Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Netbook running slow, possibly infected [Closed] [Solved]

Started by butterrice , Apr 04 2015 06:17 AM
running slow not responding stalls

  • This topic is locked This topic is locked

#1
butterrice
Posted 04 April 2015 - 06:17 AM

butterrice

    Member

  • Member
  • PipPipPip
  • 403 posts

My HP Netbook frequently stalls or a prompt states that it's running slow and it has difficulty loading pages.  the following is the logs requested. 

 

FRST LOG

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Bea (administrator) on BEA-PC on 04-04-2015 08:05:03
Running from C:\Users\Bea\Desktop
Loaded Profiles: Bea (Available profiles: Bea & reba jo)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP72&dt=061813
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE10ENUS/MSN_WCP
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1939556421-1720677683-651779200-1000 -> {1A739775-86FE-43E3-9677-CF6304FE9E07} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} ->  No File
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKU\S-1-5-21-1939556421-1720677683-651779200-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default
FF Homepage: hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_35.0.1.5500&apn_uid=310B2DC3-7310-46DF-823C-52D7186F3CE6&itbv=12.24.1.51&doi=2015-03-03&psv=&pt=tb
FF SelectedSearchEngine: 
FF DefaultSearchEngine: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-03] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-03] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\user.js [2013-08-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-02-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-08-31] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2013-04-10]
FF Extension: WOT - C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-07]
FF Extension: Bitdefender QuickScan - C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.0.0.2\avg.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-10] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-05] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-04-10] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 08:05 - 2015-04-04 08:07 - 00014189 _____ () C:\Users\Bea\Desktop\FRST.txt
2015-04-04 08:02 - 2015-04-04 08:05 - 00000000 ____D () C:\FRST
2015-04-04 08:00 - 2015-04-04 07:59 - 02095616 _____ (Farbar) C:\Users\Bea\Desktop\FRST64.exe
2015-04-04 08:00 - 2015-04-04 07:59 - 02095616 _____ (Farbar) C:\Users\Bea\Desktop\FRST64 (2).exe
2015-04-04 07:59 - 2015-04-04 07:59 - 02095616 _____ (Farbar) C:\Users\Bea\Downloads\FRST64.exe
2015-04-04 07:57 - 2015-04-04 07:58 - 01135104 _____ (Farbar) C:\Users\Bea\Downloads\FRST.exe
2015-04-04 00:18 - 2015-04-04 00:18 - 00000000 ____D () C:\Users\Bea\AppData\Local\Apple
2015-04-03 23:16 - 2015-04-03 23:16 - 00000000 ____D () C:\Users\reba jo\AppData\Local\CrashDumps
2015-03-26 02:40 - 2015-03-26 02:43 - 00002016 _____ () C:\Users\reba jo\AppData\Local\installer.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 07:48 - 2014-08-31 01:22 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-04-04 07:47 - 2014-02-04 21:43 - 00000000 ____D () C:\Users\Bea\AppData\Local\CrashDumps
2015-04-04 07:41 - 2013-09-23 16:34 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-04-04 07:38 - 2013-09-23 16:29 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-04 07:38 - 2013-06-11 21:07 - 01283634 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 07:37 - 2013-09-23 16:46 - 00000000 ____D () C:\Users\Bea\AppData\Local\Eastman_Kodak_Company
2015-04-04 07:25 - 2013-05-17 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 07:24 - 2013-10-08 13:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-04 07:21 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 07:21 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 07:16 - 2013-10-08 13:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 07:14 - 2015-02-01 18:27 - 00000168 _____ () C:\Windows\setupact.log
2015-04-04 07:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 07:13 - 2015-02-02 20:43 - 00001872 _____ () C:\Windows\PFRO.log
2015-04-04 01:00 - 2013-10-08 13:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 00:26 - 2014-08-31 02:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-04-04 00:16 - 2013-08-19 23:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-04 00:02 - 2013-06-21 02:54 - 00000000 ____D () C:\ProgramData\Apple
2015-04-03 23:20 - 2009-07-14 01:13 - 00782416 _____ () C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2014-06-25 23:24 - 2014-06-25 23:24 - 6010880 _____ () C:\Program Files (x86)\GUT48AA.tmp
2013-04-14 01:36 - 2013-04-14 01:36 - 0000218 _____ () C:\Users\Bea\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Bea\AppData\Local\Temp\APNSetup.exe
C:\Users\Bea\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Bea\AppData\Local\Temp\jre-8u31-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-11 13:54
 
==================== End Of Log ============================
 
 
ADDITION LOG:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Bea at 2015-04-04 08:09:12
Running from C:\Users\Bea\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
11-12-2014 01:14:12 Windows Update
15-12-2014 01:16:55 Windows Update
19-12-2014 00:31:02 Windows Update
29-12-2014 13:12:29 Windows Update
03-01-2015 22:46:17 Windows Update
11-01-2015 13:15:08 Windows Update
31-01-2015 15:51:33 Windows Update
24-02-2015 05:04:19 Windows Update
03-03-2015 12:20:37 Windows Update
03-04-2015 23:19:21 Windows Update
04-04-2015 07:39:50 Removed KODAK Cloud Software Connector.
04-04-2015 07:43:07 Removed QuickTime 7
04-04-2015 07:46:16 Removed QuickTime 7
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-05-17 23:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {5AE4881A-0D6E-420B-92D6-7C01634BCADA} - System32\Tasks\{A81CEAD6-8B72-4FA3-8155-BAA032AA27CD} => C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
Task: {5CC64E69-305E-4D35-8759-0B78A0D2BBEA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {8C2F33AE-7FDA-420B-B225-3629E94A5679} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E551F96-776C-48A0-9708-A8D65D8D0DB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-03] (Adobe Systems Incorporated)
Task: {B86946A4-3466-4F9B-AFB5-DEB19ED642A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {F2055D5F-DCAA-46F5-9C8E-DCEBF15681F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-04-10 22:23 - 2013-04-10 22:22 - 00990896 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
2014-07-30 19:34 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Bea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-30 19:34 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Bea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-04-04 00:54 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Bea\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
MSCONFIG\startupreg: Fitbit Service Monitor => C:\Program Files (x86)\Fitbit\fitbit-tray.exe
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_140299A73DDFBEE682C1057A74DE4DC2 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Bea\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1939556421-1720677683-651779200-500 - Administrator - Disabled)
Bea (S-1-5-21-1939556421-1720677683-651779200-1000 - Administrator - Enabled) => C:\Users\Bea
Guest (S-1-5-21-1939556421-1720677683-651779200-501 - Limited - Disabled)
reba jo (S-1-5-21-1939556421-1720677683-651779200-1001 - Administrator - Enabled) => C:\Users\reba jo
 
==================== Faulty Device Manager Devices =============
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: HP un2420 Mobile Broadband Module
Description: HP un2420 Mobile Broadband Module
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/04/2015 07:47:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x52d49206
Exception code: 0xc0000005
Fault offset: 0x70a8cd89
Faulting process id: 0xe54
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3
 
Error: (04/04/2015 07:41:22 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Bea-PC)
Description: Application or service 'Kodak Cloud Software Connector' could not be restarted.
 
Error: (04/04/2015 07:15:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 00:02:47 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Bea-PC)
Description: Application or service 'Apple Mobile Device' could not be restarted.
 
Error: (04/03/2015 11:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0xa0
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3
 
Error: (04/03/2015 11:15:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TBNotifier.exe, version: 31.16.2.0, time stamp: 0x54de540f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1330
Faulting application start time: 0xTBNotifier.exe0
Faulting application path: TBNotifier.exe1
Faulting module path: TBNotifier.exe2
Report Id: TBNotifier.exe3
 
Error: (03/26/2015 10:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21655888
 
Error: (03/26/2015 10:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21655888
 
Error: (03/26/2015 10:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21652830
 
 
System errors:
=============
Error: (04/04/2015 07:14:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
SASDIFSV
SASKUTIL
 
Error: (04/04/2015 07:14:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAS Core Service service failed to start due to the following error: 
%%2
 
Error: (04/04/2015 00:05:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (04/04/2015 00:02:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (04/04/2015 00:02:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
 
Error: (04/03/2015 11:56:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/03/2015 11:56:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.1548.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/03/2015 11:56:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.1548.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/03/2015 11:55:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/03/2015 11:15:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/04/2015 07:47:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsiExec.exe5.0.7601.175144ce792c4QuickTime.qts_unloaded0.0.0.052d49206c000000570a8cd89e5401d06ecd137c3522C:\Windows\syswow64\MsiExec.exeQuickTime.qts51c5dad5-dac0-11e4-aeb9-68b599d3931d
 
Error: (04/04/2015 07:41:22 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Bea-PC)
Description: 0KCPConnector.exeKodak Cloud Software Connector03026217816440
 
Error: (04/04/2015 07:15:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 00:02:47 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Bea-PC)
Description: 0AppleMobileDeviceService.exeApple Mobile Device03026217818840
 
Error: (04/03/2015 11:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.exe6.1.7601.175674d672ee4msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84ea001d055d1ac92e5a3C:\Windows\Explorer.exeC:\Windows\system32\msvcrt.dll58682fff-da7a-11e4-ba52-68b599d3931d
 
Error: (04/03/2015 11:15:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.16.2.054de540funknown0.0.0.000000000c000000500000000133001d055d2f84f6e72C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeunknowne70d8b68-da78-11e4-ba52-68b599d3931d
 
Error: (03/26/2015 10:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21655888
 
Error: (03/26/2015 10:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21655888
 
Error: (03/26/2015 10:42:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 10:42:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21652830
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-17 23:09:05.613
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 23:09:05.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 23:09:05.192
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 23:09:04.973
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 22:36:44.874
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 22:36:44.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 22:36:44.453
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 22:36:44.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 22:04:28.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-17 22:04:28.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N455 @ 1.66GHz
Percentage of memory in use: 84%
Total physical RAM: 1011.9 MB
Available physical RAM: 157.33 MB
Total Pagefile: 2200.9 MB
Available Pagefile: 835.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:256.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BEC8BEC8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

  • 0

Advertisements

#2
pystryker
Posted 05 April 2015 - 03:38 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hi :)

After these steps, please give me an update on how the machine is running. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO-x32: No Name -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> No File
FF Homepage: hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_35.0.1.5500&apn_uid=310B2DC3-7310-46DF-823C-52D7186F3CE6&itbv=12.24.1.51&doi=2015-03-03&psv=&pt=tb
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.0.0.2\avg.crx [Not Found]
R2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
C:\Users\Bea\AppData\Roaming\Yontoo
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log
  • 0

#3
butterrice
Posted 05 April 2015 - 09:33 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

My computers response seems to be picking up! and thank you for helping me out!

 

FIXLOG.TXT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by Bea at 2015-04-05 20:06:06 Run:1
Running from C:\Users\Bea\Desktop
Loaded Profiles: Bea (Available profiles: Bea & reba jo)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO-x32: No Name -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> No File
FF Homepage: hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_35.0.1.5500&apn_uid=310B2DC3-7310-46DF-823C-52D7186F3CE6&itbv=12.24.1.51&doi=2015-03-03&psv=&pt=tb
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.0.0.2\avg.crx [Not Found]
R2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
C:\Users\Bea\AppData\Roaming\Yontoo
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1939556421-1720677683-651779200-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} => Key not found. 
Firefox homepage deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
vToolbarUpdater15.0.0 => Service deleted successfully.
catchme => Service deleted successfully.
SASDIFSV => Service deleted successfully.
SASKUTIL => Service deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Bea\AppData\Roaming\Yontoo" => File/Directory not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 97.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:15:59 ====

  • 0

#4
butterrice
Posted 05 April 2015 - 09:33 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

JUNKWARE REMOVAL TOOL

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Basic x64
Ran by Bea on Sun 04/05/2015 at 23:12:58.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Bea\appdata\local\defineext"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/05/2015 at 23:23:37.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#5
butterrice
Posted 05 April 2015 - 09:34 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

ADWCLEANER LOG

 

# AdwCleaner v4.200 - Logfile created 05/04/2015 at 23:32:16

# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : Bea - BEA-PC
# Running from : C:\Users\Bea\Desktop\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player
Folder Deleted : C:\Users\Bea\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Bea\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\END
File Deleted : C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\user.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("CT3291325.embeddedsData", "[{\"appId\":\"130075605210846225\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.12 Customized Web Search");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN32572922283181179&UM=2&q=");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291325");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("[email protected]", true);
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1366504048607");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1366504042085");
[ow3mccr6.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "ODNU1A1VQJZTEEERIUC7TU606OTFIFP+RGCAYVJI947WF/CS0R7U2ZNNHSE7BBNA1KZEWL2ZTNARGWRWFSHMXW");
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_49_ch&cd=2XzuyEtN2Y1L1QzutDtD0CtDzy0FtCtByCzz0DtAzz0EtB0DtN0D0Tzu0SzyyEyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyBzzyByEtA0FyBtG0BtD0EzztGzy0B0CyDtGyC0AyCzytGyC0FyD0DzzyD0F0DtCtA0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0FzzyBzyyEtCtG0FyE0D0FtG0B0EzzzztGtB0C0B0CtGtDtCyDyD0DyCyC0F0FzyyB0C2Q&cr=2142926680&ir=
[C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119649&babsrc=SP_ss&mntrId=120C2AA3C40570B5
[C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.google.com", "hxxp://astromenda.com/?f=7&a=ast_clickconnect_14_49_ch&cd=2XzuyEtN2Y1L1QzutDtD0CtDzy0FtCtByCzz0DtAzz0EtB0DtN0D0Tzu0SzyyEyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDyBzzyByEtA0FyBtG0BtD0EzztGzy0B0CyDtGyC0AyCzytGyC0FyD0DzzyD0F0DtCtA0B0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0FzzyBzyyEtCtG0FyE0D0FtG0B0EzzzztGtB0C0B0CtGtDtCyDyD0DyCyC0F0FzyyB0C2Q&cr=2142926680&ir=
[C:\Users\reba jo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [39177 bytes] - [05/04/2015 23:27:22]
AdwCleaner[S0].txt - [9598 bytes] - [05/04/2015 23:32:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9657  bytes] ##########

  • 0

#6
pystryker
Posted 06 April 2015 - 05:42 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

My computers response seems to be picking up! and thank you for helping me out!


Good to hear, and you're quite welcome. :)

Let's run some scans for remnants and orphans.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. Note: The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#7
butterrice
Posted 07 April 2015 - 05:36 AM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

ESET

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=102b95e97a6d534295ee7420364d3a04
# engine=23256
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-07 04:15:17
# local_time=2015-04-07 12:15:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 22959058 68750232 0 0
# scanned=109220
# found=0
# cleaned=0
# scan_time=4293
 
 
MBAM
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/6/2015
Scan Time: 10:05:01 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.06.11
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bea
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389254
Time Elapsed: 35 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
SECURITY CHECK
 
 Results of screen317's Security Check version 0.99.99  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome (40.0.2214.115) 
 Google Chrome (41.0.2272.118) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 

  • 0

#8
pystryker
Posted 07 April 2015 - 05:39 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Excellent, nothing found by ESET or MBAM. :thumbsup:

I'd like to run one last scan to make sure there's no rootkits hiding on the machine, but the logs are looking excellent. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

TDSSKiller Log
  • 0

#9
butterrice
Posted 07 April 2015 - 09:18 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

So, I've had some stalling and unresponsive pages. As a matter of fact, just now as I tried to post this.  Maybe a hardware issue??

 

TDSSKILLER

 

22:46:13.0444 0x0fb8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:46:31.0088 0x0fb8  ============================================================
22:46:31.0088 0x0fb8  Current date / time: 2015/04/07 22:46:31.0088
22:46:31.0104 0x0fb8  SystemInfo:
22:46:31.0104 0x0fb8  
22:46:31.0104 0x0fb8  OS Version: 6.1.7601 ServicePack: 1.0
22:46:31.0104 0x0fb8  Product type: Workstation
22:46:31.0104 0x0fb8  ComputerName: BEA-PC
22:46:31.0104 0x0fb8  UserName: Bea
22:46:31.0104 0x0fb8  Windows directory: C:\Windows
22:46:31.0104 0x0fb8  System windows directory: C:\Windows
22:46:31.0104 0x0fb8  Running under WOW64
22:46:31.0104 0x0fb8  Processor architecture: Intel x64
22:46:31.0104 0x0fb8  Number of processors: 2
22:46:31.0104 0x0fb8  Page size: 0x1000
22:46:31.0104 0x0fb8  Boot type: Normal boot
22:46:31.0104 0x0fb8  ============================================================
22:46:39.0762 0x0fb8  KLMD registered as C:\Windows\system32\drivers\43672449.sys
22:46:41.0883 0x0fb8  System UUID: {039FD5EB-8C00-9B7E-1E9D-06B99975F1D2}
22:46:47.0016 0x0fb8  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:46:47.0140 0x0fb8  ============================================================
22:46:47.0140 0x0fb8  \Device\Harddisk0\DR0:
22:46:47.0140 0x0fb8  MBR partitions:
22:46:47.0140 0x0fb8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:46:47.0140 0x0fb8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:46:47.0140 0x0fb8  ============================================================
22:46:47.0390 0x0fb8  C: <-> \Device\Harddisk0\DR0\Partition2
22:46:47.0593 0x0fb8  ============================================================
22:46:47.0593 0x0fb8  Initialize success
22:46:47.0593 0x0fb8  ============================================================
22:47:52.0493 0x10c8  ============================================================
22:47:52.0571 0x10c8  Scan started
22:47:52.0571 0x10c8  Mode: Manual; SigCheck; TDLFS; 
22:47:52.0571 0x10c8  ============================================================
22:47:52.0571 0x10c8  KSN ping started
22:47:57.0610 0x10c8  KSN ping finished: true
22:48:33.0958 0x10c8  ================ Scan system memory ========================
22:48:33.0974 0x10c8  System memory - ok
22:48:33.0974 0x10c8  ================ Scan services =============================
22:48:34.0130 0x10c8  !SASCORE - ok
22:48:36.0251 0x10c8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:48:46.0594 0x10c8  1394ohci - ok
22:48:48.0248 0x10c8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:48:48.0591 0x10c8  ACPI - ok
22:48:48.0763 0x10c8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:48:49.0387 0x10c8  AcpiPmi - ok
22:48:49.0683 0x10c8  [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:48:49.0886 0x10c8  AdobeARMservice - ok
22:48:51.0851 0x10c8  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:48:52.0070 0x10c8  AdobeFlashPlayerUpdateSvc - ok
22:48:52.0351 0x10c8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:48:52.0491 0x10c8  adp94xx - ok
22:48:52.0725 0x10c8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:48:52.0865 0x10c8  adpahci - ok
22:48:53.0224 0x10c8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:48:53.0302 0x10c8  adpu320 - ok
22:48:53.0458 0x10c8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:48:55.0299 0x10c8  AeLookupSvc - ok
22:48:55.0455 0x10c8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:48:55.0907 0x10c8  AFD - ok
22:48:56.0360 0x10c8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:48:56.0422 0x10c8  agp440 - ok
22:48:56.0641 0x10c8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:48:57.0062 0x10c8  ALG - ok
22:48:57.0155 0x10c8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:48:57.0280 0x10c8  aliide - ok
22:48:57.0436 0x10c8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:48:57.0545 0x10c8  amdide - ok
22:48:57.0639 0x10c8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:48:57.0842 0x10c8  AmdK8 - ok
22:48:57.0951 0x10c8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:48:58.0263 0x10c8  AmdPPM - ok
22:48:58.0357 0x10c8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:48:58.0466 0x10c8  amdsata - ok
22:48:58.0653 0x10c8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:48:58.0793 0x10c8  amdsbs - ok
22:48:58.0871 0x10c8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:48:58.0981 0x10c8  amdxata - ok
22:48:59.0137 0x10c8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
22:49:00.0931 0x10c8  AppID - ok
22:49:01.0009 0x10c8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:49:01.0289 0x10c8  AppIDSvc - ok
22:49:01.0445 0x10c8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:49:01.0679 0x10c8  Appinfo - ok
22:49:02.0413 0x10c8  [ D00A39E9DA389FB522D3B58D4BF4ADDB, 3524E4CABDEA6116BFE4254B3C230B801FDA83BE247BDE919A2805FA749325B9 ] AR5416          C:\Windows\system32\DRIVERS\athwx.sys
22:49:03.0395 0x10c8  AR5416 - ok
22:49:03.0614 0x10c8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:49:05.0221 0x10c8  arc - ok
22:49:05.0689 0x10c8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:49:05.0891 0x10c8  arcsas - ok
22:49:07.0061 0x10c8  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:49:07.0483 0x10c8  aspnet_state - ok
22:49:07.0857 0x10c8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:08.0060 0x10c8  AsyncMac - ok
22:49:08.0372 0x10c8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:49:08.0450 0x10c8  atapi - ok
22:49:09.0838 0x10c8  [ B4421D8CDADC441F76BA39532A3E3414, 4C7C14C99E2095012A85672C824E21CF2FC152BCC37A1B25BF3189D0F6A06ED3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:49:11.0133 0x10c8  athr - ok
22:49:11.0383 0x10c8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:49:14.0456 0x10c8  AudioEndpointBuilder - ok
22:49:14.0659 0x10c8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:49:15.0501 0x10c8  AudioSrv - ok
22:49:15.0704 0x10c8  [ 4A175D2D30D31F7DF46F09B9A108E089, 6167D4E319B47C9759231EDEDF7F4199196CCDD332E8DB2137872FB15699B9F8 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
22:49:17.0685 0x10c8  avgtp - ok
22:49:17.0872 0x10c8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:49:18.0469 0x10c8  AxInstSV - ok
22:49:18.0719 0x10c8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:49:19.0249 0x10c8  b06bdrv - ok
22:49:19.0436 0x10c8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:49:19.0655 0x10c8  b57nd60a - ok
22:49:19.0842 0x10c8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:49:20.0185 0x10c8  BDESVC - ok
22:49:20.0466 0x10c8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:49:22.0806 0x10c8  Beep - ok
22:49:23.0009 0x10c8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:49:23.0445 0x10c8  BFE - ok
22:49:23.0726 0x10c8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:49:26.0347 0x10c8  BITS - ok
22:49:26.0441 0x10c8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:49:26.0581 0x10c8  blbdrive - ok
22:49:26.0768 0x10c8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:49:27.0127 0x10c8  bowser - ok
22:49:27.0345 0x10c8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:49:27.0954 0x10c8  BrFiltLo - ok
22:49:27.0985 0x10c8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:49:28.0172 0x10c8  BrFiltUp - ok
22:49:28.0375 0x10c8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:49:28.0812 0x10c8  BridgeMP - ok
22:49:28.0952 0x10c8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:49:29.0171 0x10c8  Browser - ok
22:49:29.0389 0x10c8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:49:29.0732 0x10c8  Brserid - ok
22:49:29.0857 0x10c8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:29.0997 0x10c8  BrSerWdm - ok
22:49:30.0060 0x10c8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:30.0200 0x10c8  BrUsbMdm - ok
22:49:30.0278 0x10c8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:30.0403 0x10c8  BrUsbSer - ok
22:49:30.0465 0x10c8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:49:30.0606 0x10c8  BTHMODEM - ok
22:49:30.0731 0x10c8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:49:30.0965 0x10c8  bthserv - ok
22:49:31.0027 0x10c8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:49:31.0245 0x10c8  cdfs - ok
22:49:31.0401 0x10c8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:49:31.0526 0x10c8  cdrom - ok
22:49:31.0667 0x10c8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:49:33.0398 0x10c8  CertPropSvc - ok
22:49:33.0476 0x10c8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:49:33.0585 0x10c8  circlass - ok
22:49:34.0022 0x10c8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
22:49:34.0194 0x10c8  CLFS - ok
22:49:34.0490 0x10c8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:34.0911 0x10c8  clr_optimization_v2.0.50727_32 - ok
22:49:35.0145 0x10c8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:49:35.0473 0x10c8  clr_optimization_v2.0.50727_64 - ok
22:49:36.0113 0x10c8  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:49:36.0425 0x10c8  clr_optimization_v4.0.30319_32 - ok
22:49:36.0534 0x10c8  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:49:36.0893 0x10c8  clr_optimization_v4.0.30319_64 - ok
22:49:37.0002 0x10c8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:37.0111 0x10c8  CmBatt - ok
22:49:37.0251 0x10c8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:49:37.0376 0x10c8  cmdide - ok
22:49:37.0548 0x10c8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:49:37.0813 0x10c8  CNG - ok
22:49:38.0000 0x10c8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:49:38.0063 0x10c8  Compbatt - ok
22:49:38.0187 0x10c8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:49:38.0421 0x10c8  CompositeBus - ok
22:49:38.0531 0x10c8  COMSysApp - ok
22:49:38.0624 0x10c8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:49:38.0702 0x10c8  crcdisk - ok
22:49:38.0874 0x10c8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:49:39.0201 0x10c8  CryptSvc - ok
22:49:39.0732 0x10c8  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:49:40.0028 0x10c8  cvhsvc - ok
22:49:40.0512 0x10c8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:49:40.0871 0x10c8  DcomLaunch - ok
22:49:41.0042 0x10c8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:49:41.0370 0x10c8  defragsvc - ok
22:49:41.0463 0x10c8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:49:41.0791 0x10c8  DfsC - ok
22:49:42.0009 0x10c8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:49:42.0368 0x10c8  Dhcp - ok
22:49:42.0431 0x10c8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:49:42.0649 0x10c8  discache - ok
22:49:42.0789 0x10c8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:49:42.0852 0x10c8  Disk - ok
22:49:43.0039 0x10c8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:49:43.0335 0x10c8  Dnscache - ok
22:49:43.0476 0x10c8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:49:43.0803 0x10c8  dot3svc - ok
22:49:44.0115 0x10c8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:49:44.0334 0x10c8  DPS - ok
22:49:44.0599 0x10c8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:49:44.0849 0x10c8  drmkaud - ok
22:49:45.0145 0x10c8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:49:45.0441 0x10c8  DXGKrnl - ok
22:49:45.0566 0x10c8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:49:45.0816 0x10c8  EapHost - ok
22:49:46.0830 0x10c8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:49:47.0685 0x10c8  ebdrv - ok
22:49:47.0856 0x10c8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
22:49:48.0153 0x10c8  EFS - ok
22:49:48.0527 0x10c8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:49:48.0777 0x10c8  elxstor - ok
22:49:48.0933 0x10c8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:49:49.0120 0x10c8  ErrDev - ok
22:49:49.0416 0x10c8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:49:49.0822 0x10c8  EventSystem - ok
22:49:49.0947 0x10c8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:49:50.0196 0x10c8  exfat - ok
22:49:50.0274 0x10c8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:49:50.0508 0x10c8  fastfat - ok
22:49:50.0758 0x10c8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:49:51.0117 0x10c8  Fax - ok
22:49:51.0319 0x10c8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:49:51.0413 0x10c8  fdc - ok
22:49:51.0522 0x10c8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:49:51.0772 0x10c8  fdPHost - ok
22:49:51.0850 0x10c8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:49:52.0084 0x10c8  FDResPub - ok
22:49:52.0271 0x10c8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:49:52.0365 0x10c8  FileInfo - ok
22:49:52.0443 0x10c8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:49:52.0677 0x10c8  Filetrace - ok
22:49:52.0801 0x10c8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:49:53.0035 0x10c8  flpydisk - ok
22:49:53.0145 0x10c8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:49:53.0301 0x10c8  FltMgr - ok
22:49:53.0628 0x10c8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
22:49:54.0190 0x10c8  FontCache - ok
22:49:54.0377 0x10c8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:49:54.0439 0x10c8  FontCache3.0.0.0 - ok
22:49:54.0564 0x10c8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:49:54.0642 0x10c8  FsDepends - ok
22:49:54.0861 0x10c8  [ B3EB502D2C3F47C47415F85387DFAEF1, 5240D4281BB9FBFBFEB98522D12F0C006BE063C084C2E6E23DACB6606CDC25AE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:49:54.0939 0x10c8  fssfltr - ok
22:49:55.0391 0x10c8  [ B6AB40819ECEC4BA07266EC0EBBC85A7, 71D385043720B622305FD64BD1187C6FFD7191C30794F95629CF6BFDC0A25BA2 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:49:55.0828 0x10c8  fsssvc - ok
22:49:55.0875 0x10c8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:49:55.0937 0x10c8  Fs_Rec - ok
22:49:56.0093 0x10c8  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:49:56.0374 0x10c8  fvevol - ok
22:49:56.0514 0x10c8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:49:56.0717 0x10c8  gagp30kx - ok
22:49:56.0935 0x10c8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:49:57.0045 0x10c8  GEARAspiWDM - ok
22:49:57.0341 0x10c8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:49:59.0197 0x10c8  gpsvc - ok
22:49:59.0400 0x10c8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:59.0525 0x10c8  gupdate - ok
22:49:59.0572 0x10c8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:59.0728 0x10c8  gupdatem - ok
22:49:59.0946 0x10c8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:50:00.0336 0x10c8  hcw85cir - ok
22:50:00.0679 0x10c8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:50:01.0038 0x10c8  HdAudAddService - ok
22:50:01.0179 0x10c8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:50:01.0303 0x10c8  HDAudBus - ok
22:50:01.0397 0x10c8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:50:01.0553 0x10c8  HidBatt - ok
22:50:01.0771 0x10c8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:50:01.0912 0x10c8  HidBth - ok
22:50:02.0037 0x10c8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:50:02.0177 0x10c8  HidIr - ok
22:50:02.0255 0x10c8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
22:50:02.0551 0x10c8  hidserv - ok
22:50:02.0707 0x10c8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:50:02.0941 0x10c8  HidUsb - ok
22:50:03.0019 0x10c8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:50:03.0316 0x10c8  hkmsvc - ok
22:50:03.0441 0x10c8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:50:03.0643 0x10c8  HomeGroupListener - ok
22:50:03.0799 0x10c8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:50:04.0033 0x10c8  HomeGroupProvider - ok
22:50:04.0143 0x10c8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:50:04.0205 0x10c8  HpSAMD - ok
22:50:04.0626 0x10c8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:50:05.0032 0x10c8  HTTP - ok
22:50:05.0094 0x10c8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:50:05.0157 0x10c8  hwpolicy - ok
22:50:05.0266 0x10c8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:50:05.0391 0x10c8  i8042prt - ok
22:50:05.0781 0x10c8  [ 2FDAEC4B02729C48C0FD1B0B4695995B, 87331D91FA3A23257B9913067B7B16D08710408070795B638058DBF728BBB288 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:50:05.0968 0x10c8  iaStor - ok
22:50:06.0155 0x10c8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:50:06.0311 0x10c8  iaStorV - ok
22:50:06.0732 0x10c8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:50:07.0356 0x10c8  idsvc - ok
22:50:07.0559 0x10c8  IEEtwCollectorService - ok
22:50:08.0869 0x10c8  [ 9BDE173869DDAC34A738A038CCC6CF8A, 52C14D78B65769320D85DDEF7BBD975723142AA3AF52CF2B4A5C076AA92CDFE9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:50:10.0117 0x10c8  igfx - ok
22:50:10.0211 0x10c8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:50:10.0289 0x10c8  iirsp - ok
22:50:10.0601 0x10c8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:50:10.0897 0x10c8  IKEEXT - ok
22:50:11.0022 0x10c8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:50:11.0131 0x10c8  intelide - ok
22:50:11.0272 0x10c8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:50:11.0412 0x10c8  intelppm - ok
22:50:11.0553 0x10c8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:50:11.0989 0x10c8  IPBusEnum - ok
22:50:12.0114 0x10c8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:13.0549 0x10c8  IpFilterDriver - ok
22:50:13.0783 0x10c8  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:50:14.0095 0x10c8  iphlpsvc - ok
22:50:14.0142 0x10c8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:50:14.0345 0x10c8  IPMIDRV - ok
22:50:14.0423 0x10c8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:50:14.0688 0x10c8  IPNAT - ok
22:50:14.0844 0x10c8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:50:15.0312 0x10c8  IRENUM - ok
22:50:15.0468 0x10c8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:50:15.0546 0x10c8  isapnp - ok
22:50:15.0640 0x10c8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:50:15.0796 0x10c8  iScsiPrt - ok
22:50:15.0921 0x10c8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:50:15.0999 0x10c8  kbdclass - ok
22:50:16.0108 0x10c8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:50:16.0248 0x10c8  kbdhid - ok
22:50:16.0326 0x10c8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
22:50:16.0436 0x10c8  KeyIso - ok
22:50:16.0514 0x10c8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:50:16.0607 0x10c8  KSecDD - ok
22:50:16.0716 0x10c8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:50:16.0810 0x10c8  KSecPkg - ok
22:50:16.0888 0x10c8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:50:17.0122 0x10c8  ksthunk - ok
22:50:17.0356 0x10c8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:50:17.0668 0x10c8  KtmRm - ok
22:50:18.0011 0x10c8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:50:18.0370 0x10c8  LanmanServer - ok
22:50:18.0573 0x10c8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:50:18.0994 0x10c8  LanmanWorkstation - ok
22:50:19.0212 0x10c8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:50:19.0400 0x10c8  lltdio - ok
22:50:19.0556 0x10c8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:50:19.0836 0x10c8  lltdsvc - ok
22:50:19.0899 0x10c8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:50:20.0164 0x10c8  lmhosts - ok
22:50:20.0320 0x10c8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:50:20.0414 0x10c8  LSI_FC - ok
22:50:20.0616 0x10c8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:50:20.0694 0x10c8  LSI_SAS - ok
22:50:20.0804 0x10c8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:50:20.0866 0x10c8  LSI_SAS2 - ok
22:50:20.0991 0x10c8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:50:21.0069 0x10c8  LSI_SCSI - ok
22:50:21.0209 0x10c8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:50:21.0474 0x10c8  luafv - ok
22:50:21.0880 0x10c8  [ CF12E148C6FC151335B7D7FE03F1C7A2, 7087DF6D884AF0A57AC22D7AE9C2903913AAB4CE52D19666B6513C3D5706E43C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:50:21.0958 0x10c8  MBAMProtector - ok
22:50:22.0426 0x10c8  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
22:50:22.0894 0x10c8  MBAMService - ok
22:50:23.0081 0x10c8  [ 0CE2F3E26C770CBAEB50787A2C1FD09E, 2DDB1827027D2CC8E78FE737B5DA21783EFCD13430DBB140C34DAACACD6EF492 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:50:23.0144 0x10c8  MBAMWebAccessControl - ok
22:50:23.0222 0x10c8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:50:23.0300 0x10c8  megasas - ok
22:50:23.0518 0x10c8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:50:23.0705 0x10c8  MegaSR - ok
22:50:23.0799 0x10c8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:50:24.0033 0x10c8  MMCSS - ok
22:50:24.0111 0x10c8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:50:24.0345 0x10c8  Modem - ok
22:50:24.0376 0x10c8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:50:24.0548 0x10c8  monitor - ok
22:50:24.0672 0x10c8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:50:24.0750 0x10c8  mouclass - ok
22:50:24.0860 0x10c8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:50:24.0953 0x10c8  mouhid - ok
22:50:25.0047 0x10c8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:50:25.0172 0x10c8  mountmgr - ok
22:50:25.0421 0x10c8  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:50:25.0530 0x10c8  MpFilter - ok
22:50:25.0593 0x10c8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:50:25.0671 0x10c8  mpio - ok
22:50:25.0796 0x10c8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:50:26.0014 0x10c8  mpsdrv - ok
22:50:26.0279 0x10c8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:50:26.0622 0x10c8  MpsSvc - ok
22:50:26.0700 0x10c8  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:50:26.0872 0x10c8  MRxDAV - ok
22:50:26.0950 0x10c8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:27.0122 0x10c8  mrxsmb - ok
22:50:27.0231 0x10c8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:27.0387 0x10c8  mrxsmb10 - ok
22:50:27.0418 0x10c8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:27.0543 0x10c8  mrxsmb20 - ok
22:50:27.0590 0x10c8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:50:27.0652 0x10c8  msahci - ok
22:50:27.0714 0x10c8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:50:27.0824 0x10c8  msdsm - ok
22:50:27.0980 0x10c8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:50:28.0198 0x10c8  MSDTC - ok
22:50:28.0385 0x10c8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:50:28.0682 0x10c8  Msfs - ok
22:50:29.0009 0x10c8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:50:29.0462 0x10c8  mshidkmdf - ok
22:50:29.0571 0x10c8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:50:29.0633 0x10c8  msisadrv - ok
22:50:29.0852 0x10c8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:50:30.0070 0x10c8  MSiSCSI - ok
22:50:30.0086 0x10c8  msiserver - ok
22:50:30.0210 0x10c8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:50:30.0429 0x10c8  MSKSSRV - ok
22:50:30.0772 0x10c8  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:50:30.0866 0x10c8  MsMpSvc - ok
22:50:31.0037 0x10c8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:31.0302 0x10c8  MSPCLOCK - ok
22:50:31.0521 0x10c8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:50:31.0739 0x10c8  MSPQM - ok
22:50:31.0911 0x10c8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:50:32.0051 0x10c8  MsRPC - ok
22:50:32.0145 0x10c8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:50:32.0223 0x10c8  mssmbios - ok
22:50:32.0348 0x10c8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:50:32.0550 0x10c8  MSTEE - ok
22:50:32.0660 0x10c8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:50:32.0925 0x10c8  MTConfig - ok
22:50:33.0050 0x10c8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:50:33.0128 0x10c8  Mup - ok
22:50:33.0377 0x10c8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:50:35.0031 0x10c8  napagent - ok
22:50:35.0218 0x10c8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:50:35.0702 0x10c8  NativeWifiP - ok
22:50:36.0029 0x10c8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:50:36.0248 0x10c8  NDIS - ok
22:50:36.0357 0x10c8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:50:36.0560 0x10c8  NdisCap - ok
22:50:36.0653 0x10c8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:36.0872 0x10c8  NdisTapi - ok
22:50:37.0059 0x10c8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:37.0308 0x10c8  Ndisuio - ok
22:50:37.0386 0x10c8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:37.0620 0x10c8  NdisWan - ok
22:50:37.0808 0x10c8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:50:38.0026 0x10c8  NDProxy - ok
22:50:38.0447 0x10c8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:50:38.0993 0x10c8  NetBIOS - ok
22:50:39.0134 0x10c8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:50:39.0399 0x10c8  NetBT - ok
22:50:39.0508 0x10c8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
22:50:39.0648 0x10c8  Netlogon - ok
22:50:39.0898 0x10c8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:50:40.0210 0x10c8  Netman - ok
22:50:40.0382 0x10c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:40.0538 0x10c8  NetMsmqActivator - ok
22:50:40.0647 0x10c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:40.0740 0x10c8  NetPipeActivator - ok
22:50:41.0021 0x10c8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:50:41.0396 0x10c8  netprofm - ok
22:50:41.0474 0x10c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:41.0567 0x10c8  NetTcpActivator - ok
22:50:41.0630 0x10c8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:41.0723 0x10c8  NetTcpPortSharing - ok
22:50:41.0879 0x10c8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:50:41.0942 0x10c8  nfrd960 - ok
22:50:42.0285 0x10c8  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:50:42.0363 0x10c8  NisDrv - ok
22:50:42.0488 0x10c8  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:50:42.0597 0x10c8  NisSrv - ok
22:50:42.0940 0x10c8  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:50:43.0439 0x10c8  NlaSvc - ok
22:50:43.0502 0x10c8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:50:43.0782 0x10c8  Npfs - ok
22:50:44.0063 0x10c8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:50:44.0328 0x10c8  nsi - ok
22:50:44.0438 0x10c8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:50:44.0750 0x10c8  nsiproxy - ok
22:50:45.0358 0x10c8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:50:46.0107 0x10c8  Ntfs - ok
22:50:46.0606 0x10c8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:50:46.0887 0x10c8  Null - ok
22:50:47.0183 0x10c8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:50:47.0277 0x10c8  nvraid - ok
22:50:47.0417 0x10c8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:50:47.0495 0x10c8  nvstor - ok
22:50:47.0714 0x10c8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:50:47.0792 0x10c8  nv_agp - ok
22:50:47.0948 0x10c8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:50:48.0275 0x10c8  ohci1394 - ok
22:50:48.0478 0x10c8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:48.0587 0x10c8  ose - ok
22:50:50.0912 0x10c8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:50:51.0879 0x10c8  osppsvc - ok
22:50:52.0113 0x10c8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:50:52.0409 0x10c8  p2pimsvc - ok
22:50:52.0721 0x10c8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:50:53.0564 0x10c8  p2psvc - ok
22:50:54.0687 0x10c8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:50:55.0108 0x10c8  Parport - ok
22:50:55.0248 0x10c8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:50:55.0326 0x10c8  partmgr - ok
22:50:55.0467 0x10c8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:50:56.0216 0x10c8  PcaSvc - ok
22:50:56.0340 0x10c8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:50:56.0418 0x10c8  pci - ok
22:50:56.0559 0x10c8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:50:56.0637 0x10c8  pciide - ok
22:50:56.0715 0x10c8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:50:56.0808 0x10c8  pcmcia - ok
22:50:56.0886 0x10c8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:50:56.0933 0x10c8  pcw - ok
22:50:57.0183 0x10c8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:50:59.0336 0x10c8  PEAUTH - ok
22:51:00.0646 0x10c8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:51:00.0942 0x10c8  PerfHost - ok
22:51:01.0442 0x10c8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:51:03.0033 0x10c8  pla - ok
22:51:03.0173 0x10c8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:51:03.0376 0x10c8  PlugPlay - ok
22:51:03.0438 0x10c8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:51:03.0579 0x10c8  PNRPAutoReg - ok
22:51:03.0704 0x10c8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:51:03.0828 0x10c8  PNRPsvc - ok
22:51:03.0953 0x10c8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:51:04.0265 0x10c8  PolicyAgent - ok
22:51:04.0406 0x10c8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:51:04.0764 0x10c8  Power - ok
22:51:05.0123 0x10c8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:51:05.0841 0x10c8  PptpMiniport - ok
22:51:06.0012 0x10c8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:51:06.0699 0x10c8  Processor - ok
22:51:07.0151 0x10c8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:51:07.0775 0x10c8  ProfSvc - ok
22:51:08.0072 0x10c8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:51:08.0384 0x10c8  ProtectedStorage - ok
22:51:08.0524 0x10c8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:51:08.0774 0x10c8  Psched - ok
22:51:09.0148 0x10c8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:51:09.0413 0x10c8  ql2300 - ok
22:51:09.0538 0x10c8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:51:09.0585 0x10c8  ql40xx - ok
22:51:09.0694 0x10c8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:51:09.0912 0x10c8  QWAVE - ok
22:51:09.0990 0x10c8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:51:10.0115 0x10c8  QWAVEdrv - ok
22:51:10.0178 0x10c8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:51:10.0412 0x10c8  RasAcd - ok
22:51:10.0583 0x10c8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:51:10.0848 0x10c8  RasAgileVpn - ok
22:51:11.0270 0x10c8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:51:12.0424 0x10c8  RasAuto - ok
22:51:12.0845 0x10c8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:13.0563 0x10c8  Rasl2tp - ok
22:51:14.0062 0x10c8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:51:14.0374 0x10c8  RasMan - ok
22:51:14.0499 0x10c8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:14.0702 0x10c8  RasPppoe - ok
22:51:14.0889 0x10c8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:51:15.0154 0x10c8  RasSstp - ok
22:51:15.0388 0x10c8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:51:15.0716 0x10c8  rdbss - ok
22:51:15.0794 0x10c8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:51:16.0230 0x10c8  rdpbus - ok
22:51:16.0355 0x10c8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:16.0574 0x10c8  RDPCDD - ok
22:51:16.0714 0x10c8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:51:16.0854 0x10c8  RDPENCDD - ok
22:51:16.0932 0x10c8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:51:17.0088 0x10c8  RDPREFMP - ok
22:51:17.0151 0x10c8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:51:17.0432 0x10c8  RDPWD - ok
22:51:17.0900 0x10c8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:51:17.0993 0x10c8  rdyboost - ok
22:51:18.0711 0x10c8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:51:19.0272 0x10c8  RemoteAccess - ok
22:51:19.0444 0x10c8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:51:19.0662 0x10c8  RemoteRegistry - ok
22:51:20.0130 0x10c8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:51:20.0864 0x10c8  RpcEptMapper - ok
22:51:20.0973 0x10c8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:51:21.0144 0x10c8  RpcLocator - ok
22:51:21.0425 0x10c8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:51:21.0737 0x10c8  RpcSs - ok
22:51:21.0956 0x10c8  [ 546D7F426776090B90EF5F195B6AE662, E67598E1CA5F98184DD7380E7AFD65C18C99EDC3326909EBFF2A61F95C3A027D ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
22:51:22.0330 0x10c8  RSPCIESTOR - ok
22:51:22.0486 0x10c8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:51:22.0751 0x10c8  rspndr - ok
22:51:22.0970 0x10c8  [ A6284C8C29CCCCAD9109C4DA5CD916BD, 612A5E8CF0F591F217EF29EB34C08C9A6A295C26DD49D2F7D2BE0DD504A8F0F4 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
22:51:23.0094 0x10c8  RTL8169 - ok
22:51:23.0204 0x10c8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
22:51:23.0297 0x10c8  SamSs - ok
22:51:23.0391 0x10c8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:51:23.0469 0x10c8  sbp2port - ok
22:51:23.0594 0x10c8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:51:23.0890 0x10c8  SCardSvr - ok
22:51:23.0984 0x10c8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:51:24.0202 0x10c8  scfilter - ok
22:51:24.0779 0x10c8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:51:25.0247 0x10c8  Schedule - ok
22:51:25.0341 0x10c8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:51:25.0559 0x10c8  SCPolicySvc - ok
22:51:25.0793 0x10c8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:51:26.0105 0x10c8  SDRSVC - ok
22:51:26.0355 0x10c8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:51:26.0636 0x10c8  secdrv - ok
22:51:26.0792 0x10c8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:51:27.0072 0x10c8  seclogon - ok
22:51:27.0291 0x10c8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
22:51:27.0509 0x10c8  SENS - ok
22:51:27.0759 0x10c8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:51:28.0211 0x10c8  SensrSvc - ok
22:51:28.0289 0x10c8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:51:28.0492 0x10c8  Serenum - ok
22:51:28.0664 0x10c8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
22:51:28.0757 0x10c8  Serial - ok
22:51:28.0913 0x10c8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:51:29.0007 0x10c8  sermouse - ok
22:51:29.0194 0x10c8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:51:29.0459 0x10c8  SessionEnv - ok
22:51:29.0568 0x10c8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:51:29.0912 0x10c8  sffdisk - ok
22:51:30.0021 0x10c8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:51:30.0130 0x10c8  sffp_mmc - ok
22:51:30.0161 0x10c8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:51:30.0286 0x10c8  sffp_sd - ok
22:51:30.0317 0x10c8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:51:30.0426 0x10c8  sfloppy - ok
22:51:30.0676 0x10c8  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:51:31.0050 0x10c8  Sftfs - ok
22:51:32.0345 0x10c8  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:51:34.0233 0x10c8  sftlist - ok
22:51:34.0404 0x10c8  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:51:34.0560 0x10c8  Sftplay - ok
22:51:34.0685 0x10c8  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:51:34.0763 0x10c8  Sftredir - ok
22:51:34.0794 0x10c8  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:51:34.0857 0x10c8  Sftvol - ok
22:51:34.0997 0x10c8  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:51:35.0138 0x10c8  sftvsa - ok
22:51:35.0340 0x10c8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:51:37.0852 0x10c8  SharedAccess - ok
22:51:38.0102 0x10c8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:51:40.0582 0x10c8  ShellHWDetection - ok
22:51:40.0847 0x10c8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:51:40.0910 0x10c8  SiSRaid2 - ok
22:51:40.0972 0x10c8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:51:41.0050 0x10c8  SiSRaid4 - ok
22:51:41.0190 0x10c8  [ 4C9F8E72F87F50A6125AAA31B63B2D18, 6EA3C9E8CC0CF848EAA4D760F4526E1FC17EBB731AF45086966EC240C8099367 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
22:51:41.0393 0x10c8  SIUSBXP - ok
22:51:41.0565 0x10c8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:51:41.0783 0x10c8  Smb - ok
22:51:41.0970 0x10c8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:51:42.0236 0x10c8  SNMPTRAP - ok
22:51:42.0345 0x10c8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:51:42.0407 0x10c8  spldr - ok
22:51:42.0610 0x10c8  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
22:51:42.0906 0x10c8  Spooler - ok
22:51:43.0608 0x10c8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:51:44.0669 0x10c8  sppsvc - ok
22:51:44.0794 0x10c8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:51:45.0200 0x10c8  sppuinotify - ok
22:51:46.0666 0x10c8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:51:47.0524 0x10c8  srv - ok
22:51:47.0727 0x10c8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:51:47.0961 0x10c8  srv2 - ok
22:51:48.0086 0x10c8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:51:48.0288 0x10c8  srvnet - ok
22:51:48.0366 0x10c8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:51:48.0632 0x10c8  SSDPSRV - ok
22:51:48.0725 0x10c8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:51:49.0006 0x10c8  SstpSvc - ok
22:51:49.0131 0x10c8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:51:49.0193 0x10c8  stexstor - ok
22:51:49.0521 0x10c8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:51:50.0348 0x10c8  stisvc - ok
22:51:50.0472 0x10c8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:51:50.0535 0x10c8  swenum - ok
22:51:50.0753 0x10c8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:51:51.0164 0x10c8  swprv - ok
22:51:51.0354 0x10c8  [ AC3CC98B1BDB6540021D3FFB105AC2B9, 671146CC16139AECE0BCCC44983807E045A930E262F64461D0D882A0A0B77E4F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:51:51.0459 0x10c8  SynTP - ok
22:51:51.0984 0x10c8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:51:52.0482 0x10c8  SysMain - ok
22:51:52.0576 0x10c8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:51:52.0763 0x10c8  TabletInputService - ok
22:51:52.0903 0x10c8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:51:53.0247 0x10c8  TapiSrv - ok
22:51:53.0356 0x10c8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:51:53.0574 0x10c8  TBS - ok
22:51:54.0214 0x10c8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:51:54.0588 0x10c8  Tcpip - ok
22:51:55.0555 0x10c8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:51:56.0741 0x10c8  TCPIP6 - ok
22:51:57.0178 0x10c8  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:51:57.0942 0x10c8  tcpipreg - ok
22:51:58.0239 0x10c8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:51:59.0565 0x10c8  TDPIPE - ok
22:51:59.0705 0x10c8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:52:00.0079 0x10c8  TDTCP - ok
22:52:00.0423 0x10c8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:52:00.0688 0x10c8  tdx - ok
22:52:01.0156 0x10c8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:52:01.0296 0x10c8  TermDD - ok
22:52:01.0749 0x10c8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
22:52:02.0576 0x10c8  TermService - ok
22:52:02.0654 0x10c8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:52:03.0246 0x10c8  Themes - ok
22:52:03.0512 0x10c8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:52:06.0335 0x10c8  THREADORDER - ok
22:52:07.0334 0x10c8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:52:08.0441 0x10c8  TrkWks - ok
22:52:08.0894 0x10c8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:52:09.0455 0x10c8  TrustedInstaller - ok
22:52:09.0752 0x10c8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:10.0157 0x10c8  tssecsrv - ok
22:52:10.0625 0x10c8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:52:11.0109 0x10c8  TsUsbFlt - ok
22:52:11.0358 0x10c8  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:52:11.0624 0x10c8  TsUsbGD - ok
22:52:12.0029 0x10c8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:52:12.0310 0x10c8  tunnel - ok
22:52:12.0388 0x10c8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:52:12.0466 0x10c8  uagp35 - ok
22:52:12.0700 0x10c8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:52:13.0418 0x10c8  udfs - ok
22:52:13.0574 0x10c8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:52:14.0010 0x10c8  UI0Detect - ok
22:52:14.0104 0x10c8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:52:14.0166 0x10c8  uliagpkx - ok
22:52:14.0291 0x10c8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:52:14.0463 0x10c8  umbus - ok
22:52:14.0556 0x10c8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:52:14.0666 0x10c8  UmPass - ok
22:52:14.0900 0x10c8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:52:15.0227 0x10c8  upnphost - ok
22:52:15.0399 0x10c8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:52:15.0555 0x10c8  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
22:52:18.0612 0x10c8  Detect skipped due to KSN trusted
22:52:18.0612 0x10c8  USBAAPL64 - ok
22:52:18.0753 0x10c8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:52:18.0940 0x10c8  usbaudio - ok
22:52:19.0112 0x10c8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:19.0377 0x10c8  usbccgp - ok
22:52:19.0502 0x10c8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:52:19.0736 0x10c8  usbcir - ok
22:52:19.0907 0x10c8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:52:20.0048 0x10c8  usbehci - ok
22:52:20.0297 0x10c8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:52:20.0500 0x10c8  usbhub - ok
22:52:20.0640 0x10c8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:52:20.0781 0x10c8  usbohci - ok
22:52:21.0015 0x10c8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:52:21.0436 0x10c8  usbprint - ok
22:52:21.0561 0x10c8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:52:21.0857 0x10c8  usbscan - ok
22:52:21.0966 0x10c8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:22.0263 0x10c8  USBSTOR - ok
22:52:22.0450 0x10c8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:52:22.0637 0x10c8  usbuhci - ok
22:52:22.0778 0x10c8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:52:22.0902 0x10c8  usbvideo - ok
22:52:23.0214 0x10c8  [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
22:52:23.0402 0x10c8  usb_rndisx - ok
22:52:23.0526 0x10c8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:52:23.0745 0x10c8  UxSms - ok
22:52:23.0838 0x10c8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
22:52:24.0150 0x10c8  VaultSvc - ok
22:52:24.0260 0x10c8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:52:24.0353 0x10c8  vdrvroot - ok
22:52:24.0572 0x10c8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:52:24.0899 0x10c8  vds - ok
22:52:25.0305 0x10c8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:25.0414 0x10c8  vga - ok
22:52:26.0272 0x10c8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:52:26.0896 0x10c8  VgaSave - ok
22:52:27.0192 0x10c8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:52:27.0270 0x10c8  vhdmp - ok
22:52:27.0364 0x10c8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:52:27.0426 0x10c8  viaide - ok
22:52:27.0567 0x10c8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:52:27.0645 0x10c8  volmgr - ok
22:52:27.0785 0x10c8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:52:27.0988 0x10c8  volmgrx - ok
22:52:28.0144 0x10c8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:52:28.0253 0x10c8  volsnap - ok
22:52:28.0394 0x10c8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:52:28.0487 0x10c8  vsmraid - ok
22:52:28.0893 0x10c8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:52:29.0486 0x10c8  VSS - ok
22:52:29.0579 0x10c8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:29.0720 0x10c8  vwifibus - ok
22:52:29.0860 0x10c8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:30.0172 0x10c8  vwififlt - ok
22:52:30.0297 0x10c8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:52:30.0406 0x10c8  vwifimp - ok
22:52:30.0562 0x10c8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:52:30.0827 0x10c8  W32Time - ok
22:52:30.0952 0x10c8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:52:31.0124 0x10c8  WacomPen - ok
22:52:31.0248 0x10c8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:52:31.0467 0x10c8  WANARP - ok
22:52:31.0576 0x10c8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:52:31.0763 0x10c8  Wanarpv6 - ok
22:52:32.0200 0x10c8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:52:32.0933 0x10c8  wbengine - ok
22:52:33.0635 0x10c8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:52:34.0166 0x10c8  WbioSrvc - ok
22:52:34.0472 0x10c8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:52:34.0862 0x10c8  wcncsvc - ok
22:52:35.0033 0x10c8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:52:35.0330 0x10c8  WcsPlugInService - ok
22:52:35.0564 0x10c8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:52:35.0642 0x10c8  Wd - ok
22:52:35.0876 0x10c8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:52:36.0094 0x10c8  Wdf01000 - ok
22:52:36.0297 0x10c8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:52:36.0843 0x10c8  WdiServiceHost - ok
22:52:36.0905 0x10c8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:52:37.0030 0x10c8  WdiSystemHost - ok
22:52:37.0108 0x10c8  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
22:52:37.0451 0x10c8  WebClient - ok
22:52:37.0607 0x10c8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:52:40.0134 0x10c8  Wecsvc - ok
22:52:40.0259 0x10c8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:52:40.0556 0x10c8  wercplsupport - ok
22:52:40.0696 0x10c8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:52:40.0961 0x10c8  WerSvc - ok
22:52:41.0070 0x10c8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:41.0273 0x10c8  WfpLwf - ok
22:52:41.0414 0x10c8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:52:41.0476 0x10c8  WIMMount - ok
22:52:41.0632 0x10c8  WinDefend - ok
22:52:42.0396 0x10c8  WinHttpAutoProxySvc - ok
22:52:43.0114 0x10c8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:52:43.0582 0x10c8  Winmgmt - ok
22:52:44.0690 0x10c8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:52:46.0858 0x10c8  WinRM - ok
22:52:47.0201 0x10c8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:52:47.0607 0x10c8  WinUsb - ok
22:52:47.0981 0x10c8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:52:48.0777 0x10c8  Wlansvc - ok
22:52:49.0822 0x10c8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:52:50.0649 0x10c8  wlidsvc - ok
22:52:51.0101 0x10c8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:52:51.0990 0x10c8  WmiAcpi - ok
22:52:52.0318 0x10c8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:52:52.0708 0x10c8  wmiApSrv - ok
22:52:52.0802 0x10c8  WMPNetworkSvc - ok
22:52:53.0004 0x10c8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:52:53.0379 0x10c8  WPCSvc - ok
22:52:53.0613 0x10c8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:52:53.0909 0x10c8  WPDBusEnum - ok
22:52:53.0987 0x10c8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:52:55.0937 0x10c8  ws2ifsl - ok
22:52:56.0109 0x10c8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
22:52:56.0608 0x10c8  wscsvc - ok
22:52:56.0826 0x10c8  WSearch - ok
22:52:57.0591 0x10c8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:52:59.0073 0x10c8  wuauserv - ok
22:52:59.0354 0x10c8  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:53:01.0772 0x10c8  WudfPf - ok
22:53:02.0255 0x10c8  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:53:02.0614 0x10c8  WUDFRd - ok
22:53:02.0801 0x10c8  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:53:03.0082 0x10c8  wudfsvc - ok
22:53:03.0238 0x10c8  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:53:03.0768 0x10c8  WwanSvc - ok
22:53:03.0940 0x10c8  ================ Scan global ===============================
22:53:04.0190 0x10c8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:53:04.0283 0x10c8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:53:04.0361 0x10c8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:53:04.0564 0x10c8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:53:04.0767 0x10c8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:53:04.0845 0x10c8  [ Global ] - ok
22:53:04.0860 0x10c8  ================ Scan MBR ==================================
22:53:04.0907 0x10c8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:53:13.0971 0x10c8  \Device\Harddisk0\DR0 - ok
22:53:13.0971 0x10c8  ================ Scan VBR ==================================
22:53:14.0049 0x10c8  [ E258F6F34710B3475095B3C5FC30C2AF ] \Device\Harddisk0\DR0\Partition1
22:53:14.0049 0x10c8  \Device\Harddisk0\DR0\Partition1 - ok
22:53:14.0080 0x10c8  [ A83B0B675A5B973C18C24CFD3C530D5F ] \Device\Harddisk0\DR0\Partition2
22:53:14.0096 0x10c8  \Device\Harddisk0\DR0\Partition2 - ok
22:53:14.0096 0x10c8  ================ Scan generic autorun ======================
22:53:14.0158 0x10c8  [ 5E27890DFFAC992668476F476E88A7BF, D6F0BFBDBBDA2789F570BF8A2B303BC38662918D171F30D59EE35ED9319D7130 ] C:\Windows\system32\igfxtray.exe
22:53:16.0560 0x10c8  IgfxTray - ok
22:53:16.0950 0x10c8  [ 8C7E44B41EFF0652D38B8D7363255C85, EFA8B972CCD27A3D15EEFE7A21599CF7081361B6B4BFAA085A427C70F81153D7 ] C:\Windows\system32\hkcmd.exe
22:53:17.0106 0x10c8  HotKeysCmds - ok
22:53:17.0200 0x10c8  [ AEA0EAD1BD9D3DA5A904F40AD6AC3D4E, 2F3D6F1CF12979EFCE72842E8177A55603C9578EDCF3BEC050CDD9EAC4340602 ] C:\Windows\system32\igfxpers.exe
22:53:17.0450 0x10c8  Persistence - ok
22:53:17.0824 0x10c8  [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
22:53:18.0339 0x10c8  MSC - ok
22:53:18.0401 0x10c8  SynTPEnh - ok
22:53:18.0417 0x10c8  Conime - ok
22:53:18.0932 0x10c8  [ 7C0787598607A46A32726BA8AEAFEF18, ACE83BFFE8A4797810AB6FDA98DE4DC397CAC9EB0CC9D96D9D243153FDC16D5E ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
22:53:19.0259 0x10c8  GoogleChromeAutoLaunch_2508166E7035293F5B68CCA2D92ECB93 - ok
22:53:19.0275 0x10c8  Waiting for KSN requests completion. In queue: 5
22:53:20.0289 0x10c8  Waiting for KSN requests completion. In queue: 5
22:53:21.0303 0x10c8  Waiting for KSN requests completion. In queue: 5
22:53:22.0317 0x10c8  Waiting for KSN requests completion. In queue: 5
22:53:47.0916 0x10c8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x60000 ( disabled : updated )
22:53:49.0710 0x10c8  Win FW state via NFP2: enabled
22:53:59.0944 0x10c8  ============================================================
22:53:59.0944 0x10c8  Scan finished
22:53:59.0944 0x10c8  ============================================================
22:54:01.0988 0x12a8  Detected object count: 0
22:54:01.0988 0x12a8  Actual detected object count: 0
23:04:16.0976 0x119c  Deinitialize success

  • 0

#10
pystryker
Posted 08 April 2015 - 05:28 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

So, I've had some stalling and unresponsive pages. As a matter of fact, just now as I tried to post this. Maybe a hardware issue??


Quite possibly. Let's get a fresh set of FRST logs and if nothing is showing there, I'll direct you to the Hardware Forum so they can test your machine's hardware. :thumbsup:

Start FRST and check the Addition box.

Press the Scan button.

Upon completion of the scan, FRST will produce 2 logs: FRST.txt Log and Addition.txt Log. Please post both of those in your reply as separate replies to this topic.
  • 0

Advertisements

#11
pystryker
Posted 10 April 2015 - 05:35 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
pystryker
Posted 10 April 2015 - 05:14 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Re-opened at user request.
  • 0

#13
butterrice
Posted 13 April 2015 - 06:49 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

FRST

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Bea (administrator) on BEA-PC on 13-04-2015 20:22:30
Running from C:\Users\Bea\Desktop
Loaded Profiles: Bea (Available profiles: Bea & reba jo)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1939556421-1720677683-651779200-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP72&dt=061813
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1939556421-1720677683-651779200-1000 -> {1A739775-86FE-43E3-9677-CF6304FE9E07} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKU\S-1-5-21-1939556421-1720677683-651779200-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default
FF SelectedSearchEngine: 
FF DefaultSearchEngine: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-03] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-03] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-02-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-08-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-08-31] (Apple Inc.)
FF Extension: WOT - C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-07]
FF Extension: Bitdefender QuickScan - C:\Users\Bea\AppData\Roaming\Mozilla\Firefox\Profiles\ow3mccr6.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Bea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-05] (Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-04-10] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 20:20 - 2015-04-13 20:21 - 00000000 ____D () C:\Users\Bea\Desktop\FRST-OlderVersion
2015-04-10 23:18 - 2015-04-10 23:33 - 00000000 ____D () C:\Users\reba jo\AppData\Local\Windows Live
2015-04-07 22:44 - 2015-04-07 22:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bea\Desktop\tdsskiller.exe
2015-04-07 22:39 - 2015-04-07 22:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bea\Downloads\tdsskiller.exe
2015-04-07 06:17 - 2015-04-07 06:16 - 00852607 _____ () C:\Users\Bea\Desktop\SecurityCheck.exe
2015-04-07 06:16 - 2015-04-07 06:16 - 00852607 _____ () C:\Users\Bea\Downloads\SecurityCheck.exe
2015-04-06 23:00 - 2015-04-06 23:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-06 22:48 - 2015-04-06 22:48 - 00000000 __SHD () C:\Users\Bea\AppData\Local\EmieUserList
2015-04-06 22:48 - 2015-04-06 22:48 - 00000000 __SHD () C:\Users\Bea\AppData\Local\EmieSiteList
2015-04-06 22:45 - 2015-04-06 22:45 - 00001051 _____ () C:\Users\Bea\Desktop\MBAM.txt
2015-04-06 22:01 - 2015-04-06 22:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bea\Desktop\mbam-setup-2.1.4.1018 (1).exe
2015-04-06 22:00 - 2015-04-06 22:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bea\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-06 22:00 - 2015-04-06 22:00 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Bea\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-04-05 23:27 - 2015-04-05 23:32 - 00000000 ____D () C:\AdwCleaner
2015-04-05 23:25 - 2015-04-05 23:25 - 02208768 _____ () C:\Users\Bea\Downloads\adwcleaner_4.200.exe
2015-04-05 23:25 - 2015-04-05 23:25 - 02208768 _____ () C:\Users\Bea\Desktop\adwcleaner_4.200.exe
2015-04-05 23:23 - 2015-04-05 23:23 - 00002317 _____ () C:\Users\Bea\Desktop\JRT.txt
2015-04-05 23:13 - 2015-04-05 23:13 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BEA-PC-Windows-7-Home-Basic-(64-bit).dat
2015-04-05 23:13 - 2015-04-05 23:13 - 00000000 ____D () C:\RegBackup
2015-04-05 23:11 - 2015-04-05 23:11 - 02690981 _____ (Thisisu) C:\Users\Bea\Downloads\JRT.exe
2015-04-05 23:11 - 2015-04-05 23:11 - 02690981 _____ (Thisisu) C:\Users\Bea\Desktop\JRT.exe
2015-04-04 08:09 - 2015-04-04 08:10 - 00025851 _____ () C:\Users\Bea\Desktop\Addition.txt
2015-04-04 08:05 - 2015-04-13 20:32 - 00012416 _____ () C:\Users\Bea\Desktop\FRST.txt
2015-04-04 08:02 - 2015-04-13 20:25 - 00000000 ____D () C:\FRST
2015-04-04 08:00 - 2015-04-13 20:20 - 02096640 _____ (Farbar) C:\Users\Bea\Desktop\FRST64.exe
2015-04-04 07:59 - 2015-04-04 07:59 - 02095616 _____ (Farbar) C:\Users\Bea\Downloads\FRST64.exe
2015-04-04 07:57 - 2015-04-04 07:58 - 01135104 _____ (Farbar) C:\Users\Bea\Downloads\FRST.exe
2015-04-04 00:18 - 2015-04-04 00:18 - 00000000 ____D () C:\Users\Bea\AppData\Local\Apple
2015-04-03 23:16 - 2015-04-03 23:16 - 00000000 ____D () C:\Users\reba jo\AppData\Local\CrashDumps
2015-03-26 02:40 - 2015-03-26 02:43 - 00002016 _____ () C:\Users\reba jo\AppData\Local\installer.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 20:24 - 2013-10-08 13:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 20:22 - 2013-05-17 20:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 20:16 - 2013-10-08 13:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 20:16 - 2013-06-11 21:07 - 01664725 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 23:37 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 23:37 - 2009-07-14 00:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 23:20 - 2009-07-14 01:13 - 00782416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 23:16 - 2015-02-01 18:27 - 00003930 _____ () C:\Windows\setupact.log
2015-04-10 23:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 22:05 - 2014-07-03 18:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 22:02 - 2015-01-31 16:50 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 22:02 - 2014-07-03 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 22:02 - 2014-07-03 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-06 21:58 - 2013-03-31 23:04 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-05 23:33 - 2009-07-14 01:08 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-05 20:26 - 2015-02-02 20:43 - 00002228 _____ () C:\Windows\PFRO.log
2015-04-05 18:27 - 2015-03-03 12:57 - 00000000 ____D () C:\Users\reba jo\AppData\Roaming\Apple Computer
2015-04-04 07:48 - 2014-08-31 01:22 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-04-04 07:47 - 2014-02-04 21:43 - 00000000 ____D () C:\Users\Bea\AppData\Local\CrashDumps
2015-04-04 07:41 - 2013-09-23 16:34 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-04-04 07:38 - 2013-09-23 16:29 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-04 07:37 - 2013-09-23 16:46 - 00000000 ____D () C:\Users\Bea\AppData\Local\Eastman_Kodak_Company
2015-04-04 01:00 - 2013-10-08 13:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 00:26 - 2014-08-31 02:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-04-04 00:16 - 2013-08-19 23:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-04 00:02 - 2013-06-21 02:54 - 00000000 ____D () C:\ProgramData\Apple
2015-03-17 06:15 - 2014-07-03 18:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-03 18:32 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-03-31 21:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2014-06-25 23:24 - 2014-06-25 23:24 - 6010880 _____ () C:\Program Files (x86)\GUT48AA.tmp
2013-04-14 01:36 - 2013-04-14 01:36 - 0000218 _____ () C:\Users\Bea\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Bea\AppData\Local\Temp\Quarantine.exe
C:\Users\Bea\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 08:51
 
==================== End Of Log ============================
 
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Bea at 2015-04-13 20:38:47
Running from C:\Users\Bea\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-01-2015 22:46:17 Windows Update
11-01-2015 13:15:08 Windows Update
31-01-2015 15:51:33 Windows Update
24-02-2015 05:04:19 Windows Update
03-03-2015 12:20:37 Windows Update
03-04-2015 23:19:21 Windows Update
04-04-2015 07:39:50 Removed KODAK Cloud Software Connector.
04-04-2015 07:43:07 Removed QuickTime 7
04-04-2015 07:46:16 Removed QuickTime 7
05-04-2015 20:07:34 Restore Point Created by FRST
07-04-2015 06:42:39 Windows Update
11-04-2015 00:35:51 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-04-05 20:14 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {5AE4881A-0D6E-420B-92D6-7C01634BCADA} - System32\Tasks\{A81CEAD6-8B72-4FA3-8155-BAA032AA27CD} => C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
Task: {5CC64E69-305E-4D35-8759-0B78A0D2BBEA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {8C2F33AE-7FDA-420B-B225-3629E94A5679} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E551F96-776C-48A0-9708-A8D65D8D0DB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-03] (Adobe Systems Incorporated)
Task: {B86946A4-3466-4F9B-AFB5-DEB19ED642A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {F2055D5F-DCAA-46F5-9C8E-DCEBF15681F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Bea\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
MSCONFIG\startupreg: Fitbit Service Monitor => C:\Program Files (x86)\Fitbit\fitbit-tray.exe
MSCONFIG\startupreg: fssui => "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_140299A73DDFBEE682C1057A74DE4DC2 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Bea\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1939556421-1720677683-651779200-500 - Administrator - Disabled)
Bea (S-1-5-21-1939556421-1720677683-651779200-1000 - Administrator - Enabled) => C:\Users\Bea
Guest (S-1-5-21-1939556421-1720677683-651779200-501 - Limited - Disabled)
reba jo (S-1-5-21-1939556421-1720677683-651779200-1001 - Administrator - Enabled) => C:\Users\reba jo
 
==================== Faulty Device Manager Devices =============
 
Name: HP un2420 Mobile Broadband Module
Description: HP un2420 Mobile Broadband Module
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2015 01:48:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/11/2015 01:48:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/11/2015 01:47:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/10/2015 11:15:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 06:16:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/07/2015 00:44:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/05/2015 11:35:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/13/2015 08:37:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (04/13/2015 08:13:11 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
 
Error: (04/11/2015 10:32:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (04/10/2015 11:14:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/10/2015 11:13:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAS Core Service service failed to start due to the following error: 
%%2
 
Error: (04/06/2015 05:44:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (04/05/2015 11:34:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/05/2015 11:33:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAS Core Service service failed to start due to the following error: 
%%2
 
Error: (04/05/2015 11:32:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/05/2015 11:32:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/11/2015 01:48:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Bea\downloads\esetsmartinstaller_enu(2).exe
 
Error: (04/11/2015 01:48:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Bea\downloads\esetsmartinstaller_enu(1).exe
 
Error: (04/11/2015 01:47:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (04/10/2015 11:15:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 06:16:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (04/07/2015 00:44:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (04/05/2015 11:35:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU N455 @ 1.66GHz
Percentage of memory in use: 92%
Total physical RAM: 1011.9 MB
Available physical RAM: 72.65 MB
Total Pagefile: 2537.19 MB
Available Pagefile: 596.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:256.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: BEC8BEC8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#14
pystryker
Posted 13 April 2015 - 06:58 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hmm..I only see a couple of small items to remove, but nothing that would cause the problem you're still describing. Let's remove those items and upon successfully doing that, I'll remove my tools, update some programs on your machine and then we'll get the Hardware Techs to run some tests on your machine to check the hardware. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log
  • 0

#15
pystryker
Posted 14 April 2015 - 04:20 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi :)

Before I refer you to the Hardware forum, I have one other thing I'd like to run. Please post the fixlog when completed, and we'll go from there.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: running slow, not responding, stalls

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP