Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus browser warning & noise [Solved]

virus slow computer noisy computer

  • This topic is locked This topic is locked

#1
Feather24

Feather24

    Member

  • Member
  • PipPipPip
  • 251 posts

Hi, I have included both logs below as directed.

 

Here are the issues being presented:

 

1. Today I got a browser warning when I was (well I thought) downloading a file from a safe site.  It said that I may have downloaded a virus.

 

2. My computer is several years old now so does run slower, however over the last few months it has been very noisy and slow and often I notice that the red light is constantly on perhaps indicating that it is working hard and I'm wondering if there is a problem.

 

3. I have run a full AVG scan today (paid version) no viruses found - as part of my internet security package.  Although in the past sometimes I have found that my antivirus had been corrupted and wasn't working well (previous version) so I wanted to check all was well anyway.

 

4. I have run full scan today Malwarebytes - no malware found.

 

5. I just want to check that all is well, and that if I can improve the performance that would be good too, if there is no malware etc.

 

Thank you in advance for your time, I appreciate this service and your expertise.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran (administrator)  on 18-06-2015 20:18:44
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
(Sonix) C:\Windows\vsnp2std.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(MyHeritage) C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
(Google) C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Flux Software LLC) C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
() C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Dropbox, Inc.) C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Farbar) C:\Users\Frances\Desktop\FRST(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe [1841664 2011-09-07] (Alcatel-Lucent)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296520 2015-02-02] (RealNetworks, Inc.)
HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Family Tree Builder Update] => C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [googletalk] => C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [f.lux] => C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [] => [X]
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [MP3 Skype recorder] => C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1561472 2015-02-11] ()
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [Dropbox Update] => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-02-02]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-09-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-08-26] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\wtqcb945.default-1429894029943
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-11] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2011-09-07] (Motive, Inc.)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2015-02-02] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-02-02] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-1527785505-3915310178-3884954049-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-06-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-03]
FF HKLM\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-03]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Profile: C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (YouTube) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Google Search) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24]
CHR Extension: (Bookmark Manager) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Skype Click to Call) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1526936 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2011-03-29] (Alcatel-Lucent) [File not signed]
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-02] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [57824 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [227808 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12028032 2007-01-26] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-06-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Frances\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 20:18 - 2015-06-18 20:19 - 00023746 _____ C:\Users\Frances\Desktop\FRST.txt
2015-06-18 20:14 - 2015-06-18 20:15 - 01148416 _____ (Farbar) C:\Users\Frances\Desktop\FRST.exe
2015-06-18 20:08 - 2015-06-18 20:09 - 01148416 _____ (Farbar) C:\Users\Frances\Desktop\FRST(1).exe
2015-06-17 17:11 - 2015-06-17 17:11 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 17:08 - 2015-06-18 20:13 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA.job
2015-06-17 17:08 - 2015-06-18 17:13 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core.job
2015-06-17 17:08 - 2015-06-17 17:08 - 00000000 ____D C:\Users\Frances\AppData\Local\Dropbox
2015-06-17 17:08 - 2015-06-17 17:08 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-14 11:19 - 2015-06-14 11:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-10 16:33 - 2015-06-02 20:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 16:33 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 16:33 - 2015-05-25 18:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 16:33 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 16:33 - 2015-05-23 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 16:33 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 16:33 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 16:33 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 16:33 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 16:33 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 16:33 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 16:33 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 16:33 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 16:33 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 16:33 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 16:33 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 16:33 - 2015-05-23 04:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 16:33 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 16:33 - 2015-05-23 04:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 16:33 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 16:33 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 16:33 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 16:33 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 16:33 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 16:33 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 16:33 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 16:33 - 2015-05-23 03:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 16:33 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 16:33 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 16:33 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 16:33 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 16:33 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 16:33 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 16:33 - 2015-05-22 19:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 16:33 - 2015-05-22 19:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 16:33 - 2015-05-22 18:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 16:33 - 2015-05-21 14:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 16:33 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 16:32 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 16:32 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 16:32 - 2015-05-25 19:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 16:32 - 2015-05-25 19:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 16:32 - 2015-05-25 19:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 16:32 - 2015-05-25 19:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 16:32 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 16:32 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 16:32 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 16:32 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 16:32 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 16:32 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 16:32 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 16:31 - 2015-05-09 04:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 16:31 - 2015-05-09 04:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 16:31 - 2015-05-09 04:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 16:31 - 2015-05-09 04:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 16:31 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 16:31 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 16:31 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 16:31 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 16:31 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 16:31 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 16:31 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 16:31 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 12:51 - 2015-06-08 12:51 - 00000000 ____D C:\Users\Frances\AppData\Local\GWX
2015-06-03 12:42 - 2015-06-04 10:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 09:57 - 2015-05-19 09:57 - 00227808 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-18 20:18 - 2014-10-22 18:43 - 00000000 ____D C:\FRST
2015-06-18 20:11 - 2010-10-09 15:01 - 00000000 ____D C:\ProgramData\MFAData
2015-06-18 19:55 - 2011-02-27 13:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-18 19:53 - 2011-07-10 22:05 - 00000000 ____D C:\Program Files\VBMovies
2015-06-18 19:49 - 2012-04-01 16:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 19:28 - 2014-09-12 11:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 18:28 - 2009-07-14 05:34 - 00023568 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-18 18:28 - 2009-07-14 05:34 - 00023568 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-18 18:23 - 2011-11-03 13:04 - 00000000 ___RD C:\Users\Frances\Dropbox
2015-06-18 18:23 - 2011-11-03 13:00 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Dropbox
2015-06-18 18:23 - 2010-10-08 20:37 - 01261874 _____ C:\Windows\WindowsUpdate.log
2015-06-18 18:19 - 2014-12-10 11:22 - 00056874 _____ C:\Windows\setupact.log
2015-06-18 18:19 - 2011-02-27 13:37 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-18 18:19 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 17:22 - 2015-01-11 21:39 - 00000000 ____D C:\Users\Frances\Documents\COACHING 2015
2015-06-15 22:08 - 2010-10-11 16:43 - 00000000 ____D C:\Users\Frances\AppData\Roaming\Skype
2015-06-15 11:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-06-14 11:18 - 2015-01-07 21:48 - 00000935 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-14 11:18 - 2015-01-07 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-14 10:58 - 2015-01-07 21:44 - 00072810 _____ C:\Windows\PFRO.log
2015-06-12 17:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Branding
2015-06-11 17:57 - 2014-12-01 13:09 - 00000000 __SHD C:\Users\Frances\AppData\Local\EmieBrowserModeList
2015-06-11 17:57 - 2014-04-23 10:37 - 00000000 __SHD C:\Users\Frances\AppData\Local\EmieUserList
2015-06-11 17:57 - 2014-04-23 10:37 - 00000000 __SHD C:\Users\Frances\AppData\Local\EmieSiteList
2015-06-11 15:44 - 2014-08-19 10:36 - 00000000 ____D C:\Users\Frances\AppData\Local\Adobe
2015-06-11 15:43 - 2012-04-01 16:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-11 15:43 - 2011-06-29 11:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-11 15:39 - 2010-10-08 20:39 - 00878182 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 15:32 - 2009-07-14 05:33 - 00429856 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 15:29 - 2014-12-12 14:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 15:29 - 2014-04-23 10:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 23:39 - 2010-10-31 18:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 23:32 - 2013-07-24 01:18 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:09 - 2010-10-09 10:18 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 20:00 - 2011-02-27 13:38 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-04 10:23 - 2012-04-25 17:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 16:04 - 2010-10-11 16:42 - 00000000 ____D C:\ProgramData\Skype
2015-05-27 20:27 - 2010-11-25 15:38 - 00000000 ____D C:\Users\Frances\Documents\My Kindle Content
2015-05-26 22:10 - 2010-10-11 16:42 - 00000000 ___RD C:\Program Files\Skype
2015-05-26 12:23 - 2014-04-23 10:52 - 00000000 ____D C:\Users\Frances\AppData\Local\AVG
2015-05-22 15:55 - 2014-04-19 19:57 - 00000000 ____D C:\Users\Frances\Documents\COACHING 2014
2015-05-22 15:55 - 2010-11-11 19:48 - 00000000 ____D C:\Users\Frances\Documents\FinePrint files
2015-05-22 11:57 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 17:20 - 2015-04-05 02:32 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2011-06-27 23:28 - 2011-06-27 23:29 - 0015044 _____ () C:\Program Files\cc_20110627_232823.reg
2013-07-23 13:26 - 2013-07-23 13:27 - 0036154 _____ () C:\Program Files\cc_20130723_132652.reg
2010-11-08 16:25 - 2011-07-18 10:47 - 0004608 _____ () C:\Users\Frances\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-27 09:30 - 2011-06-27 09:30 - 0000000 _____ () C:\Users\Frances\AppData\Local\{2F0D215D-D36A-4572-8518-970B7D5F1ED4}
2011-06-07 11:10 - 2011-06-07 11:11 - 0000000 _____ () C:\Users\Frances\AppData\Local\{D0C3A833-BA01-4220-98B5-867AEE928B6A}
2010-10-11 16:43 - 2010-10-11 16:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Frances\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyh6rcu.dll
C:\Users\Frances\AppData\Local\temp\lowproc.exe
C:\Users\Frances\AppData\Local\temp\NOSEventMessages.dll
C:\Users\Frances\AppData\Local\temp\SkypeSetup.exe
C:\Users\Frances\AppData\Local\temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-15 11:15

==================== End of log ============================

 

 

 

 

 

 

Here is the additions file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Frances at 2015-06-18 20:19:47
Running from C:\Users\Frances\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1527785505-3915310178-3884954049-500 - Administrator - Disabled)
Frances (S-1-5-21-1527785505-3915310178-3884954049-1000 - Administrator - Enabled) => C:\Users\Frances
Guest (S-1-5-21-1527785505-3915310178-3884954049-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft VideoImpression 2 (HKLM\...\{244E21B9-164C-4EC1-AED8-9BD64161E66D}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{C2E455CE-A952-4711-9505-51A8898B113F}) (Version:  - ArcSoft)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2000575200.48.56.30674154 - Audible, Inc.)
Avery Wizard 3.1 (HKLM\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6030 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6030 - AVG Technologies) Hidden
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Citrix Online Launcher (HKLM\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
DriverUpdate (HKLM\...\{E3B2301A-17BB-441E-B432-FF4DC8549B8A}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Dropbox (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Easy Photo Print (HKLM\...\{F19D07BC-6240-49D3-BA5C-59B015DF8916}) (Version: 1.2.2.0 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESDX3800 User's Guide (HKLM\...\ESDX3800 User's Guide) (Version:  - )
Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Flux) (Version:  - )
FinePrint (HKLM\...\FinePrint) (Version: 6.15 - FinePrint Software, LLC)
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
IAW20 (HKLM\...\IAW20) (Version:  - )
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MP3 Skype recorder (HKLM\...\{9D33E74E-3799-4343-9F16-13AFF983366C}) (Version: 4.11.1.0 - Alexander Nikiforov)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}) (Version: 3.58.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Trust Webcam Live (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19.202_WHQL - Sonix)
TweetDeck (HKLM\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.1 - TweetDeck Inc)
TweetDeck (Version: 0.38.1 - TweetDeck Inc) Hidden
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vocal Remover (HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Vocal Remover) (Version:  - Make-Your-Own-Karaoke.com)
Vocal Remover (Version: 1.2.4 - Make-Your-Own-Karaoke.com) Hidden
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.67 - dnSoft Research Group)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\program\so_activex.dll ()
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofiltproxy.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Frances\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AvWizRes.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File

==================== Restore Points =========================

20-05-2015 17:19:04 Windows Update
28-05-2015 12:08:57 Windows Backup
31-05-2015 19:00:24 Windows Backup
07-06-2015 23:26:58 Scheduled Checkpoint
08-06-2015 13:01:01 Windows Backup
10-06-2015 23:07:14 Windows Update
14-06-2015 19:00:24 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-10-13 10:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08963739-7A34-4FFB-99F2-637925B8149D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {1935BC1B-003A-4B50-97D6-93BB055FFA80} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {22679D7D-4086-4EB3-B1D3-D73C9CAACAFF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {2B17A39E-0C7C-42A7-A404-47C0EB3FFE4F} - System32\Tasks\{6F30B801-45EE-40AC-8EE3-E56FDF76A6EF} => C:\Program Files\Amazon\Kindle For PC\KindleForPC.exe [2010-11-11] (Amazon.com)
Task: {357FA1D8-6B55-4F78-A271-529E47B56CA5} - System32\Tasks\{D21AA598-1F4F-444C-AE7E-D9A8859E4467} => pcalua.exe -a C:\Users\Frances\Downloads\AdobeAIRInstaller.exe -d C:\Users\Frances\Downloads
Task: {37718E09-EA3C-4D4F-B360-7BAA10363019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {41D8CFDB-F028-4B44-A129-AEE653CDA760} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe
Task: {4B914817-A485-4583-9854-887A8837F720} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {4EAF227E-1B23-42C5-B33C-788930E25B36} - System32\Tasks\ReclaimerUpdateXML_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {4EEDC6CB-4B67-45D4-AE9E-A78F4A409106} - System32\Tasks\{B05DA352-45C0-4F77-94B8-D5DCEB1BEECD} => pcalua.exe -a C:\Users\Frances\Downloads\avg_tuh_stf_all_2015_403_24c34.exe -d C:\Users\Frances\Downloads
Task: {503F092D-6E21-4850-B26A-6487E3255864} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51AB735F-8C70-49CF-A8C5-A7A0CD87ECEB} - System32\Tasks\{35403C0F-6676-4E10-935F-D491A61AD217} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {5624A7C3-157B-4AC9-A7AA-CE0E152CCF50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6250B84E-377D-4A84-874B-D2F32E82A01C} - System32\Tasks\ReclaimerUpdateFiles_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {64C705D5-6051-409F-B1E7-24064A1F46D8} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6BF6B37B-A150-4338-9C47-FD638B955EE6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1527785505-3915310178-3884954049-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {71F698BC-CE66-46F3-83EC-EB12707E9D91} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7B2A31D9-B908-4433-9758-CD7D2D67B211} - System32\Tasks\{E5433F60-B49A-4967-A5B6-7BABE2F0F12B} => pcalua.exe -a "C:\My Documents\My Documents\My Music\Vocal_Remover_Installer.exe" -d "C:\My Documents\My Documents\My Music"
Task: {7E89D135-9068-4AB2-A641-9EE2359532C8} - System32\Tasks\{4A096E15-7CAA-4A7D-ADA6-0FDB95784895} => Firefox.exe http://ui.skype.com/...?LastError=1618
Task: {8387BBFC-DD50-479E-9A22-4130E5AA2C12} - System32\Tasks\RNUpgradeHelperLogonPrompt_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {8FED1C95-A43C-4545-BBC1-ACDEC9711A5B} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {90395C66-3721-462E-822A-554DA714AB35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {92D75211-2C79-4A3E-A3BE-F89CFD12969E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {9306A6D6-0D90-4322-8316-C05CC2C376F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {97935E8C-972B-4116-A33C-2B139BEB07E1} - System32\Tasks\{A361237D-EC42-41F8-BF87-91BCB603F979} => pcalua.exe -a C:\Users\Frances\Desktop\EasyInstall.exe -d C:\Users\Frances\Desktop
Task: {AD759222-36F6-448D-8356-0D9419ADF487} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {BE043F62-5F1F-412B-90D0-F6DD9CBD33D4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C9AAE7A9-05CC-43B7-A100-374F864EA3E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {CBF392AA-617E-4328-826C-038BF4F7EB55} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Frances Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
Task: {CC811343-E6FB-4208-A9F5-A84BE010A58F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {CE260CC5-FB6F-44AE-AE2D-4BFBF87B632D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D18C75E8-1010-4D5E-8D27-41C3F39AC129} - System32\Tasks\RNUpgradeHelperResumePrompt_Frances => C:\Users\Frances\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-11] (RealNetworks, Inc.)
Task: {E807DD46-2652-4B36-86DA-4FE49ECC95B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {EE99BD7C-D3D9-4A01-801E-C02D2F96E0B0} - System32\Tasks\{70BEF97D-6873-4354-BFC2-0CAC1AE91DB4} => C:\Program Files\Skype\Phone\Skype.exe [2015-06-02] (Skype Technologies S.A.)
Task: {FDB802DC-8C9F-4A90-8320-64F8A7425797} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {FF56A3E0-3CEF-4C78-AADC-EA065FB9CD5F} - System32\Tasks\{DD17235B-3028-4820-A80A-2A83CB1E044E} => pcalua.exe -a "C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TADF8N04\jre-6u27-windows-i586-iftw.exe" -d C:\Users\Frances\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000Core.job => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1527785505-3915310178-3884954049-1000UA.job => C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-26 23:59 - 2014-10-26 23:59 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-02-02 12:53 - 2015-02-02 12:53 - 00865880 _____ () C:\Program Files\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00031856 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 00035976 _____ () C:\Program Files\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00039560 _____ () C:\Program Files\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00032888 _____ () C:\Program Files\Real\UpdateService\RPDSUpdatePlugin.dll
2014-10-29 20:06 - 2014-10-29 20:06 - 00560192 _____ () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
2014-10-29 20:01 - 2014-10-29 20:01 - 01382048 _____ () C:\Program Files\RealNetworks\RealDownloader\cpprest100_1_2.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2015-02-11 02:41 - 2015-02-11 02:41 - 01561472 _____ () C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
2015-06-18 18:22 - 2015-06-18 18:22 - 00043008 _____ () c:\users\frances\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyh6rcu.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-06-17 17:11 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-06-17 17:11 - 2015-03-19 08:15 - 00726016 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-17 17:11 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\110hobart.com -> 110hobart.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\114anhui.com -> 114anhui.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\123found.com -> 123found.com

There are 4028 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DE5B138F-9F0D-413F-B1E5-F3AFB45F1F82}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0B99772D-3583-4D5A-8FB2-B2BEAD3D3C0A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{17B70602-91E3-4DEA-9C5C-9CEE84326E73}C:\program files\mp3 skype recorder\mp3 skype recorder.exe] => (Allow) C:\program files\mp3 skype recorder\mp3 skype recorder.exe
FirewallRules: [UDP Query User{B18BE84B-12F4-4E70-83D5-6E71D51ECB14}C:\program files\mp3 skype recorder\mp3 skype recorder.exe] => (Allow) C:\program files\mp3 skype recorder\mp3 skype recorder.exe
FirewallRules: [{D4DCF57B-71D9-49C2-9618-6E17A7C7EA5F}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{D78C5CEF-6517-4269-B62E-4D6F1FD5FDC2}] => (Allow) C:\Program Files\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{B1838EB8-ED44-4211-A37E-DAC72C1BB475}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{08813A4A-0E3D-4346-A401-CCE4DD0357B4}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{34288A46-B4FF-403B-B072-67871552ABB7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{ACD97AA9-50B2-45E3-9C14-7E74AB5680E5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7101E9C6-AFDD-4071-9A38-FB6826035500}] => (Allow) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{19C476A6-DF16-464A-AD54-549C3ABACEF1}C:\users\frances\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\frances\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{952CEB19-5A51-468E-862F-BCDC2E704792}C:\users\frances\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\frances\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{364DEB69-FA24-4B13-882C-5A39FE069209}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB0520A7-ADEE-4E93-8327-B579D3EFAB14}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{BAFACE98-D5F6-4736-8FDE-4DEF015F27FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CE47D11C-31EE-41A5-871C-86EF76574731}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0D8790B9-AB58-45BB-A40C-3EDF00783C66}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{24C24DE1-163A-40C6-BBD6-CAE0CDB82A39}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{0D97B61C-AC40-4C70-8E81-8D6B86F685DD}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{541A7A45-AB0E-4E04-95F4-5A1B5D07A8F0}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{EE5F0BB2-77F8-4E76-A438-ED8DE1834EAA}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{563C2249-E489-441A-AF2C-B24B2CE5F653}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053


System errors:
=============
Error: (06/18/2015 06:20:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (06/18/2015 06:16:55 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (06/15/2015 08:26:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 08:26:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 07:24:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 07:24:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 07:20:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 07:20:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 07:10:37 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/15/2015 07:10:37 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office:
=========================
Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:39:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:38:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:37:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 196: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:36:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2015 10:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 464: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (06/15/2015 10:35:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 2037.49 MB
Available physical RAM: 916.98 MB
Total Pagefile: 4074.98 MB
Available Pagefile: 2520.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:107.96 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:9.42 GB) NTFS
Drive f: () (Fixed) (Total:54.99 GB) (Free:11.9 GB) NTFS
Drive g: (TOSHIBA HDD) (Fixed) (Total:465.65 GB) (Free:146.6 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D820D820)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2B1EBCE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: AA4B0B5E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End of log ============================


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Sorry for the delay in answering your topic. We do get quite busy around here sometimes. :)

What we'll do is clean up a few things I see in your log. Then we'll run some scans with other tools to check for other things. Then once we're done with that, we'll get the tech guys to run some tests on your machine to test the hardware. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
S3 catchme; \??\C:\Users\Frances\AppData\Local\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.

Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

TDSSKiller Log

  • 0

#3
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi Pystryker, thanks for your help.  I just saw this message today June 22nd, I was expecting a email notification and checked back here as I hadn't received one. 

 

I'll work on this today.  Just so you know what is happening.

 

PS I am having problems find the box you mention to get notifications instantly.  I'm following the topic.  Can you help further please so I can ensure I get your responses.

 

At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

 

thanks


Edited by Feather24, 22 June 2015 - 05:59 AM.

  • 0

#4
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Ok so first log posted below.

 

I took off my antivirus as directed, however left on my firewall I assume that was ok?

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Frances at 2015-06-22 12:09:25 Run:1
Running from C:\Users\Frances\Desktop
Loaded Profiles: Frances (Available Profiles: Frances)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
S3 catchme; \??\C:\Users\Frances\AppData\Local\Temp\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully.
catchme => Service removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully.
"HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Classes\exefile" => key removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {887CA21F-C5A5-4F84-97B3-F785F96FA4A0}.
Unable to cancel {66113796-36B1-4F05-A7F7-4EC960132102}.
Unable to cancel {DE52CE5A-3556-4DF9-8EAD-026F3B23A0E3}.
Unable to cancel {023C8E17-D66B-4213-AFBB-C03281F6AE86}.
0 out of 4 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:19:02 ====


  • 0

#5
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Second log:

 

12:47:33.0204 0x03c4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:47:39.0004 0x03c4  ============================================================
12:47:39.0004 0x03c4  Current date / time: 2015/06/22 12:47:39.0004
12:47:39.0004 0x03c4  SystemInfo:
12:47:39.0005 0x03c4  
12:47:39.0005 0x03c4  OS Version: 6.1.7601 ServicePack: 1.0
12:47:39.0005 0x03c4  Product type: Workstation
12:47:39.0005 0x03c4  ComputerName: FRANCES-PC
12:47:39.0005 0x03c4  UserName: Frances
12:47:39.0005 0x03c4  Windows directory: C:\Windows
12:47:39.0005 0x03c4  System windows directory: C:\Windows
12:47:39.0005 0x03c4  Processor architecture: Intel x86
12:47:39.0005 0x03c4  Number of processors: 2
12:47:39.0005 0x03c4  Page size: 0x1000
12:47:39.0005 0x03c4  Boot type: Normal boot
12:47:39.0005 0x03c4  ============================================================
12:47:40.0528 0x03c4  KLMD registered as C:\Windows\system32\drivers\17714614.sys
12:47:40.0711 0x03c4  System UUID: {9B14B84D-A541-CF04-542B-6D1325000C95}
12:47:41.0359 0x03c4  Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:47:41.0364 0x03c4  Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 ( 232.88 Gb ), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
12:47:41.0366 0x03c4  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:47:41.0816 0x03c4  ============================================================
12:47:41.0816 0x03c4  \Device\Harddisk0\DR0:
12:47:41.0821 0x03c4  MBR partitions:
12:47:41.0821 0x03c4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
12:47:41.0838 0x03c4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x6DFCE0C
12:47:41.0838 0x03c4  \Device\Harddisk1\DR1:
12:47:41.0838 0x03c4  MBR partitions:
12:47:41.0838 0x03c4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:47:41.0838 0x03c4  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
12:47:41.0838 0x03c4  \Device\Harddisk2\DR2:
12:47:41.0839 0x03c4  MBR partitions:
12:47:41.0839 0x03c4  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
12:47:41.0839 0x03c4  ============================================================
12:47:41.0865 0x03c4  C: <-> \Device\Harddisk1\DR1\Partition2
12:47:41.0901 0x03c4  E: <-> \Device\Harddisk0\DR0\Partition1
12:47:41.0948 0x03c4  F: <-> \Device\Harddisk0\DR0\Partition2
12:47:41.0949 0x03c4  G: <-> \Device\Harddisk2\DR2\Partition1
12:47:41.0949 0x03c4  ============================================================
12:47:41.0949 0x03c4  Initialize success
12:47:41.0949 0x03c4  ============================================================
12:48:39.0398 0x14ac  ============================================================
12:48:39.0398 0x14ac  Scan started
12:48:39.0398 0x14ac  Mode: Manual; SigCheck; TDLFS;
12:48:39.0398 0x14ac  ============================================================
12:48:39.0398 0x14ac  KSN ping started
12:48:41.0791 0x14ac  KSN ping finished: true
12:48:43.0670 0x14ac  ================ Scan system memory ========================
12:48:43.0670 0x14ac  System memory - ok
12:48:43.0671 0x14ac  ================ Scan services =============================
12:48:43.0778 0x14ac  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:48:43.0904 0x14ac  1394ohci - ok
12:48:43.0939 0x14ac  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:48:43.0963 0x14ac  ACPI - ok
12:48:43.0982 0x14ac  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:48:44.0063 0x14ac  AcpiPmi - ok
12:48:44.0138 0x14ac  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:48:44.0156 0x14ac  AdobeARMservice - ok
12:48:44.0209 0x14ac  [ 7C58046ACEAF10525077BD586A740E9F, E26D446EDB158A9EDA7FC7E1DA650FA8896748B7DEB9FDBF5BD4352ACF01B721 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:48:44.0231 0x14ac  AdobeFlashPlayerUpdateSvc - ok
12:48:44.0273 0x14ac  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:48:44.0303 0x14ac  adp94xx - ok
12:48:44.0327 0x14ac  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:48:44.0352 0x14ac  adpahci - ok
12:48:44.0366 0x14ac  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:48:44.0385 0x14ac  adpu320 - ok
12:48:44.0409 0x14ac  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:48:44.0468 0x14ac  AeLookupSvc - ok
12:48:44.0486 0x14ac  [ A7B8A3A79D35215D798A300DF49ED23F, D441633C0F8E22F8976B95D6A3DCD552AA07C616AC5FE4379472954F7BE6075E ] Afc             C:\Windows\system32\drivers\Afc.sys
12:48:44.0512 0x14ac  Afc - detected UnsignedFile.Multi.Generic ( 1 )
12:48:46.0923 0x14ac  Detect skipped due to KSN trusted
12:48:46.0923 0x14ac  Afc - ok
12:48:46.0961 0x14ac  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
12:48:47.0036 0x14ac  AFD - ok
12:48:47.0062 0x14ac  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:48:47.0078 0x14ac  agp440 - ok
12:48:47.0101 0x14ac  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:48:47.0118 0x14ac  aic78xx - ok
12:48:47.0138 0x14ac  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:48:47.0183 0x14ac  ALG - ok
12:48:47.0203 0x14ac  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:48:47.0218 0x14ac  aliide - ok
12:48:47.0232 0x14ac  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:48:47.0248 0x14ac  amdagp - ok
12:48:47.0280 0x14ac  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:48:47.0295 0x14ac  amdide - ok
12:48:47.0312 0x14ac  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:48:47.0364 0x14ac  AmdK8 - ok
12:48:47.0381 0x14ac  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:48:47.0412 0x14ac  AmdPPM - ok
12:48:47.0443 0x14ac  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:48:47.0461 0x14ac  amdsata - ok
12:48:47.0482 0x14ac  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:48:47.0502 0x14ac  amdsbs - ok
12:48:47.0517 0x14ac  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:48:47.0532 0x14ac  amdxata - ok
12:48:47.0561 0x14ac  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
12:48:47.0614 0x14ac  AppID - ok
12:48:47.0632 0x14ac  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:48:47.0667 0x14ac  AppIDSvc - ok
12:48:47.0700 0x14ac  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
12:48:47.0757 0x14ac  Appinfo - ok
12:48:47.0829 0x14ac  [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:48:47.0850 0x14ac  Apple Mobile Device - ok
12:48:47.0874 0x14ac  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:48:47.0891 0x14ac  arc - ok
12:48:47.0904 0x14ac  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:48:47.0922 0x14ac  arcsas - ok
12:48:47.0997 0x14ac  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:48:48.0027 0x14ac  aspnet_state - ok
12:48:48.0043 0x14ac  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:48:48.0141 0x14ac  AsyncMac - ok
12:48:48.0156 0x14ac  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:48:48.0171 0x14ac  atapi - ok
12:48:48.0215 0x14ac  [ 44FA26470D4C8123CCF71F4200B782D3, 924E8157E2B09092E95551CA5095F6262E408FAFBA8A01FCB254928B801343BA ] athrusb         C:\Windows\system32\DRIVERS\athrusb.sys
12:48:48.0292 0x14ac  athrusb - ok
12:48:48.0336 0x14ac  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:48:48.0393 0x14ac  AudioEndpointBuilder - ok
12:48:48.0427 0x14ac  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:48:48.0458 0x14ac  Audiosrv - ok
12:48:48.0503 0x14ac  [ 6FF619B5DD6C05DB3D8BA4888EE06B03, 945FC37D86BE7B2B81276988EBD78FB24300F330625134058A8AE6D3FBC44E60 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
12:48:48.0537 0x14ac  Avgdiskx - ok
12:48:48.0564 0x14ac  [ CD5A8C9B5EC3DD40350B51A9168B1EEB, D29246DE5D9A147F5D85963CA50F47D8459B28D2A10F13F8F0CA148D0DC2BC13 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6x.sys
12:48:48.0581 0x14ac  Avgfwfd - ok
12:48:48.0777 0x14ac  [ AAC478C8367818711A76738448C1165A, BEAC7F2F066F5D6ADA3F37D897C737715B7D34BC96D0EEE73E34087E3BDEE639 ] avgfws          C:\Program Files\AVG\AVG2015\avgfws.exe
12:48:48.0867 0x14ac  avgfws - ok
12:48:49.0017 0x14ac  [ DF1D6A57455998307972AF57FE8739C7, 48E608656B4B0F1A92DB180D5CC3414467B41B9C212D91CC7E0086454B7DADC7 ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
12:48:49.0177 0x14ac  AVGIDSAgent - ok
12:48:49.0224 0x14ac  [ E11EF5AF494D9E7EF5B4B3172130EB43, 17DBC2FAE11117EDD09D256735B4E03AD6ADD4D02D14BDA9410BA40F5747177F ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
12:48:49.0257 0x14ac  AVGIDSDriver - ok
12:48:49.0282 0x14ac  [ 5F122F67CA4A675DC1D0D0A92E3A2649, DB7F1ED48829D5404CFE65F96D2292187592237ACBAF5E5680B983E5332EFB5B ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
12:48:49.0303 0x14ac  AVGIDSHX - ok
12:48:49.0323 0x14ac  [ 73071EDF26739B6A364A4FA2C1744500, 87CE03E566417DAC756605DCCAEF295586D1A4E4E26DC2968E06EF1FFEBB4E8F ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
12:48:49.0339 0x14ac  AVGIDSShim - ok
12:48:49.0362 0x14ac  [ 5897D0F8F83A9FD81F48F64324221EC9, CAC18B1D773C01D556DA929746032A82E64A2F693CACCE25144172691A8F9626 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
12:48:49.0384 0x14ac  Avgldx86 - ok
12:48:49.0432 0x14ac  [ B14F65F3ADBABCA40EABDFF7E7BFCD78, 7CC15E34A5203D02BB996BD072A71FE2BF498694EABAE79CF3389044F6D10164 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
12:48:49.0456 0x14ac  Avglogx - ok
12:48:49.0487 0x14ac  [ F17B8021ABE1A0735F23D58089CF9A4F, D3787243C5EBAE64031773BC9B8324120250F989EBCA52A3FB78E7D3D4E05DD0 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
12:48:49.0507 0x14ac  Avgmfx86 - ok
12:48:49.0531 0x14ac  [ 33744E25E83260527272125F5624FFC6, CDB7DEA22124CCC3DB98BCC3588B2D6F1B35EE3B49947E1F5EE2BC33967815E5 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
12:48:49.0547 0x14ac  Avgrkx86 - ok
12:48:49.0579 0x14ac  [ 447EBE39752B0AEC7D646F4CF4D8AA19, 4BFD479030BDC8D2923C4B9E1C2233CA9387138A449596274780AEC2514735AA ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
12:48:49.0601 0x14ac  Avgtdix - ok
12:48:49.0653 0x14ac  [ C9800EB63BFD55E5C176CAAB1084503A, CF19965C3A697D9AF6F8ACE9F2C8F95E8F7A39EC0595BADBD7932E2FB9C89A24 ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
12:48:49.0681 0x14ac  avgwd - ok
12:48:49.0709 0x14ac  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:48:49.0791 0x14ac  AxInstSV - ok
12:48:49.0832 0x14ac  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
12:48:49.0909 0x14ac  b06bdrv - ok
12:48:49.0934 0x14ac  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:48:49.0976 0x14ac  b57nd60x - ok
12:48:50.0026 0x14ac  [ 2E552B658273B90251E0441631DE2CA3, EE6D42A9D95E8D53B5DBF9A3F195C63505CCB9C59C63E4BF7014CDC528217723 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:48:50.0041 0x14ac  BcmSqlStartupSvc - ok
12:48:50.0069 0x14ac  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:48:50.0151 0x14ac  BDESVC - ok
12:48:50.0169 0x14ac  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:48:50.0220 0x14ac  Beep - ok
12:48:50.0269 0x14ac  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
12:48:50.0344 0x14ac  BFE - ok
12:48:50.0392 0x14ac  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\system32\qmgr.dll
12:48:50.0610 0x14ac  BITS - ok
12:48:50.0631 0x14ac  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:48:50.0653 0x14ac  blbdrive - ok
12:48:50.0705 0x14ac  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:48:50.0731 0x14ac  Bonjour Service - ok
12:48:50.0763 0x14ac  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:48:50.0822 0x14ac  bowser - ok
12:48:50.0839 0x14ac  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:48:50.0910 0x14ac  BrFiltLo - ok
12:48:50.0923 0x14ac  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:48:50.0959 0x14ac  BrFiltUp - ok
12:48:50.0984 0x14ac  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:48:51.0020 0x14ac  BridgeMP - ok
12:48:51.0050 0x14ac  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
12:48:51.0108 0x14ac  Browser - ok
12:48:51.0133 0x14ac  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:48:51.0194 0x14ac  Brserid - ok
12:48:51.0213 0x14ac  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:48:51.0234 0x14ac  BrSerWdm - ok
12:48:51.0262 0x14ac  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:48:51.0281 0x14ac  BrUsbMdm - ok
12:48:51.0296 0x14ac  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:48:51.0330 0x14ac  BrUsbSer - ok
12:48:51.0352 0x14ac  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:48:51.0372 0x14ac  BTHMODEM - ok
12:48:51.0402 0x14ac  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:48:51.0442 0x14ac  bthserv - ok
12:48:51.0574 0x14ac  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:48:51.0649 0x14ac  c2cautoupdatesvc - ok
12:48:51.0741 0x14ac  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:48:51.0828 0x14ac  c2cpnrsvc - ok
12:48:51.0852 0x14ac  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:48:51.0898 0x14ac  cdfs - ok
12:48:51.0931 0x14ac  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:48:51.0969 0x14ac  cdrom - ok
12:48:51.0997 0x14ac  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:48:52.0044 0x14ac  CertPropSvc - ok
12:48:52.0074 0x14ac  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:48:52.0112 0x14ac  circlass - ok
12:48:52.0143 0x14ac  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
12:48:52.0167 0x14ac  CLFS - ok
12:48:52.0219 0x14ac  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:48:52.0237 0x14ac  clr_optimization_v2.0.50727_32 - ok
12:48:52.0262 0x14ac  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:48:52.0319 0x14ac  clr_optimization_v4.0.30319_32 - ok
12:48:52.0333 0x14ac  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:48:52.0352 0x14ac  CmBatt - ok
12:48:52.0374 0x14ac  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:48:52.0390 0x14ac  cmdide - ok
12:48:52.0425 0x14ac  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
12:48:52.0464 0x14ac  CNG - ok
12:48:52.0482 0x14ac  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:48:52.0497 0x14ac  Compbatt - ok
12:48:52.0515 0x14ac  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:48:52.0535 0x14ac  CompositeBus - ok
12:48:52.0542 0x14ac  COMSysApp - ok
12:48:52.0557 0x14ac  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:48:52.0573 0x14ac  crcdisk - ok
12:48:52.0637 0x14ac  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:48:52.0673 0x14ac  CryptSvc - ok
12:48:52.0711 0x14ac  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:48:52.0770 0x14ac  DcomLaunch - ok
12:48:52.0813 0x14ac  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:48:52.0868 0x14ac  defragsvc - ok
12:48:52.0901 0x14ac  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:48:52.0950 0x14ac  DfsC - ok
12:48:52.0983 0x14ac  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:48:53.0076 0x14ac  Dhcp - ok
12:48:53.0166 0x14ac  [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:48:53.0276 0x14ac  DiagTrack - ok
12:48:53.0297 0x14ac  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:48:53.0350 0x14ac  discache - ok
12:48:53.0370 0x14ac  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:48:53.0386 0x14ac  Disk - ok
12:48:53.0413 0x14ac  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:48:53.0444 0x14ac  Dnscache - ok
12:48:53.0476 0x14ac  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:48:53.0531 0x14ac  dot3svc - ok
12:48:53.0562 0x14ac  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
12:48:53.0612 0x14ac  DPS - ok
12:48:53.0639 0x14ac  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:48:53.0681 0x14ac  drmkaud - ok
12:48:53.0735 0x14ac  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:48:53.0787 0x14ac  DXGKrnl - ok
12:48:53.0834 0x14ac  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:48:53.0884 0x14ac  EapHost - ok
12:48:54.0003 0x14ac  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
12:48:54.0171 0x14ac  ebdrv - ok
12:48:54.0213 0x14ac  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] EFS             C:\Windows\System32\lsass.exe
12:48:54.0251 0x14ac  EFS - ok
12:48:54.0312 0x14ac  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:48:54.0377 0x14ac  ehRecvr - ok
12:48:54.0407 0x14ac  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
12:48:54.0476 0x14ac  ehSched - ok
12:48:54.0518 0x14ac  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:48:54.0568 0x14ac  elxstor - ok
12:48:54.0592 0x14ac  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:48:54.0628 0x14ac  ErrDev - ok
12:48:54.0675 0x14ac  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:48:54.0735 0x14ac  EventSystem - ok
12:48:54.0760 0x14ac  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:48:54.0812 0x14ac  exfat - ok
12:48:54.0833 0x14ac  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:48:54.0872 0x14ac  fastfat - ok
12:48:54.0913 0x14ac  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
12:48:54.0999 0x14ac  Fax - ok
12:48:55.0017 0x14ac  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:48:55.0051 0x14ac  fdc - ok
12:48:55.0082 0x14ac  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:48:55.0117 0x14ac  fdPHost - ok
12:48:55.0128 0x14ac  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:48:55.0175 0x14ac  FDResPub - ok
12:48:55.0183 0x14ac  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:48:55.0199 0x14ac  FileInfo - ok
12:48:55.0218 0x14ac  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:48:55.0269 0x14ac  Filetrace - ok
12:48:55.0292 0x14ac  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:48:55.0309 0x14ac  flpydisk - ok
12:48:55.0333 0x14ac  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:48:55.0354 0x14ac  FltMgr - ok
12:48:55.0408 0x14ac  [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache       C:\Windows\system32\FntCache.dll
12:48:55.0506 0x14ac  FontCache - ok
12:48:55.0577 0x14ac  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:48:55.0597 0x14ac  FontCache3.0.0.0 - ok
12:48:55.0638 0x14ac  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:48:55.0654 0x14ac  FsDepends - ok
12:48:55.0675 0x14ac  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:48:55.0691 0x14ac  Fs_Rec - ok
12:48:55.0710 0x14ac  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:48:55.0734 0x14ac  fvevol - ok
12:48:55.0743 0x14ac  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:48:55.0760 0x14ac  gagp30kx - ok
12:48:55.0774 0x14ac  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:48:55.0786 0x14ac  GEARAspiWDM - ok
12:48:55.0840 0x14ac  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:48:55.0915 0x14ac  gpsvc - ok
12:48:55.0968 0x14ac  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:48:55.0983 0x14ac  gupdate - ok
12:48:55.0990 0x14ac  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:48:56.0004 0x14ac  gupdatem - ok
12:48:56.0050 0x14ac  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:48:56.0068 0x14ac  gusvc - ok
12:48:56.0080 0x14ac  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:48:56.0126 0x14ac  hcw85cir - ok
12:48:56.0158 0x14ac  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:48:56.0199 0x14ac  HdAudAddService - ok
12:48:56.0225 0x14ac  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:48:56.0261 0x14ac  HDAudBus - ok
12:48:56.0279 0x14ac  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:48:56.0297 0x14ac  HidBatt - ok
12:48:56.0313 0x14ac  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:48:56.0350 0x14ac  HidBth - ok
12:48:56.0370 0x14ac  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:48:56.0391 0x14ac  HidIr - ok
12:48:56.0424 0x14ac  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
12:48:56.0460 0x14ac  hidserv - ok
12:48:56.0485 0x14ac  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:48:56.0521 0x14ac  HidUsb - ok
12:48:56.0547 0x14ac  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:48:56.0597 0x14ac  hkmsvc - ok
12:48:56.0632 0x14ac  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:48:56.0695 0x14ac  HomeGroupListener - ok
12:48:56.0721 0x14ac  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:48:56.0760 0x14ac  HomeGroupProvider - ok
12:48:56.0788 0x14ac  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:48:56.0805 0x14ac  HpSAMD - ok
12:48:56.0842 0x14ac  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:48:56.0894 0x14ac  HTTP - ok
12:48:56.0927 0x14ac  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:48:56.0941 0x14ac  hwpolicy - ok
12:48:56.0963 0x14ac  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:48:56.0983 0x14ac  i8042prt - ok
12:48:57.0012 0x14ac  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:48:57.0037 0x14ac  iaStorV - ok
12:48:57.0099 0x14ac  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:48:57.0158 0x14ac  idsvc - ok
12:48:57.0169 0x14ac  IEEtwCollectorService - ok
12:48:57.0355 0x14ac  [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:48:57.0569 0x14ac  igfx - ok
12:48:57.0615 0x14ac  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:48:57.0631 0x14ac  iirsp - ok
12:48:57.0683 0x14ac  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:48:57.0737 0x14ac  IKEEXT - ok
12:48:57.0768 0x14ac  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:48:57.0783 0x14ac  intelide - ok
12:48:57.0800 0x14ac  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:48:57.0835 0x14ac  intelppm - ok
12:48:57.0864 0x14ac  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:48:57.0902 0x14ac  IPBusEnum - ok
12:48:57.0914 0x14ac  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:48:57.0950 0x14ac  IpFilterDriver - ok
12:48:58.0009 0x14ac  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:48:58.0092 0x14ac  iphlpsvc - ok
12:48:58.0113 0x14ac  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:48:58.0146 0x14ac  IPMIDRV - ok
12:48:58.0163 0x14ac  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:48:58.0201 0x14ac  IPNAT - ok
12:48:58.0242 0x14ac  [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:48:58.0292 0x14ac  iPod Service - ok
12:48:58.0309 0x14ac  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:48:58.0362 0x14ac  IRENUM - ok
12:48:58.0369 0x14ac  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:48:58.0387 0x14ac  isapnp - ok
12:48:58.0417 0x14ac  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:48:58.0440 0x14ac  iScsiPrt - ok
12:48:58.0455 0x14ac  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:48:58.0472 0x14ac  kbdclass - ok
12:48:58.0485 0x14ac  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:48:58.0504 0x14ac  kbdhid - ok
12:48:58.0524 0x14ac  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] KeyIso          C:\Windows\system32\lsass.exe
12:48:58.0542 0x14ac  KeyIso - ok
12:48:58.0571 0x14ac  [ 3C9D9DFCF517103677D7B6255C727B48, F03252C1EF131AC4FEB83983B7BB3BAAACE0EEB0B1CFA06D0E04A156D527A0FD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:48:58.0588 0x14ac  KSecDD - ok
12:48:58.0616 0x14ac  [ 0DFC56491C8B56A35AD52EAF770752FE, C887D6A06DD691DB6E6DC73D2ED0072FE5430F46F85111338196CF342C5892D0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:48:58.0635 0x14ac  KSecPkg - ok
12:48:58.0660 0x14ac  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:48:58.0720 0x14ac  KtmRm - ok
12:48:58.0749 0x14ac  [ 6C32BFEAB708915D6BBF4B20D4F3EF7B, 140516B5D8600DF4C2653E37D672E40D93E021D0883161EB6E4EB5C09E68FB91 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
12:48:58.0768 0x14ac  L1C - ok
12:48:58.0786 0x14ac  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:48:58.0826 0x14ac  LanmanServer - ok
12:48:58.0842 0x14ac  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:48:58.0927 0x14ac  LanmanWorkstation - ok
12:48:58.0958 0x14ac  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:48:59.0005 0x14ac  lltdio - ok
12:48:59.0045 0x14ac  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:48:59.0101 0x14ac  lltdsvc - ok
12:48:59.0120 0x14ac  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:48:59.0155 0x14ac  lmhosts - ok
12:48:59.0178 0x14ac  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:48:59.0196 0x14ac  LSI_FC - ok
12:48:59.0210 0x14ac  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:48:59.0228 0x14ac  LSI_SAS - ok
12:48:59.0246 0x14ac  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:48:59.0263 0x14ac  LSI_SAS2 - ok
12:48:59.0283 0x14ac  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:48:59.0301 0x14ac  LSI_SCSI - ok
12:48:59.0313 0x14ac  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:48:59.0366 0x14ac  luafv - ok
12:48:59.0407 0x14ac  [ 3C21F7E95FFCA33EF1A83AA33D9663CF, C843116969E1CDBA45AEF98B33BEDBA9200C62CDB52CD7056CE6768A1EF3A637 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:48:59.0420 0x14ac  MBAMProtector - ok
12:48:59.0491 0x14ac  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
12:48:59.0562 0x14ac  MBAMService - ok
12:48:59.0589 0x14ac  [ 167BCE00050B19DA25065335645A3C7A, 5CD3EA3E09B4ED318AB6151F56A17B0E4C8CE32DBB77342A39DEF53908F7D2F0 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:48:59.0602 0x14ac  MBAMWebAccessControl - ok
12:48:59.0646 0x14ac  [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
12:48:59.0681 0x14ac  McciCMService - detected UnsignedFile.Multi.Generic ( 1 )
12:49:02.0086 0x14ac  Detect skipped due to KSN trusted
12:49:02.0086 0x14ac  McciCMService - ok
12:49:02.0110 0x14ac  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:49:02.0132 0x14ac  Mcx2Svc - ok
12:49:02.0158 0x14ac  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:49:02.0174 0x14ac  megasas - ok
12:49:02.0196 0x14ac  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:49:02.0219 0x14ac  MegaSR - ok
12:49:02.0265 0x14ac  Microsoft SharePoint Workspace Audit Service - ok
12:49:02.0290 0x14ac  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:49:02.0326 0x14ac  MMCSS - ok
12:49:02.0344 0x14ac  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:49:02.0390 0x14ac  Modem - ok
12:49:02.0406 0x14ac  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:49:02.0442 0x14ac  monitor - ok
12:49:02.0478 0x14ac  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:49:02.0494 0x14ac  mouclass - ok
12:49:02.0501 0x14ac  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:49:02.0537 0x14ac  mouhid - ok
12:49:02.0571 0x14ac  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:49:02.0591 0x14ac  mountmgr - ok
12:49:02.0623 0x14ac  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:49:02.0642 0x14ac  MozillaMaintenance - ok
12:49:02.0662 0x14ac  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:49:02.0681 0x14ac  mpio - ok
12:49:02.0697 0x14ac  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:49:02.0741 0x14ac  mpsdrv - ok
12:49:02.0786 0x14ac  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:49:02.0846 0x14ac  MpsSvc - ok
12:49:02.0877 0x14ac  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:49:02.0895 0x14ac  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
12:49:05.0382 0x14ac  Detect skipped due to KSN trusted
12:49:05.0382 0x14ac  MREMP50 - ok
12:49:05.0407 0x14ac  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:49:05.0415 0x14ac  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
12:49:15.0499 0x14ac  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
12:49:17.0929 0x14ac  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:49:17.0971 0x14ac  MRxDAV - ok
12:49:17.0990 0x14ac  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:49:18.0031 0x14ac  mrxsmb - ok
12:49:18.0054 0x14ac  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:49:18.0078 0x14ac  mrxsmb10 - ok
12:49:18.0088 0x14ac  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:49:18.0109 0x14ac  mrxsmb20 - ok
12:49:18.0124 0x14ac  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:49:18.0140 0x14ac  msahci - ok
12:49:18.0166 0x14ac  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:49:18.0185 0x14ac  msdsm - ok
12:49:18.0203 0x14ac  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:49:18.0227 0x14ac  MSDTC - ok
12:49:18.0248 0x14ac  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:49:18.0306 0x14ac  Msfs - ok
12:49:18.0329 0x14ac  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:49:18.0378 0x14ac  mshidkmdf - ok
12:49:18.0401 0x14ac  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:49:18.0415 0x14ac  msisadrv - ok
12:49:18.0439 0x14ac  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:49:18.0477 0x14ac  MSiSCSI - ok
12:49:18.0483 0x14ac  msiserver - ok
12:49:18.0496 0x14ac  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:49:18.0545 0x14ac  MSKSSRV - ok
12:49:18.0551 0x14ac  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:49:18.0591 0x14ac  MSPCLOCK - ok
12:49:18.0599 0x14ac  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:49:18.0635 0x14ac  MSPQM - ok
12:49:18.0645 0x14ac  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:49:18.0665 0x14ac  MsRPC - ok
12:49:18.0686 0x14ac  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:49:18.0702 0x14ac  mssmbios - ok
12:49:18.0749 0x14ac  MSSQL$MSSMLBIZ - ok
12:49:18.0787 0x14ac  [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:49:18.0802 0x14ac  MSSQLServerADHelper100 - ok
12:49:18.0816 0x14ac  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:49:18.0851 0x14ac  MSTEE - ok
12:49:18.0857 0x14ac  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:49:18.0886 0x14ac  MTConfig - ok
12:49:18.0893 0x14ac  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:49:18.0911 0x14ac  Mup - ok
12:49:18.0950 0x14ac  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
12:49:18.0993 0x14ac  napagent - ok
12:49:19.0018 0x14ac  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:49:19.0047 0x14ac  NativeWifiP - ok
12:49:19.0088 0x14ac  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:49:19.0134 0x14ac  NDIS - ok
12:49:19.0199 0x14ac  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:49:19.0254 0x14ac  NdisCap - ok
12:49:19.0274 0x14ac  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:49:19.0307 0x14ac  NdisTapi - ok
12:49:19.0326 0x14ac  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:49:19.0360 0x14ac  Ndisuio - ok
12:49:19.0387 0x14ac  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:49:19.0438 0x14ac  NdisWan - ok
12:49:19.0468 0x14ac  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:49:19.0502 0x14ac  NDProxy - ok
12:49:19.0509 0x14ac  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:49:19.0544 0x14ac  NetBIOS - ok
12:49:19.0570 0x14ac  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:49:19.0608 0x14ac  NetBT - ok
12:49:19.0634 0x14ac  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] Netlogon        C:\Windows\system32\lsass.exe
12:49:19.0652 0x14ac  Netlogon - ok
12:49:19.0695 0x14ac  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:49:19.0740 0x14ac  Netman - ok
12:49:19.0767 0x14ac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:49:19.0796 0x14ac  NetMsmqActivator - ok
12:49:19.0805 0x14ac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:49:19.0827 0x14ac  NetPipeActivator - ok
12:49:19.0854 0x14ac  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:49:19.0902 0x14ac  netprofm - ok
12:49:19.0912 0x14ac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:49:19.0933 0x14ac  NetTcpActivator - ok
12:49:19.0942 0x14ac  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:49:19.0963 0x14ac  NetTcpPortSharing - ok
12:49:19.0977 0x14ac  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:49:19.0993 0x14ac  nfrd960 - ok
12:49:20.0024 0x14ac  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:49:20.0087 0x14ac  NlaSvc - ok
12:49:20.0095 0x14ac  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:49:20.0148 0x14ac  Npfs - ok
12:49:20.0180 0x14ac  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:49:20.0249 0x14ac  nsi - ok
12:49:20.0266 0x14ac  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:49:20.0300 0x14ac  nsiproxy - ok
12:49:20.0367 0x14ac  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:49:20.0431 0x14ac  Ntfs - ok
12:49:20.0449 0x14ac  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:49:20.0501 0x14ac  Null - ok
12:49:20.0533 0x14ac  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:49:20.0551 0x14ac  nvraid - ok
12:49:20.0574 0x14ac  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:49:20.0594 0x14ac  nvstor - ok
12:49:20.0609 0x14ac  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:49:20.0627 0x14ac  nv_agp - ok
12:49:20.0647 0x14ac  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:49:20.0681 0x14ac  ohci1394 - ok
12:49:20.0712 0x14ac  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:20.0729 0x14ac  ose - ok
12:49:20.0908 0x14ac  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:49:21.0109 0x14ac  osppsvc - ok
12:49:21.0155 0x14ac  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:49:21.0236 0x14ac  p2pimsvc - ok
12:49:21.0266 0x14ac  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:49:21.0296 0x14ac  p2psvc - ok
12:49:21.0332 0x14ac  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:49:21.0365 0x14ac  Parport - ok
12:49:21.0387 0x14ac  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:49:21.0403 0x14ac  partmgr - ok
12:49:21.0414 0x14ac  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:49:21.0446 0x14ac  Parvdm - ok
12:49:21.0476 0x14ac  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:49:21.0539 0x14ac  PcaSvc - ok
12:49:21.0570 0x14ac  [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
12:49:21.0635 0x14ac  pccsmcfd - ok
12:49:21.0654 0x14ac  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
12:49:21.0674 0x14ac  pci - ok
12:49:21.0686 0x14ac  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:49:21.0702 0x14ac  pciide - ok
12:49:21.0717 0x14ac  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:49:21.0738 0x14ac  pcmcia - ok
12:49:21.0746 0x14ac  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:49:21.0763 0x14ac  pcw - ok
12:49:21.0800 0x14ac  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:49:21.0845 0x14ac  PEAUTH - ok
12:49:21.0939 0x14ac  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
12:49:22.0039 0x14ac  pla - ok
12:49:22.0082 0x14ac  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:49:22.0151 0x14ac  PlugPlay - ok
12:49:22.0167 0x14ac  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:49:22.0199 0x14ac  PNRPAutoReg - ok
12:49:22.0228 0x14ac  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:49:22.0254 0x14ac  PNRPsvc - ok
12:49:22.0278 0x14ac  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:49:22.0338 0x14ac  PolicyAgent - ok
12:49:22.0372 0x14ac  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
12:49:22.0410 0x14ac  Power - ok
12:49:22.0436 0x14ac  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:49:22.0473 0x14ac  PptpMiniport - ok
12:49:22.0496 0x14ac  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:49:22.0515 0x14ac  Processor - ok
12:49:22.0552 0x14ac  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:49:22.0581 0x14ac  ProfSvc - ok
12:49:22.0604 0x14ac  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:49:22.0622 0x14ac  ProtectedStorage - ok
12:49:22.0646 0x14ac  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:49:22.0694 0x14ac  Psched - ok
12:49:22.0754 0x14ac  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:49:22.0838 0x14ac  ql2300 - ok
12:49:22.0858 0x14ac  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:49:22.0876 0x14ac  ql40xx - ok
12:49:22.0902 0x14ac  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:49:22.0932 0x14ac  QWAVE - ok
12:49:22.0949 0x14ac  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:49:22.0988 0x14ac  QWAVEdrv - ok
12:49:23.0003 0x14ac  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:49:23.0054 0x14ac  RasAcd - ok
12:49:23.0075 0x14ac  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:49:23.0109 0x14ac  RasAgileVpn - ok
12:49:23.0117 0x14ac  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:49:23.0157 0x14ac  RasAuto - ok
12:49:23.0177 0x14ac  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:49:23.0213 0x14ac  Rasl2tp - ok
12:49:23.0257 0x14ac  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
12:49:23.0319 0x14ac  RasMan - ok
12:49:23.0349 0x14ac  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:49:23.0398 0x14ac  RasPppoe - ok
12:49:23.0406 0x14ac  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:49:23.0441 0x14ac  RasSstp - ok
12:49:23.0495 0x14ac  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:49:23.0556 0x14ac  rdbss - ok
12:49:23.0587 0x14ac  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:49:23.0607 0x14ac  rdpbus - ok
12:49:23.0630 0x14ac  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:49:23.0662 0x14ac  RDPCDD - ok
12:49:23.0673 0x14ac  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:49:23.0706 0x14ac  RDPENCDD - ok
12:49:23.0725 0x14ac  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:49:23.0772 0x14ac  RDPREFMP - ok
12:49:23.0827 0x14ac  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:49:23.0885 0x14ac  RdpVideoMiniport - ok
12:49:23.0915 0x14ac  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:49:23.0964 0x14ac  RDPWD - ok
12:49:23.0993 0x14ac  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:49:24.0013 0x14ac  rdyboost - ok
12:49:24.0057 0x14ac  [ 590DE2C0FF4E367050239BD1DDC912C1, B8D1D01C276C15EDA5B6BE5F1FD16315063D1C9BA6D22D51AED51FC93D417A17 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:49:24.0077 0x14ac  RealNetworks Downloader Resolver Service - ok
12:49:24.0158 0x14ac  [ AC36A47C010100B7EDFB2A70114D3E89, 3051841EB4FC8A9CDA5B1B9168D459A639F7E588E859F51D6B865CD073CFCE13 ] RealPlayer Cloud Service C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
12:49:24.0219 0x14ac  RealPlayer Cloud Service - ok
12:49:24.0259 0x14ac  [ A650FA927A4D1D71C53E317A0DDD6B7E, F1D476213CE15E0060440CDBF36806649F172408EC0977A35AEE67F30C43B15A ] RealPlayerUpdateSvc C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
12:49:24.0331 0x14ac  RealPlayerUpdateSvc - ok
12:49:24.0360 0x14ac  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:49:24.0404 0x14ac  RemoteAccess - ok
12:49:24.0426 0x14ac  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:49:24.0476 0x14ac  RemoteRegistry - ok
12:49:24.0499 0x14ac  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:49:24.0549 0x14ac  RpcEptMapper - ok
12:49:24.0576 0x14ac  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
12:49:24.0595 0x14ac  RpcLocator - ok
12:49:24.0618 0x14ac  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\System32\rpcss.dll
12:49:24.0663 0x14ac  RpcSs - ok
12:49:24.0691 0x14ac  [ 6A7360E36CBD636972AEEF0DD292A946, 08A0DE7819D781B082E2D1A8961B675501F56F62680B0C7117EC547B4A5CB10A ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
12:49:24.0712 0x14ac  RsFx0105 - ok
12:49:24.0735 0x14ac  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:49:24.0787 0x14ac  rspndr - ok
12:49:24.0804 0x14ac  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] SamSs           C:\Windows\system32\lsass.exe
12:49:24.0821 0x14ac  SamSs - ok
12:49:24.0859 0x14ac  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:49:24.0876 0x14ac  sbp2port - ok
12:49:24.0894 0x14ac  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:49:24.0933 0x14ac  SCardSvr - ok
12:49:24.0951 0x14ac  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:49:24.0984 0x14ac  scfilter - ok
12:49:25.0031 0x14ac  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
12:49:25.0114 0x14ac  Schedule - ok
12:49:25.0147 0x14ac  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:49:25.0180 0x14ac  SCPolicySvc - ok
12:49:25.0200 0x14ac  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:49:25.0245 0x14ac  SDRSVC - ok
12:49:25.0272 0x14ac  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:49:25.0319 0x14ac  secdrv - ok
12:49:25.0340 0x14ac  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:49:25.0390 0x14ac  seclogon - ok
12:49:25.0407 0x14ac  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
12:49:25.0446 0x14ac  SENS - ok
12:49:25.0473 0x14ac  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:49:25.0518 0x14ac  SensrSvc - ok
12:49:25.0534 0x14ac  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:49:25.0569 0x14ac  Serenum - ok
12:49:25.0589 0x14ac  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:49:25.0624 0x14ac  Serial - ok
12:49:25.0631 0x14ac  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:49:25.0650 0x14ac  sermouse - ok
12:49:25.0714 0x14ac  [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:49:25.0755 0x14ac  ServiceLayer - ok
12:49:25.0798 0x14ac  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:49:25.0849 0x14ac  SessionEnv - ok
12:49:25.0876 0x14ac  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:49:25.0911 0x14ac  sffdisk - ok
12:49:25.0918 0x14ac  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:49:25.0953 0x14ac  sffp_mmc - ok
12:49:25.0968 0x14ac  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:49:26.0005 0x14ac  sffp_sd - ok
12:49:26.0028 0x14ac  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:49:26.0061 0x14ac  sfloppy - ok
12:49:26.0104 0x14ac  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:49:26.0148 0x14ac  SharedAccess - ok
12:49:26.0184 0x14ac  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:49:26.0247 0x14ac  ShellHWDetection - ok
12:49:26.0272 0x14ac  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:49:26.0289 0x14ac  sisagp - ok
12:49:26.0305 0x14ac  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:49:26.0321 0x14ac  SiSRaid2 - ok
12:49:26.0335 0x14ac  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:49:26.0353 0x14ac  SiSRaid4 - ok
12:49:26.0408 0x14ac  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:49:26.0445 0x14ac  SkypeUpdate - ok
12:49:26.0453 0x14ac  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:49:26.0509 0x14ac  Smb - ok
12:49:26.0540 0x14ac  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:49:26.0572 0x14ac  SNMPTRAP - ok
12:49:27.0001 0x14ac  [ 92F7A6C3AB7DF4634A7323589C6BBB38, 66A3E4AEB7A108C0134F4104F7985696468ED9E42BD66BECE4D8FE5C5F15B95F ] SNP2STD         C:\Windows\system32\DRIVERS\snp2sxp.sys
12:49:27.0514 0x14ac  SNP2STD - ok
12:49:27.0590 0x14ac  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:49:27.0614 0x14ac  spldr - ok
12:49:27.0653 0x14ac  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
12:49:27.0707 0x14ac  Spooler - ok
12:49:27.0837 0x14ac  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
12:49:27.0984 0x14ac  sppsvc - ok
12:49:28.0031 0x14ac  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:49:28.0078 0x14ac  sppuinotify - ok
12:49:28.0121 0x14ac  [ 944B774D2B296E21C32FDADF255A83EB, C84A529D188815BC73F9EDF2CA877FE149C80569103040B8F5B3D04C54975CEA ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
12:49:28.0159 0x14ac  SQLAgent$MSSMLBIZ - ok
12:49:28.0194 0x14ac  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB, EE66162AEAF6A583A04BB5AF1220318C9ADD3A62987CDCEE0505C6FF37AB30FF ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:49:28.0214 0x14ac  SQLBrowser - ok
12:49:28.0233 0x14ac  [ 135CDCCC167EF0C250125BBD3ABE18D5, 825661B8C2D458A15317EC000B98D9A7991FCC334F36AAAF94447A8CA8275AF4 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:49:28.0248 0x14ac  SQLWriter - ok
12:49:28.0277 0x14ac  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:49:28.0330 0x14ac  srv - ok
12:49:28.0356 0x14ac  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:49:28.0400 0x14ac  srv2 - ok
12:49:28.0420 0x14ac  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:49:28.0440 0x14ac  srvnet - ok
12:49:28.0464 0x14ac  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:49:28.0516 0x14ac  SSDPSRV - ok
12:49:28.0540 0x14ac  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:49:28.0577 0x14ac  SstpSvc - ok
12:49:28.0597 0x14ac  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:49:28.0612 0x14ac  stexstor - ok
12:49:28.0646 0x14ac  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:49:28.0686 0x14ac  StiSvc - ok
12:49:28.0714 0x14ac  [ 031F030B529962DE7F14C226B54797E4, 65789FD0B5E7C9951595D9CAD3019F75468578308C2AD8B44B5FF45BC903A654 ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
12:49:28.0728 0x14ac  SWDUMon - ok
12:49:28.0750 0x14ac  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:49:28.0766 0x14ac  swenum - ok
12:49:28.0791 0x14ac  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:49:28.0838 0x14ac  swprv - ok
12:49:28.0908 0x14ac  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
12:49:29.0001 0x14ac  SysMain - ok
12:49:29.0022 0x14ac  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:49:29.0048 0x14ac  TabletInputService - ok
12:49:29.0081 0x14ac  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:49:29.0123 0x14ac  TapiSrv - ok
12:49:29.0146 0x14ac  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:49:29.0201 0x14ac  TBS - ok
12:49:29.0287 0x14ac  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:49:29.0354 0x14ac  Tcpip - ok
12:49:29.0439 0x14ac  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:49:29.0493 0x14ac  TCPIP6 - ok
12:49:29.0539 0x14ac  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:49:29.0567 0x14ac  tcpipreg - ok
12:49:29.0590 0x14ac  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:49:29.0632 0x14ac  TDPIPE - ok
12:49:29.0647 0x14ac  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:49:29.0680 0x14ac  TDTCP - ok
12:49:29.0709 0x14ac  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:49:29.0740 0x14ac  tdx - ok
12:49:29.0755 0x14ac  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:49:29.0772 0x14ac  TermDD - ok
12:49:29.0815 0x14ac  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
12:49:29.0869 0x14ac  TermService - ok
12:49:29.0895 0x14ac  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:49:29.0919 0x14ac  Themes - ok
12:49:29.0938 0x14ac  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:49:29.0975 0x14ac  THREADORDER - ok
12:49:29.0993 0x14ac  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:49:30.0033 0x14ac  TrkWks - ok
12:49:30.0079 0x14ac  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:49:30.0117 0x14ac  TrustedInstaller - ok
12:49:30.0148 0x14ac  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:49:30.0166 0x14ac  tssecsrv - ok
12:49:30.0187 0x14ac  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:49:30.0235 0x14ac  TsUsbFlt - ok
12:49:30.0260 0x14ac  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:49:30.0309 0x14ac  tunnel - ok
12:49:30.0343 0x14ac  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:49:30.0360 0x14ac  uagp35 - ok
12:49:30.0392 0x14ac  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:49:30.0433 0x14ac  udfs - ok
12:49:30.0455 0x14ac  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:49:30.0507 0x14ac  UI0Detect - ok
12:49:30.0533 0x14ac  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:49:30.0550 0x14ac  uliagpkx - ok
12:49:30.0572 0x14ac  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:49:30.0591 0x14ac  umbus - ok
12:49:30.0603 0x14ac  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:49:30.0635 0x14ac  UmPass - ok
12:49:30.0668 0x14ac  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:49:30.0732 0x14ac  upnphost - ok
12:49:30.0758 0x14ac  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:49:30.0787 0x14ac  usbaudio - ok
12:49:30.0813 0x14ac  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:49:30.0843 0x14ac  usbccgp - ok
12:49:30.0865 0x14ac  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:49:30.0885 0x14ac  usbcir - ok
12:49:30.0909 0x14ac  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:49:30.0928 0x14ac  usbehci - ok
12:49:30.0965 0x14ac  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:49:30.0991 0x14ac  usbhub - ok
12:49:31.0015 0x14ac  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:49:31.0046 0x14ac  usbohci - ok
12:49:31.0068 0x14ac  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:49:31.0089 0x14ac  usbprint - ok
12:49:31.0106 0x14ac  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:49:31.0154 0x14ac  usbscan - ok
12:49:31.0183 0x14ac  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:49:31.0215 0x14ac  USBSTOR - ok
12:49:31.0235 0x14ac  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:49:31.0254 0x14ac  usbuhci - ok
12:49:31.0285 0x14ac  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:49:31.0320 0x14ac  UxSms - ok
12:49:31.0356 0x14ac  [ D2967F6D4205A227AAA7D094C12F7141, 4E0D48F07F230D5D5DFC2CDCA4467C54DF6EEA6B7C6ABC355E9986C73203E104 ] VaultSvc        C:\Windows\system32\lsass.exe
12:49:31.0374 0x14ac  VaultSvc - ok
12:49:31.0401 0x14ac  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:49:31.0416 0x14ac  vdrvroot - ok
12:49:31.0461 0x14ac  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
12:49:31.0511 0x14ac  vds - ok
12:49:31.0529 0x14ac  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:49:31.0549 0x14ac  vga - ok
12:49:31.0565 0x14ac  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:49:31.0600 0x14ac  VgaSave - ok
12:49:31.0613 0x14ac  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:49:31.0633 0x14ac  vhdmp - ok
12:49:31.0648 0x14ac  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:49:31.0664 0x14ac  viaagp - ok
12:49:31.0678 0x14ac  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
12:49:31.0698 0x14ac  ViaC7 - ok
12:49:31.0713 0x14ac  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:49:31.0728 0x14ac  viaide - ok
12:49:31.0739 0x14ac  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:49:31.0756 0x14ac  volmgr - ok
12:49:31.0772 0x14ac  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:49:31.0797 0x14ac  volmgrx - ok
12:49:31.0810 0x14ac  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:49:31.0832 0x14ac  volsnap - ok
12:49:31.0851 0x14ac  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:49:31.0871 0x14ac  vsmraid - ok
12:49:31.0924 0x14ac  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
12:49:32.0001 0x14ac  VSS - ok
12:49:32.0028 0x14ac  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:49:32.0080 0x14ac  vwifibus - ok
12:49:32.0125 0x14ac  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:49:32.0170 0x14ac  W32Time - ok
12:49:32.0204 0x14ac  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:49:32.0223 0x14ac  WacomPen - ok
12:49:32.0249 0x14ac  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:49:32.0285 0x14ac  WANARP - ok
12:49:32.0290 0x14ac  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:49:32.0324 0x14ac  Wanarpv6 - ok
12:49:32.0407 0x14ac  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:49:32.0481 0x14ac  WatAdminSvc - ok
12:49:32.0539 0x14ac  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
12:49:32.0675 0x14ac  wbengine - ok
12:49:32.0708 0x14ac  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:49:32.0753 0x14ac  WbioSrvc - ok
12:49:32.0787 0x14ac  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:49:32.0831 0x14ac  wcncsvc - ok
12:49:32.0852 0x14ac  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:49:32.0923 0x14ac  WcsPlugInService - ok
12:49:32.0947 0x14ac  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:49:32.0963 0x14ac  Wd - ok
12:49:33.0007 0x14ac  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:49:33.0042 0x14ac  Wdf01000 - ok
12:49:33.0068 0x14ac  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:49:33.0107 0x14ac  WdiServiceHost - ok
12:49:33.0113 0x14ac  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:49:33.0135 0x14ac  WdiSystemHost - ok
12:49:33.0162 0x14ac  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
12:49:33.0201 0x14ac  WebClient - ok
12:49:33.0222 0x14ac  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:49:33.0278 0x14ac  Wecsvc - ok
12:49:33.0307 0x14ac  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:49:33.0343 0x14ac  wercplsupport - ok
12:49:33.0353 0x14ac  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:49:33.0392 0x14ac  WerSvc - ok
12:49:33.0397 0x14ac  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:49:33.0432 0x14ac  WfpLwf - ok
12:49:33.0442 0x14ac  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:49:33.0457 0x14ac  WIMMount - ok
12:49:33.0522 0x14ac  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:49:33.0587 0x14ac  WinDefend - ok
12:49:33.0599 0x14ac  WinHttpAutoProxySvc - ok
12:49:33.0658 0x14ac  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:49:33.0714 0x14ac  Winmgmt - ok
12:49:33.0774 0x14ac  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:49:33.0888 0x14ac  WinRM - ok
12:49:33.0949 0x14ac  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
12:49:33.0970 0x14ac  WinUsb - ok
12:49:34.0024 0x14ac  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:49:34.0093 0x14ac  Wlansvc - ok
12:49:34.0128 0x14ac  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:49:34.0149 0x14ac  WmiAcpi - ok
12:49:34.0173 0x14ac  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:49:34.0195 0x14ac  wmiApSrv - ok
12:49:34.0283 0x14ac  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:49:34.0385 0x14ac  WMPNetworkSvc - ok
12:49:34.0404 0x14ac  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:49:34.0533 0x14ac  WPCSvc - ok
12:49:34.0552 0x14ac  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:49:34.0590 0x14ac  WPDBusEnum - ok
12:49:34.0620 0x14ac  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:49:34.0654 0x14ac  ws2ifsl - ok
12:49:34.0671 0x14ac  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
12:49:34.0709 0x14ac  wscsvc - ok
12:49:34.0716 0x14ac  WSearch - ok
12:49:34.0815 0x14ac  [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv        C:\Windows\system32\wuaueng.dll
12:49:34.0929 0x14ac  wuauserv - ok
12:49:34.0971 0x14ac  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:49:34.0999 0x14ac  WudfPf - ok
12:49:35.0024 0x14ac  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
12:49:35.0047 0x14ac  WUDFRd - ok
12:49:35.0084 0x14ac  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:49:35.0106 0x14ac  wudfsvc - ok
12:49:35.0130 0x14ac  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:49:35.0182 0x14ac  WwanSvc - ok
12:49:35.0203 0x14ac  ================ Scan global ===============================
12:49:35.0249 0x14ac  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:49:35.0278 0x14ac  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
12:49:35.0295 0x14ac  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
12:49:35.0325 0x14ac  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:49:35.0352 0x14ac  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
12:49:35.0362 0x14ac  [ Global ] - ok
12:49:35.0363 0x14ac  ================ Scan MBR ==================================
12:49:35.0379 0x14ac  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:49:35.0648 0x14ac  \Device\Harddisk0\DR0 - ok
12:49:35.0663 0x14ac  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:49:35.0903 0x14ac  \Device\Harddisk1\DR1 - ok
12:49:36.0375 0x14ac  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR2
12:49:36.0480 0x14ac  \Device\Harddisk2\DR2 - ok
12:49:36.0481 0x14ac  ================ Scan VBR ==================================
12:49:36.0510 0x14ac  [ 35A67E299AB7C6BB38B887D9F735DA39 ] \Device\Harddisk0\DR0\Partition1
12:49:36.0512 0x14ac  \Device\Harddisk0\DR0\Partition1 - ok
12:49:36.0527 0x14ac  [ CB431FCFC1829173CF125C6121FC547C ] \Device\Harddisk0\DR0\Partition2
12:49:36.0529 0x14ac  \Device\Harddisk0\DR0\Partition2 - ok
12:49:36.0533 0x14ac  [ 72E9DBA4F6B8351D811BB7CAD3522CB9 ] \Device\Harddisk1\DR1\Partition1
12:49:36.0535 0x14ac  \Device\Harddisk1\DR1\Partition1 - ok
12:49:36.0540 0x14ac  [ C2A097A4F3F8038F5F4C51876290531B ] \Device\Harddisk1\DR1\Partition2
12:49:36.0542 0x14ac  \Device\Harddisk1\DR1\Partition2 - ok
12:49:36.0547 0x14ac  [ 4760A23B0455F6241F182C7935DDF704 ] \Device\Harddisk2\DR2\Partition1
12:49:36.0568 0x14ac  \Device\Harddisk2\DR2\Partition1 - ok
12:49:36.0569 0x14ac  ================ Scan generic autorun ======================
12:49:36.0619 0x14ac  [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
12:49:36.0637 0x14ac  IgfxTray - ok
12:49:36.0657 0x14ac  [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
12:49:36.0674 0x14ac  HotKeysCmds - ok
12:49:36.0689 0x14ac  [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
12:49:36.0706 0x14ac  Persistence - ok
12:49:36.0744 0x14ac  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
12:49:36.0762 0x14ac  BCSSync - ok
12:49:36.0796 0x14ac  [ 9F60097061F79620C9C59FF37A61D852, 9B94C00CAA1F4DF95485F994576DA68B30635C628CFE3D6AE1811E6FEB1A56CA ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:49:36.0808 0x14ac  APSDaemon - ok
12:49:36.0851 0x14ac  [ 714C602C1B8CEF17E25C753F1BACF78D, E0B0DC548CA9DA7F3D0EEE9EDACC9058D5C845E8B03B841434EB1E03683A9B73 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
12:49:36.0863 0x14ac  AppleSyncNotifier - ok
12:49:36.0959 0x14ac  [ C8F532894108193508303BA2D23CB99E, 5DBF4929113D69A9C92FD810C7E392C38F5879A568F56745186D4E4B37658742 ] C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
12:49:37.0056 0x14ac  btbb_McciTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
12:49:39.0694 0x14ac  Detect skipped due to KSN trusted
12:49:39.0694 0x14ac  btbb_McciTrayApp - ok
12:49:39.0734 0x14ac  [ B5C0AEB9DBB6E424936B2288F50BC79B, 8F0D540E47A4BE632D7DF41DC3059457590BE1EF2A9FE22662AC846629AC0740 ] C:\Windows\vsnp2std.exe
12:49:39.0778 0x14ac  snp2std - ok
12:49:39.0957 0x14ac  [ 4D8BEBA64D348A74A11061E3BC32F96C, 7D7F38C7746B17369245046BE6B56055DDDAE6C3403266F8A95238F536FEE455 ] C:\Program Files\AVG\AVG2015\avgui.exe
12:49:40.0112 0x14ac  AVG_UI - ok
12:49:40.0186 0x14ac  [ 6403C8BC755EDCF90A0D1E8B20E586A3, C891801BA0E1297CCEAD46AF2E9AC4BF9CF18D7BE36F1331215C9FD997DA303C ] C:\Program Files\Real\RealPlayer\update\realsched.exe
12:49:40.0214 0x14ac  TkBellExe - ok
12:49:40.0279 0x14ac  [ 20989BBD2114539B5C21948E94F6E11E, 043557BC05A4AE274AF0D05B65F945B970E5C11A2AE8F1FDEF687596ABF3F737 ] C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
12:49:40.0311 0x14ac  RealDownloader - ok
12:49:40.0375 0x14ac  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
12:49:40.0413 0x14ac  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
12:49:42.0830 0x14ac  Detect skipped due to KSN trusted
12:49:42.0830 0x14ac  QuickTime Task - ok
12:49:42.0867 0x14ac  [ 99342358331F57209DFF987CEEB8E37B, 3972DD0BE82B43BD50838E8B44DBF8160777B302F2718F2624CC6B67E0E1AF02 ] C:\Program Files\iTunes\iTunesHelper.exe
12:49:42.0882 0x14ac  iTunesHelper - ok
12:49:43.0016 0x14ac  [ 5EE9595568218E6AA0FE0F6065B65EC7, 8ED0A1A8E4FC37E24D205EC4BA357574FA22B8B5019AFCCB9D0F55B03519163C ] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
12:49:43.0136 0x14ac  Family Tree Builder Update - detected UnsignedFile.Multi.Generic ( 1 )
12:49:53.0138 0x14ac  Family Tree Builder Update ( UnsignedFile.Multi.Generic ) - warning
12:49:55.0626 0x14ac  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:49:55.0684 0x14ac  Adobe ARM - ok
12:49:55.0854 0x14ac  [ BCD9CBF0621F9A6767276A2E0BF1DD15, C0748AEE57A79D1AD8A4307D3ECB03A517464D047CD5CC64BAD299E0BFAEFB60 ] C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
12:49:56.0024 0x14ac  googletalk - detected UnsignedFile.Multi.Generic ( 1 )
12:49:58.0433 0x14ac  Detect skipped due to KSN trusted
12:49:58.0433 0x14ac  googletalk - ok
12:49:58.0486 0x14ac  [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
12:49:58.0555 0x14ac  f.lux - ok
12:49:58.0639 0x14ac  [ 646A34526CC33BE4CA933C5680D80B48, 18731AAE4ED70D6ADFC302DDC1CCB7FDA5D400A7829996676EE788C7589EA2AB ] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
12:49:58.0697 0x14ac  NokiaSuite.exe - ok
12:49:58.0772 0x14ac  [ E1A2B040DE1CFFFE4F653F6250646646, CD0BA3A01663424B9517A138CFB80F1376F38D47DBFE0F2E4AB179DA00FCDE2C ] C:\Users\Frances\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
12:49:58.0851 0x14ac  MP3 Skype recorder - ok
12:49:58.0899 0x14ac  [ 3A9FA910E679385D3F5647B9B8CF5CA2, DE321EB829E461CF91474C942FEDCC6FA0C20D9674067FE21C6F3DF438F61A4B ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
12:49:58.0942 0x14ac  OfficeSyncProcess - ok
12:49:58.0987 0x14ac  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Frances\AppData\Local\Dropbox\Update\DropboxUpdate.exe
12:49:59.0004 0x14ac  Dropbox Update - ok
12:49:59.0005 0x14ac  Waiting for KSN requests completion. In queue: 91
12:50:00.0005 0x14ac  Waiting for KSN requests completion. In queue: 91
12:50:01.0005 0x14ac  Waiting for KSN requests completion. In queue: 90
12:50:02.0005 0x14ac  Waiting for KSN requests completion. In queue: 85
12:50:03.0005 0x14ac  Waiting for KSN requests completion. In queue: 85
12:50:04.0005 0x14ac  Waiting for KSN requests completion. In queue: 85
12:50:05.0005 0x14ac  Waiting for KSN requests completion. In queue: 85
12:50:06.0041 0x14ac  AV detected via SS2: AVG Internet Security 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.6030 ), 0x42000 ( disabled : updated )
12:50:06.0043 0x14ac  FW detected via SS2: AVG Internet Security 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.6030 ), 0x41010 ( enabled )
12:50:08.0454 0x14ac  ============================================================
12:50:08.0454 0x14ac  Scan finished
12:50:08.0454 0x14ac  ============================================================
12:50:08.0465 0x121c  Detected object count: 2
12:50:08.0466 0x121c  Actual detected object count: 2
12:51:13.0515 0x121c  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:13.0515 0x121c  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:51:13.0518 0x121c  Family Tree Builder Update ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:13.0518 0x121c  Family Tree Builder Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
 


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi Pystryker, thanks for your help.  I just saw this message today June 22nd, I was expecting a email notification and checked back here as I hadn't received one. 
 
I'll work on this today.  Just so you know what is happening.
 
PS I am having problems find the box you mention to get notifications instantly.  I'm following the topic.  Can you help further please so I can ensure I get your responses.
 
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
 
thanks


You're quite welcome, it's my pleasure. :) As you are following the topic, you should be getting notifications as I post replies. To test this out, look at the box in the top right hand corner and click Unfollow this topic and then unfollow it. Then click it again, and check that the Receive Notificiation box that is checked and select Instantly. :thumbsup:

 

I took off my antivirus as directed, however left on my firewall I assume that was ok?


Yes, I request the antivirus to be shut off during the instructions so it will not interfere with the tools as they run. Definitely leave the firewall on though. :)


Your 1st 2 logs are looking good, let's run a couple more tools to hunt for and clear away any adware.




Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Junkware Removal Tool Log

AdwCleaner Log

How is the machine running so far?

  • 0

#7
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

thanks, glad that the scan are looking ok so far.  I appreciate that your instructions are so clear, and that you are taking time to answer my questions that's really helpful. :)

 

I've downloaded and will be running the progs later today.


  • 0

#8
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.8 (06.22.2015:1)
OS: Windows 7 Home Premium x86
Ran by Frances on 23/06/2015 at 12:06:24.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] swdumon



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP



~~~ Files

Successfully deleted: [File] C:\Windows\System32\drivers\swdumon.sys



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\driverupdate
Successfully deleted: [Folder] C:\users\public\documents\downloaded installers



~~~ FireFox




~~~ Chrome


[C:\Users\Frances\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Frances\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Frances\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Frances\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/06/2015 at 12:09:37.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#9
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Here is log 2: adware

 

# AdwCleaner v4.207 - Logfile created 23/06/2015 at 12:33:58
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Frances - FRANCES-PC
# Running from : C:\Users\Frances\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : swdumon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
Folder Deleted : C:\Program Files\Coupon Printer
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-GB)


-\\ Google Chrome v43.0.2357.130

[C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2248 bytes] - [24/06/2014 10:41:58]
AdwCleaner[R1].txt - [1195 bytes] - [13/10/2014 11:24:30]
AdwCleaner[R2].txt - [1256 bytes] - [13/10/2014 12:51:51]
AdwCleaner[R3].txt - [1381 bytes] - [14/10/2014 18:07:29]
AdwCleaner[R4].txt - [2017 bytes] - [23/06/2015 12:29:14]
AdwCleaner[S0].txt - [2349 bytes] - [24/06/2014 10:44:07]
AdwCleaner[S1].txt - [1380 bytes] - [14/10/2014 18:10:59]
AdwCleaner[S2].txt - [1970 bytes] - [23/06/2015 12:33:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2029  bytes] ##########
 


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

thanks, glad that the scan are looking ok so far. I appreciate that your instructions are so clear, and that you are taking time to answer my questions that's really helpful. :)


You're welcome, please don't hesitate to ask if you have any questions. :thumbsup:

Good, JRT and AdwCleaner cleared out some more junk. Let's take a look with Malwarebytes and ESET to look for orphans. How is the machine running?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Start the program and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#11
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi thanks, yes I'll ask if I need to :)

 

Doing this tonight fallen a bit behind due to work.

 

I noticed that when I disabled my anitvirus I set it to restore with a reboot.  However I discovered it hadn't done that for some reason at the end of the working day so my web travels hadn't been protected, not sure why that was so I will be more careful and double check!  Hopefully that is nothing to be concerned about.

 

My computer has been running slow today.  I'm not sure if that is a processor issue or not due to the age of my PC. Sometimes it just hangs, I also get a lot of script reports, asking me to either stop the script, de bug it etc.  That seems to be a constant problem - again not sure why.  Hopefully that might gives you some clues.

 

thanks


  • 0

#12
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Ok, I ran the malwarebytes and the scan didn't find anything which is good.

 

I tried to follow the instructions in the history log as described however there was NOT an option to view or export in my version (free version) I'm not sure if the version you refer to is the premium one which may have the options you mentioned.  I only had the option of delete or delete all - once a box is checked.

 

Can you advise before I go on please.

 

thanks


  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I noticed that when I disabled my anitvirus I set it to restore with a reboot.  However I discovered it hadn't done that for some reason at the end of the working day so my web travels hadn't been protected, not sure why that was so I will be more careful and double check!  Hopefully that is nothing to be concerned about.

 

 

It shouldn't be an issue, I'd just double check as you said to make sure it's running upon reboot.

 

 

My computer has been running slow today.  I'm not sure if that is a processor issue or not due to the age of my PC. Sometimes it just hangs, I also get a lot of script reports, asking me to either stop the script, de bug it etc.  That seems to be a constant problem - again not sure why.  Hopefully that might gives you some clues.

 

 

What browser does this occur in?  If IE, you might try using Mozilla Firefox.  You can download it from here.  We'll also run some hard drive maintenance and if that doesn't improve the performance, we'll get the Hardware Techs to take a look at it. 

 

 

I tried to follow the instructions in the history log as described however there was NOT an option to view or export in my version (free version) I'm not sure if the version you refer to is the premium one which may have the options you mentioned.  I only had the option of delete or delete all - once a box is checked.

 

 

Thank you for bringing that to my attention.  The latest version has changed slightly how to export the log.  I've included instructions below.

 

Click  History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click  Export,  select text file and save to the desktop as MBAM.txt and post in your next reply.


  • 0

#14
Feather24

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi thanks for the information about the issues I raised, ok I'm clear.

 

You were asking about my browser when it hangs or is slow.  I usually use Firefox not IE.  It would be good to take a look at the HD as you mentioned, thanks for considering that.

 

I'll run the logs tomorrow and get back to you then as it's late here.  I'm in UK - so if you are in US I'll be several hours ahead of you.

 

thanks


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts


Hi thanks for the information about the issues I raised, ok I'm clear.

 

:thumbsup:

 

You were asking about my browser when it hangs or is slow.  I usually use Firefox not IE.  It would be good to take a look at the HD as you mentioned, thanks for considering that.

 

One thing we may consider doing is a reset/reinstall of Firefox to see if that will clear that issue up.

 

I'll run the logs tomorrow and get back to you then as it's late here.  I'm in UK - so if you are in US I'll be several hours ahead of you.

 

Yes, I'm in the US, so they'll probably be waiting for me when I get up and head to the coffee pot.  Have a good evening. :)


  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, slow computer, noisy computer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP