:29 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-22 15:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-22 15:16 - 2015-01-22 15:16 - 02146688 _____ () C:\Users\Greg\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp
2015-01-22 15:06 - 2015-01-22 15:06 - 00004135 _____ () C:\Users\Greg\Desktop\JRT.txt
2015-01-22 14:35 - 2015-01-22 14:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-21 17:02 - 2015-01-21 17:03 - 00264704 _____ () C:\Users\Greg\Documents\auto maintenance costs- 2015.xls
2015-01-20 09:43 - 2015-01-22 17:11 - 00000000 ____D () C:\FRST
2015-01-19 14:02 - 2015-01-19 14:02 - 00000000 ____D () C:\1-Video stills from VHS conversions
2015-01-19 13:26 - 2015-01-19 13:26 - 00000000 ____D () C:\Users\Greg\AppData\Local\{80639CF9-D713-4A9F-9629-CB6AD614E769}
2015-01-16 15:02 - 2015-01-16 15:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 12:10 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 23:34 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 23:34 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 23:34 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 23:34 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 23:34 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 23:33 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 23:33 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 23:33 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 23:33 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 23:33 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 23:33 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 23:33 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-03 00:46 - 2015-01-20 21:50 - 00856576 _____ () C:\Users\Greg\Documents\daily_ benefits_training_2015.xls
2015-01-02 19:29 - 2015-01-02 19:29 - 00009308 _____ () C:\Users\Greg\Documents\Cholesterol-Blood work.xlsx
2014-12-23 22:11 - 2014-12-23 22:11 - 00001507 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-12-23 22:11 - 2014-12-23 22:11 - 00001214 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-12-23 22:11 - 2014-12-23 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-23 22:10 - 2014-12-23 22:11 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-12-23 22:10 - 2014-12-23 22:10 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2014-12-23 22:09 - 2014-12-23 22:11 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\DVDVideoSoft
2014-12-23 21:26 - 2014-12-23 21:26 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 16:51 - 2010-10-27 14:56 - 01217967 _____ () C:\windows\WindowsUpdate.log
2015-01-22 16:37 - 2010-08-09 23:28 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 16:28 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 16:28 - 2009-07-13 23:45 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 16:27 - 2014-03-15 10:46 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 16:27 - 2014-03-15 10:46 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 16:27 - 2014-03-15 10:46 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-22 16:27 - 2014-03-15 10:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 16:21 - 2010-08-09 23:28 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 16:20 - 2012-10-29 13:27 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2015-01-22 16:20 - 2010-08-09 23:33 - 00666096 _____ () C:\windows\PFRO.log
2015-01-22 16:20 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-22 16:20 - 2009-07-13 23:51 - 00179984 _____ () C:\windows\setupact.log
2015-01-22 16:19 - 2014-04-06 09:27 - 00000000 ____D () C:\Users\Greg\AppData\Local\com
2015-01-22 15:29 - 2013-11-22 13:07 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 15:29 - 2011-01-14 17:19 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Malwarebytes
2015-01-22 15:29 - 2011-01-14 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 15:29 - 2011-01-14 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-22 15:20 - 2011-03-26 09:44 - 94106112 _____ () C:\Users\Greg\Documents\Miller_restore_4_2.FBK
2015-01-22 15:20 - 2011-03-26 09:18 - 94106112 _____ () C:\Users\Greg\Documents\Miller_restore_4_2.FTW
2015-01-22 15:20 - 2011-01-12 22:21 - 00000000 ____D () C:\Users\Greg\AppData\Local\VirtualStore
2015-01-22 15:16 - 2013-11-18 22:01 - 00000000 ____D () C:\AdwCleaner
2015-01-22 15:00 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2015-01-22 14:01 - 2011-01-12 20:06 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\SoftGrid Client
2015-01-22 13:47 - 2014-03-21 14:37 - 00004184 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-01-21 23:26 - 2011-03-21 14:12 - 00000000 ____D () C:\Users\Greg\Documents\Website Files
2015-01-21 18:09 - 2011-04-16 11:56 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8E236068-3AF5-4A97-8CCA-5767EA1CC28F}
2015-01-21 17:02 - 2014-05-23 11:47 - 00264704 _____ () C:\Users\Greg\Documents\auto maintenance costs- 2014.xls
2015-01-21 14:04 - 2009-07-14 00:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-19 13:26 - 2011-01-28 17:25 - 00000000 ____D () C:\Users\Greg\AppData\Local\Windows Live
2015-01-16 21:06 - 2013-11-02 07:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 12:18 - 2013-08-17 14:26 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 12:03 - 2011-01-28 22:14 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 12:10 - 2013-11-17 12:36 - 00000000 ____D () C:\Hockey video
2015-01-09 22:39 - 2011-01-12 22:24 - 00089312 _____ () C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 13:27 - 2011-09-27 15:57 - 00000000 ____D () C:\Users\Greg\Documents\Fastnacht League - Master  file
2015-01-09 12:04 - 2009-07-14 00:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-09 07:26 - 2014-06-28 07:47 - 00070144 _____ () C:\Users\Greg\Documents\401K.xls
2015-01-06 04:36 - 2011-01-12 20:07 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-02 18:08 - 2014-10-26 20:22 - 00000000 ____D () C:\Users\Greg\Documents\BC Hockey
2015-01-02 12:35 - 2011-09-19 12:54 - 00000000 ____D () C:\Users\Greg\Documents\Yankees

==================== Files in the root of some directories =======
2013-03-01 23:06 - 2013-03-01 23:06 - 0836132 _____ () C:\Program Files (x86)\Memorex Users Guide.pdf
2012-07-25 15:23 - 2012-07-25 15:23 - 0000697 _____ () C:\Users\Greg\AppData\Roaming\ConvAPIPlugin.log
2012-01-16 09:10 - 2014-09-01 05:47 - 0002576 _____ () C:\Users\Greg\AppData\Roaming\mainhst.zgh
2013-08-25 21:57 - 2013-08-25 21:57 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\pdfperformer
2013-07-27 10:50 - 2013-09-10 20:53 - 0000094 _____ () C:\Users\Greg\AppData\Roaming\WB.CFG
2013-06-24 17:50 - 2013-06-24 17:50 - 0000005 _____ () C:\Users\Greg\AppData\Roaming\WBPU-TTL.DAT
2011-03-04 23:01 - 2014-03-16 20:58 - 0006144 _____ () C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-22 15:16 - 2015-01-22 15:16 - 2146688 _____ () C:\Users\Greg\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_settings.cp.temp
2011-05-19 07:25 - 2011-05-19 07:25 - 0000000 _____ () C:\Users\Greg\AppData\Local\{2C9E5785-B563-401C-811E-7DF9823306A2}
2014-03-14 15:27 - 2014-03-14 15:27 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-07-24 19:49 - 2013-11-24 11:37 - 0010159 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Greg\address.dat
C:\Users\Greg\wlsetup-web.exe
C:\Users\Greg\xobglu16.dll
C:\Users\Greg\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Greg\AppData\Local\Temp\Quarantine.exe
C:\Users\Greg\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 12:56

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Greg at 2015-01-22 17:12:41
Running from C:\Users\Greg\Favorites\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 3.5.13.64 - ArcSoft)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audacity Recovery Utility (HKLM-x32\...\AURC_is1) (Version:  - Markus Meyer)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
Driver Install 64-Bit (x32 Version: 6.0.107.0 - China) Hidden
Dyyno Broadcaster (HKLM-x32\...\Dyyno Broadcaster) (Version:  - Dyyno, Inc.)
EzGrabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - )
Family Tree Maker 9.0 (HKLM-x32\...\Family Tree Maker) (Version:  - )
FastFixPRO (x32 Version: 2.4.7 - FixSoftUSA) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GIMP (HKLM-x32\...\{46BBA993-5554-42E7-8042-E760D92A580A}) (Version: 2.6.11 - Spencer Kimball)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B03 - )
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}) (Version: 10.5.2.11 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.42.3 - JMicron Technology Corp.)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Juniper_Setup_Client) (Version: 7.1.3.11013 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Juniper_Term_Services) (Version: 7.1.0.18671 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Snipping Tool 3.0 (HKLM\...\PDF Snipping Tool_is1) (Version: 3.0 - Authorsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicPick (HKLM-x32\...\PicPick) (Version: 3.0.4 - Wiziple software)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
QuotePad 2.2 (HKLM-x32\...\QuotePad_is1) (Version: 2.2 - QuotePad.info)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Spotify (HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Spotify) (Version: 0.8.1.64.g5c5914e3 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Toshiba Book Place (HKLM-x32\...\{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}) (Version: 2.0.3977.0 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.5.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.24 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.3 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-01-2015 07:18:17 Windows Update
14-01-2015 23:33:23 Windows Update
16-01-2015 12:00:29 Windows Update
17-01-2015 00:46:05 Windows Update
20-01-2015 09:04:48 Windows Update
22-01-2015 14:37:15 Revo Uninstaller's restore point - Search App by Ask
22-01-2015 14:53:54 Revo Uninstaller's restore point - FoxTab FLV Player

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-08-24 16:14 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {021F0272-9BA7-44AD-A03B-3DE28C5F458A} - System32\Tasks\FastFix_Popup => C:\Program Files (x86)\FastFixPRO\Splash.exe
Task: {03DE061C-97D1-4B9E-811B-C723EBBA2CDD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {0C7FEB72-3B59-47AD-8F0B-A044EFDF191A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1E50C9B8-F429-45DF-8F01-FF28471CDE25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {50A9CFDB-E00A-46AB-AC03-F7E246A941BA} - System32\Tasks\{39A71475-FB64-4AAC-8714-F36A2290E52C} => pcalua.exe -a "E:\Diamond Multimedia\Driver\setup.exe" -d "E:\Diamond Multimedia\Driver"
Task: {6D63228D-B419-420A-AE8E-8E786DE0EB03} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {830C1BC9-8032-4F46-98A2-60034217377E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {90D638E1-B414-4EE3-B1E1-78A56CF4D18B} - System32\Tasks\{EC75D4F0-2035-469E-8B71-E2C00CEFAA88} => pcalua.exe -a C:\Users\Greg\Favorites\Desktop\Cleanup.exe -d C:\Users\Greg\Favorites\Desktop
Task: {A8520527-4F07-4B29-B415-B70A5A26C10B} - System32\Tasks\{5124F67A-F0A4-49AE-AC86-45D37D9E3383} => pcalua.exe -a "C:\PALMIII (D)\Instapp.exe" -d "C:\PALMIII (D)"
Task: {B708452C-7E32-4E18-8F71-1074817616D5} - System32\Tasks\FastFix_Start => C:\Program Files (x86)\FastFixPRO\FastFix.exe
Task: {C1B904B7-37AC-4C29-89EA-34654B3C9FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ECCFC06C-D175-4BC9-983C-FA8FA10B38CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-25 21:48 - 2011-10-04 21:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll
2011-01-20 16:06 - 2011-01-20 16:06 - 00415072 _____ () C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-22 15:19 - 2015-01-22 15:19 - 02913280 _____ () C:\Program Files\Alwil Software\Avast5\defs\15012202\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-26 07:43 - 2014-11-26 07:43 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-01-16 15:02 - 2015-01-16 15:02 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^QuotePad.lnk => C:\windows\pss\QuotePad.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BrowserSafeguard => C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
MSCONFIG\startupreg: ConduitFloatingPlugin_knllpfimimccdfnihbikigiagifmllol => "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3279415\plugins\TBVerifier.dll",RunConduitFloatingPlugin knllpfimimccdfnihbikigiagifmllol
MSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Greg\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-2497666269-2284711120-3944443307-500 - Administrator - Disabled)
Greg (S-1-5-21-2497666269-2284711120-3944443307-1000 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-2497666269-2284711120-3944443307-501 - Limited - Enabled) => C:\Users\TEMP.Greg-PC

==================== Faulty Device Manager Devices =============

Name: Officejet 6600
Description: Officejet 6600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 4300
Description: hp LaserJet 4300
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/22/2015 04:23:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1058

Error: (01/22/2015 04:21:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/22/2015 03:25:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/22/2015 03:22:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1058

Error: (01/22/2015 03:19:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/22/2015 03:17:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (01/22/2015 03:17:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/22/2015 03:17:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (01/22/2015 03:17:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/22/2015 03:16:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU U5400 @ 1.20GHz
Percentage of memory in use: 43%
Total physical RAM: 3890.67 MB
Available physical RAM: 2183.08 MB
Total Pagefile: 7779.53 MB
Available Pagefile: 5964.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI105974W0B) (Fixed) (Total:287.4 GB) (Free:39.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: A06DF6C6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.2 GB) - (Type=17)

==================== End Of Log ============================

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/22/2015
Scan Time: 3:31:39 PM
Logfile: anti-malware scan text.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Greg

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432271
Time Elapsed: 31 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [89c8bd3a5b2edf5729affaf6c73b1ce4],
PUP.Optional.StartNow.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [ba973dbadaaf9a9cdf273fb3a85a1be5],
PUP.Optional.StartNow.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [ba973dbadaaf9a9cdf273fb3a85a1be5],
PUP.Optional.WeCare.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [a8a95c9ba5e4b87ef4a0f8319e651ce4],
PUP.Optional.WeCare.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [a8a95c9ba5e4b87ef4a0f8319e651ce4],
PUP.Optional.Yontoo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [ce83e7106524350137c7fdf499696b95],
PUP.Optional.Yontoo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [ce83e7106524350137c7fdf499696b95],
PUP.Optional.PriceGong.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [dd746b8c3752dd59d7dd344ca360e61a],

Registry Values: 4
PUP.Optional.VGrabber.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}, Quarantined, [ca8712e5e4a55bdbe28a1dd27e847a86],
PUP.Optional.VGrabber.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}, ¯í² rÃ?FÂÂ`"&õÃ?Ÿ, Quarantined, [ca8712e5e4a55bdbe28a1dd27e847a86]
PUP.Optional.VGrabber.A, HKU\S-1-5-21-2497666269-2284711120-3944443307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}, ¯í² rÃ?FÂÂ`"&õÃ?Ÿ, Quarantined, [ca8712e5e4a55bdbe28a1dd27e847a86]
PUP.Optional.VGrabber.A, HKU\S-1-5-21-2497666269-2284711120-3944443307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}, Quarantined, [a7aa33c41178f83ea1cb658aa75bcb35],

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.MindSpark.A, C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\BringMeSports_1c, Quarantined, [331e2ec981088bab1ea74afd7192b050],
PUP.Optional.ConnectDLC.A, C:\Users\Greg\AppData\LocalLow\Connect_DLC_5, Quarantined, [4809ee09f693b3834d3395cf7093738d],
PUP.Optional.ConnectDLC.A, C:\Users\Greg\AppData\LocalLow\Connect_DLC_5\Logs, Quarantined, [4809ee09f693b3834d3395cf7093738d],
PUP.Optional.NewPlayer.A, C:\Users\Greg\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, Quarantined, [c78a77802762d75fede8611137cc06fa],
PUP.Optional.NewPlayer.A, C:\Users\Greg\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.4, Quarantined, [c78a77802762d75fede8611137cc06fa],

Files: 2
PUP.Optional.Wajam.A, C:\Users\Greg\Favorites\Desktop\Unused Desktop\wajam_download.exe, Quarantined, [074a92656029e94d2d269ea907f946ba],
PUP.Optional.NewPlayer.A, C:\Users\Greg\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.4\user.config, Quarantined, [c78a77802762d75fede8611137cc06fa],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#8
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Greg, 
 

I may not be able to respond to your reply until possiby Sunday January 25th.

That's quite alright. 
 
Please do the following. Let me know how the computer is performing after completing the steps below. 
Are there any outstanding issues?
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\MountPoints2: {f0aaaf4d-4413-11e3-acf9-88ae1df6f7ee} - D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {018BDDFB-579A-460B-8136-D9F6295FD622} URL =
    Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
    FF Extension: mail.com MailCheck - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\[email protected] [2014-12-23]
    CHR HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserSafeguard" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_knllpfimimccdfnihbikigiagifmllol" /f
    C:\Program Files (x86)\Conduit
    C:\Program Files (x86)\Browsersafeguard
    2015-01-22 16:19 - 2014-04-06 09:27 - 00000000 ____D () C:\Users\Greg\AppData\Local\com
    2013-08-25 21:57 - 2013-08-25 21:57 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\pdfperformer
    FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
    FastFixPRO (x32 Version: 2.4.7 - FixSoftUSA) Hidden
    Folder: C:\Users\Greg\AppData\Local\{80639CF9-D713-4A9F-9629-CB6AD614E769}
    Folder: C:\Users\Greg\AppData\Local\{2C9E5785-B563-401C-811E-7DF9823306A2}
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
6JO0hXH.png Revo Uninstaller

  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • FastFixPRO
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
  • Note: If the programme does not appear in Revo, please do the following:
    • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6qQ4Gs + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for FastFixPROright-click and click Uninstall.
    • Follow the prompts, and Reboot if necessary.
       

STEP 3
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the programme uninstall OK?
  • RKreport.txt
  • ESET Online Scan log

  • 0

#9
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I tried to do the next steps but it is taking me longer that I expected. I have everything done except the ESET Online Scanner.

 

It's at 46% and it's taken 2:23 so far.

 

I have work tomorrow and it's 10:30 and have to get up at 4:45 AM tomorrow. So I'll leave this running overnight. Tomorrow when I return from work, I'll get together the reports and post them (and answer that question) whether I detect any issues.

 

Sop, figure within 24 hours from now I should have this completed.


  • 0

#10
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Greg at 2015-01-25 18:43:40 Run:1
Running from C:\Users\Greg\Favorites\Desktop
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

start
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\MountPoints2: {f0aaaf4d-4413-11e3-acf9-88ae1df6f7ee} - D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B03 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
SearchScopes: HKU\S-1-5-21-2497666269-2284711120-3944443307-1000 -> {018BDDFB-579A-460B-8136-D9F6295FD622} URL =
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
FF Extension: mail.com MailCheck - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\[email protected] [2014-12-23]
CHR HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [knlnhgoppkofgoieelflgbbicoganofl] - C:\Users\Greg\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx [Not Found]
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserSafeguard" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_knllpfimimccdfnihbikigiagifmllol" /f
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Browsersafeguard
2015-01-22 16:19 - 2014-04-06 09:27 - 00000000 ____D () C:\Users\Greg\AppData\Local\com
2013-08-25 21:57 - 2013-08-25 21:57 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\pdfperformer
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FastFixPRO (x32 Version: 2.4.7 - FixSoftUSA) Hidden
Folder: C:\Users\Greg\AppData\Local\{80639CF9-D713-4A9F-9629-CB6AD614E769}
Folder: C:\Users\Greg\AppData\Local\{2C9E5785-B563-401C-811E-7DF9823306A2}
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0aaaf4d-4413-11e3-acf9-88ae1df6f7ee}" => Key deleted successfully.
HKCR\CLSID\{f0aaaf4d-4413-11e3-acf9-88ae1df6f7ee} => Key not found.
"HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{018BDDFB-579A-460B-8136-D9F6295FD622}" => Key deleted successfully.
HKCR\CLSID\{018BDDFB-579A-460B-8136-D9F6295FD622} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\j11syqoo.default-1399081118986\Extensions\[email protected] => Moved successfully.
"HKU\S-1-5-21-2497666269-2284711120-3944443307-1000\SOFTWARE\Google\Chrome\Extensions\knlnhgoppkofgoieelflgbbicoganofl" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\knlnhgoppkofgoieelflgbbicoganofl" => Key deleted successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserSafeguard" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_knllpfimimccdfnihbikigiagifmllol" /f =========

The operation completed successfully.



========= End of Reg: =========

"C:\Program Files (x86)\Conduit" => File/Directory not found.
"C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.
C:\Users\Greg\AppData\Local\com => Moved successfully.
C:\Users\Greg\AppData\Roaming\pdfperformer => Moved successfully.
Firefox newtab deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{368E536A-B4CD-4230-8088-CA4F291A3CD6}\\SystemComponent => value deleted successfully.

========================= Folder: C:\Users\Greg\AppData\Local\{80639CF9-D713-4A9F-9629-CB6AD614E769} ========================


====== End of Folder: ======


========================= Folder: C:\Users\Greg\AppData\Local\{2C9E5785-B563-401C-811E-7DF9823306A2} ========================

The path is not a directory.

=========  ipconfig /flushdns =========


========= End of CMD: =========

EmptyTemp: => Removed 766.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:45:32 ====

 

the program did uninstall okay

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Greg [Administrator]
Mode : Scan -- Date : 01/25/2015  19:15:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://start.google....308D6CZ35UMX&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2497666269-2284711120-3944443307-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 167.206.245.135 167.206.245.136 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 167.206.245.135 167.206.245.136 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 167.206.245.135 167.206.245.136 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C4672E8-063B-4084-B817-26F13F07C666} | DhcpNameServer : 167.206.245.135 167.206.245.136 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3C4672E8-063B-4084-B817-26F13F07C666} | DhcpNameServer : 167.206.245.135 167.206.245.136 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3C4672E8-063B-4084-B817-26F13F07C666} | DhcpNameServer : 167.206.245.135 167.206.245.136 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 74 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7010a (jmp 0xffffffff88e6d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7010a (jmp 0xffffffff88e6ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7010a (jmp 0xffffffff88e6ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7010a (jmp 0xffffffff88e6eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7010a (jmp 0xffffffff88e6e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7010a (jmp 0xffffffff88e6ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7010a (jmp 0xffffffff88e6ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7010a (jmp 0xffffffff88e6e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7010a (jmp 0xffffffff88e6dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7010a (jmp 0xffffffff88e6ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7010a (jmp 0xffffffff88e6ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7010a (jmp 0xffffffff88e6e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7010a (jmp 0xffffffff88e6f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7010a (jmp 0xffffffff88e6e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7010a (jmp 0xffffffff88e6ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7010a (jmp 0xffffffff88e6e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7010a (jmp 0xffffffff88e6e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7010a (jmp 0xffffffff88e6e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7010a (jmp 0xffffffff88e6e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7010a (jmp 0xffffffff88e6e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7010a (jmp 0xffffffff88e6e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7010a (jmp 0xffffffff88e6e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7010a (jmp 0xffffffff88e6ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7010a (jmp 0xffffffff88e6e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7010a (jmp 0xffffffff88e6d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7010a (jmp 0xffffffff88e6e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7010a (jmp 0xffffffff88e6de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7010a (jmp 0xffffffff88e6d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7010a (jmp 0xffffffff88e6e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7010a (jmp 0xffffffff88e6e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateSection : Unknown @ 0xd010a (jmp 0xffffffff88ecebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtTerminateThread : Unknown @ 0xd010a (jmp 0xffffffff88ecec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueryObject : Unknown @ 0xd010a (jmp 0xffffffff88ecf0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenProcess : Unknown @ 0xd010a (jmp 0xffffffff88ecee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenThread : Unknown @ 0xd010a (jmp 0xffffffff88ece0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xd010a (jmp 0xffffffff88eced60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0xd010a (jmp 0xffffffff88ecee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xd010a (jmp 0xffffffff88ece6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateThread : Unknown @ 0xd010a (jmp 0xffffffff88ecec30|jmp 0xfffffffffffffc39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSuspendThread : Unknown @ 0xd010a (jmp 0xffffffff88ecd9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xd010a (jmp 0xffffffff88ecdc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetBootOptions : Unknown @ 0xd010a (jmp 0xffffffff88ecdaa0|jmp 0xfffffffffffffd89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenTimer : Unknown @ 0xd010a (jmp 0xffffffff88ece070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0xd010a (jmp 0xffffffff88ece300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSuspendProcess : Unknown @ 0xd010a (jmp 0xffffffff88ecd9a0|jmp 0xfffffffffffffbd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateTimer : Unknown @ 0xd010a (jmp 0xffffffff88ece5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0xd010a (jmp 0xffffffff88ecd850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0xd010a (jmp 0xffffffff88ece730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtModifyBootEntry : Unknown @ 0xd010a (jmp 0xffffffff88ece0f0|jmp 0xfffffffffffffda9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenMutant : Unknown @ 0xd010a (jmp 0xffffffff88ece060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetSystemPowerState : Unknown @ 0xd010a (jmp 0xffffffff88ecd860|jmp 0xfffffffffffffde9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtReplyWaitReceivePortEx : Unknown @ 0xd010a (jmp 0xffffffff88ecef10|jmp 0xfffffffffffffb89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtShutdownSystem : Unknown @ 0xd010a (jmp 0xffffffff88ecd7e0|jmp 0xfffffffffffffdf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenIoCompletion : Unknown @ 0xd010a (jmp 0xffffffff88ece180|jmp 0xfffffffffffffc99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAddBootEntry : Unknown @ 0xd010a (jmp 0xffffffff88ece8f0|jmp 0xfffffffffffffdc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtReplyWaitReceivePort : Unknown @ 0xd010a (jmp 0xffffffff88ecf100|jmp 0xfffffffffffffb99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDeleteBootEntry : Unknown @ 0xd010a (jmp 0xffffffff88ece460|jmp 0xfffffffffffffdb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSetBootEntryOrder : Unknown @ 0xd010a (jmp 0xffffffff88ecdaa0|jmp 0xfffffffffffffd99|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenSection : Unknown @ 0xd010a (jmp 0xffffffff88eced00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDebugActiveProcess : Unknown @ 0xd010a (jmp 0xffffffff88ece660|jmp 0xfffffffffffffbe9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0xd010a (jmp 0xffffffff88ece870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenEvent : Unknown @ 0xd010a (jmp 0xffffffff88ecec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0xd010a (jmp 0xffffffff88ece980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0xd010a (jmp 0xffffffff88ece300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0xd010a (jmp 0xffffffff88ece130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateEvent : Unknown @ 0xd010a (jmp 0xffffffff88eceba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0xd010a (jmp 0xffffffff88ece5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtSystemDebugControl : Unknown @ 0xd010a (jmp 0xffffffff88ecd780|jmp 0xfffffffffffffdd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateMutant : Unknown @ 0xd010a (jmp 0xffffffff88ece610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtLoadDriver : Unknown @ 0xd010a (jmp 0xffffffff88ece140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtCreateEventPair : Unknown @ 0xd010a (jmp 0xffffffff88ece6e0|jmp 0xfffffffffffffd09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0xd010a (jmp 0xffffffff88ecde80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0xd010a (jmp 0xffffffff88eced20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0xd010a (jmp 0xffffffff88ece030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] j11syqoo.default-1399081118986 : user_pref("browser.startup.homepage", "www.google.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 4d9c3184d2e42971548142c49e755fc5
[BSP] 2614be32c5bef609d193cbd8a264fb72 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 294297 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 605794304 | Size: 9447 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3279415\plugins\TBVerifier.dll.vir    Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir    a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3306061\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe.vir    a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.0.588_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.0.588_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.0.588_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.0.588_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.0.588_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.0.588_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.5.510_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.5.510_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.5.510_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\knllpfimimccdfnihbikigiagifmllol\10.22.0.588_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\knllpfimimccdfnihbikigiagifmllol\10.22.0.588_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\knllpfimimccdfnihbikigiagifmllol\10.22.0.588_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\knllpfimimccdfnihbikigiagifmllol\10.22.5.510_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\knllpfimimccdfnihbikigiagifmllol\10.22.5.510_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\knllpfimimccdfnihbikigiagifmllol\10.22.5.510_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.0.588_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.0.588_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.0.588_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\nativeMessaging\TBMessagingHost.exe.vir    a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins\ConduitChromeApiPlugin.dll.vir    a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\TBHostSupport\TBHostSupport.dll.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Temp\CT3306061\CT3306061.xpi.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Temp\CT3316071\CT3316071.xpi.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Temp\CT3316071\stub.exe.vir    Win32/Toolbar.Conduit.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Local\Temp\NativeMessaging\CT3306061.crx.vir    a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{5373a31d-9410-45e2-b299-4f61428f0be4}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{707dca12-3f99-4d94-afea-06dcc0ae0108}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\m97hgovy.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Plugins\npConduitFirefoxPlugin.dll.vir    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\back.js.vir    JS/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js.vir    JS/Adware.Yontoo.A application
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application
C:\Program Files (x86)\PDFCreator\message.exe    a variant of Win32/InstallCore.A potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\cbsidlm-tr1_5-Video_Game_Design_Pro-10759739.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\cnet2_elecpb185_zip.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\FreeYouTubeToMP3Converter(1).exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(1).exe    a variant of Win32/InstallCore.OZ potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(2).exe    a variant of Win32/InstallCore.OZ potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup.exe    a variant of Win32/InstallCore.OZ potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\picpick_inst.exe    Win32/InstallMonetizer.AN potentially unwanted application
C:\Users\Greg\Documents\Saved Games\Downloads\Radio_1_12.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Greg\Documents\Untitled Page_files\html_comp.htm    Win32/PriceGong.B potentially unwanted application
C:\Users\Greg\Favorites\Desktop\Online sites\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Greg\Favorites\Desktop\Unused Desktop\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Greg\Favorites\Desktop\Unused Desktop\picpick_inst.exe    Win32/InstallMonetizer.AN potentially unwanted application
C:\Users\Greg\Favorites\Desktop\Unused Desktop\UBCD4WinV350.exe    Win32/PrcView potentially unsafe application
C:\White transfer until reformatted\Desktop\Unused Desktop\UBCD4WinV350.exe    Win32/PrcView potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber\ldrtbVgr2.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber\ldrtbVgra.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber\tbVgr0.dll    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber\tbVgr1.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber\tbVgr2.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber\ldrtbVgr2.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber\ldrtbVgra.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber\tbVgr0.dll    a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber\tbVgr1.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber\tbVgr2.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll    a variant of Win32/PriceGong.A potentially unwanted application
 


  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Greg, 
 
Please run this script and let me know how the computer is performing. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\Users\Greg\Documents\Saved Games\Downloads\cbsidlm-tr1_5-Video_Game_Design_Pro-10759739.exe
    C:\Users\Greg\Documents\Saved Games\Downloads\cnet2_elecpb185_zip.exe
    C:\Users\Greg\Documents\Saved Games\Downloads\FreeYouTubeToMP3Converter(1).exe
    C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(1).exe
    C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(2).exe
    C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup.exe
    C:\Users\Greg\Documents\Saved Games\Downloads\picpick_inst.exe
    C:\Users\Greg\Documents\Saved Games\Downloads\Radio_1_12.exe
    C:\Users\Greg\Documents\Untitled Page_files\html_comp.htm  
    C:\Users\Greg\Favorites\Desktop\Online sites\vlcmediaplayer-setup.exe
    C:\Users\Greg\Favorites\Desktop\Unused Desktop\ApnToolbarInstaller.exe
    C:\Users\Greg\Favorites\Desktop\Unused Desktop\picpick_inst.exe
    C:\Users\Greg\Favorites\Desktop\Unused Desktop\UBCD4WinV350.exe
    C:\White transfer until reformatted\Desktop\Unused Desktop\UBCD4WinV350.exe
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

  • 0

#12
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Greg at 2015-01-26 19:46:57 Run:2
Running from C:\Users\Greg\Favorites\Desktop
Loaded Profiles: Greg (Available profiles: Greg & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Greg\Documents\Saved Games\Downloads\cbsidlm-tr1_5-Video_Game_Design_Pro-10759739.exe
C:\Users\Greg\Documents\Saved Games\Downloads\cnet2_elecpb185_zip.exe
C:\Users\Greg\Documents\Saved Games\Downloads\FreeYouTubeToMP3Converter(1).exe
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(1).exe
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(2).exe
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup.exe
C:\Users\Greg\Documents\Saved Games\Downloads\picpick_inst.exe
C:\Users\Greg\Documents\Saved Games\Downloads\Radio_1_12.exe
C:\Users\Greg\Documents\Untitled Page_files\html_comp.htm  
C:\Users\Greg\Favorites\Desktop\Online sites\vlcmediaplayer-setup.exe
C:\Users\Greg\Favorites\Desktop\Unused Desktop\ApnToolbarInstaller.exe
C:\Users\Greg\Favorites\Desktop\Unused Desktop\picpick_inst.exe
C:\Users\Greg\Favorites\Desktop\Unused Desktop\UBCD4WinV350.exe
C:\White transfer until reformatted\Desktop\Unused Desktop\UBCD4WinV350.exe
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber
EmptyTemp:
end
*****************

C:\Users\Greg\Documents\Saved Games\Downloads\cbsidlm-tr1_5-Video_Game_Design_Pro-10759739.exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\cnet2_elecpb185_zip.exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\FreeYouTubeToMP3Converter(1).exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(1).exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup(2).exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\IE11_Setup.exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\picpick_inst.exe => Moved successfully.
C:\Users\Greg\Documents\Saved Games\Downloads\Radio_1_12.exe => Moved successfully.
C:\Users\Greg\Documents\Untitled Page_files\html_comp.htm => Moved successfully.
C:\Users\Greg\Favorites\Desktop\Online sites\vlcmediaplayer-setup.exe => Moved successfully.
C:\Users\Greg\Favorites\Desktop\Unused Desktop\ApnToolbarInstaller.exe => Moved successfully.
C:\Users\Greg\Favorites\Desktop\Unused Desktop\picpick_inst.exe => Moved successfully.
C:\Users\Greg\Favorites\Desktop\Unused Desktop\UBCD4WinV350.exe => Moved successfully.
C:\White transfer until reformatted\Desktop\Unused Desktop\UBCD4WinV350.exe => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\LocalLow\Vgrabber" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Vgrabber => Moved successfully.
EmptyTemp: => Removed 50.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:47:12 ====

 

 

The problem I originally had is gone. This looks like it fixed everything.

 

Let me know what you think and thanks.


  • 0

#13
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Greg, 
 

The problem I originally had is gone. This looks like it fixed everything.

Excellent. 
 
Please run the following programme so I can check your vulnerable software. 
 
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.

  • 0

#14
GregMiller

GregMiller

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.91)
 Google Chrome (40.0.2214.93)
 Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


  • 0

#15
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Greg, 
 
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
  • Note: Ensure you decline offers of additional software if applicable.
    •  Java 7 Update 71  
  • Follow the prompts.
  • Reboot if necessary.
     

----------------
 
Now for the good news. 
 
All Clean!
Congratulations, your computer appears clean! :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Geeks to Go.
 
Safe Surfing. thumbup.gif
Adam


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP