Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected - need some help please


  • Please log in to reply

#1
psu88

psu88

    Member

  • Member
  • PipPip
  • 48 posts

Something got my computer.  I have ads popping up, I have program called games.bot and first verify that I cannot un-install, Avast is continually blocking malicious websites, like nxsrv.com, afirstsvc.com,  and wvydeo.com among others.  SuperAntiSpyware keeps finding a Trojan.Agent/Gen-FakeAV

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Dave (administrator) on DAVE-PC (06-08-2015 19:25:17)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & UpdatusUser (Available Profiles: Dave & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files\015\lxqvbcbiws32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\Games Bot\GamesBot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
() C:\Users\Dave\AppData\Local\Temp\Traymonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Temp\uo124.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
(The Chromium Authors) C:\Users\Dave\AppData\Local\Games Bot\Explore\Explore.exe
() C:\Windows\Temp\uo124.exe
(The Chromium Authors) C:\Users\Dave\AppData\Local\Games Bot\Explore\Explore.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AutoLoader] => C:\Users\Dave\AppData\Local\Temp\Traymonitor.exe [925416 2012-11-30] () <===== ATTENTION
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Facebook Update] => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-29] (Facebook Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [GamesBot] => C:\Program Files (x86)\Games Bot\GamesBot.exe [386152 2015-06-26] ()
HKU\S-1-5-21-3386438342-948231862-3273088082-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1033" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3386438342-948231862-3273088082-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {AAB8FA0F-6021-BA91-EE39-7F7ED39F356F} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 82.163.143.151,82.163.142.153
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093
FF NewTab: hxxp://search.swagbucks.com/?f=51
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Swagbucks
FF SelectedSearchEngine: Swagbucks
FF Homepage: hxxp://search.swagbucks.com/?f=51
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\user.js [2015-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\searchplugins\safeguard-secure-search.xml [2013-10-30]
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\searchplugins\swagbucks.xml [2015-07-13]
FF Extension: SwagButton - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\Extensions\[email protected] [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-27]
FF HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-27] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-07-07] (Dassault Systèmes) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-03-31] (WildTangent)
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-26] (Games Bot Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-04-07] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)
S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [55808 2007-03-16] (Mars Semiconductor Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 xdsjjqce; C:\Windows\system32\drivers\xdsjjqce.sys [55168 2015-08-05] (Microsoft Corporation)
R1 netfilter64; system32\drivers\netfilter64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 11:17 - 2015-08-06 11:19 - 05534539 _____ C:\Users\Dave\Downloads\filmon-hdi-3.1.3657.dmg.crdownload
2015-08-06 04:01 - 2015-08-06 04:02 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup (1).zip
2015-08-06 04:01 - 2015-08-06 04:01 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup.zip
2015-08-05 21:51 - 2015-08-05 21:51 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xdsjjqce.sys
2015-08-05 21:36 - 2015-08-05 21:36 - 00000000 ____D C:\Program Files\Coupoon
2015-08-05 21:31 - 2015-08-05 21:31 - 00266288 _____ C:\Windows\Minidump\080515-35739-01.dmp
2015-08-05 21:30 - 2015-08-05 21:30 - 00003288 ____N C:\bootsqm.dat
2015-08-05 10:49 - 2015-08-05 10:49 - 00266288 _____ C:\Windows\Minidump\080515-36847-01.dmp
2015-08-04 22:13 - 2015-08-05 22:50 - 00049269 _____ C:\Users\Dave\Desktop\Addition.txt
2015-08-04 22:11 - 2015-08-06 19:26 - 00031751 _____ C:\Users\Dave\Desktop\FRST.txt
2015-08-04 22:09 - 2015-08-06 19:25 - 00000000 ____D C:\FRST
2015-08-04 22:04 - 2015-08-04 22:05 - 02169856 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2015-08-04 20:56 - 2015-08-04 21:10 - 00000000 ____D C:\Users\Dave\AppData\Local\Games Bot
2015-08-04 20:56 - 2015-08-04 20:56 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-08-04 20:55 - 2015-08-06 18:00 - 00000340 ____H C:\Windows\Tasks\UQKUIKKKPDMSKPOM.job
2015-08-04 20:55 - 2015-08-05 21:32 - 00000328 _____ C:\Windows\Tasks\HUBXOWU1.job
2015-08-04 20:55 - 2015-08-04 20:56 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-08-04 20:55 - 2015-08-04 20:55 - 00003372 _____ C:\Windows\System32\Tasks\UQKUIKKKPDMSKPOM
2015-08-04 20:55 - 2015-08-04 20:55 - 00002850 _____ C:\Windows\System32\Tasks\HUBXOWU1
2015-08-04 20:55 - 2015-08-04 20:55 - 00000000 ____D C:\ProgramData\Service1291
2015-08-04 20:54 - 2015-08-04 20:54 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-04 20:54 - 2015-08-04 20:54 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010051
2015-08-04 20:45 - 2015-08-06 19:27 - 00000536 _____ C:\Windows\Tasks\Failover.job
2015-08-04 20:45 - 2015-08-04 20:45 - 00003558 _____ C:\Windows\System32\Tasks\Failover
2015-08-04 20:42 - 2015-08-04 20:43 - 01552912 _____ (Dummy, Ltd.) C:\Users\Dave\Downloads\klondike the lost expedition cheats_10924_i40680048_il345.exe
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____D C:\Users\Dave\AppData\Roaming\.mono
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____D C:\ProgramData\.mono
2015-08-04 07:28 - 2015-08-04 07:28 - 00288744 _____ C:\Windows\Minidump\080415-33041-01.dmp
2015-08-03 11:57 - 2015-08-06 17:00 - 00000112 _____ C:\ProgramData\fJMqmDsP.dat
2015-08-03 07:04 - 2015-08-05 21:51 - 00000000 ____D C:\Program Files (x86)\coupoon
2015-08-02 23:40 - 2015-08-06 19:24 - 00000000 ____D C:\Windows\SysWOW64\First Verify
2015-08-02 23:23 - 2015-08-02 23:32 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Opera Software
2015-08-02 23:23 - 2015-08-02 23:32 - 00000000 ____D C:\Users\Dave\AppData\Local\Opera Software
2015-08-02 23:16 - 2015-08-02 23:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-02 23:16 - 2015-08-02 23:16 - 00000000 ____D C:\Program Files\015
2015-08-02 23:15 - 2015-08-04 20:03 - 00000973 _____ C:\Users\Dave\Desktop\Continue Klondike_Hack_Installer.lnk
2015-08-02 23:14 - 2015-08-02 23:14 - 00637544 _____ ( ) C:\Users\Dave\Downloads\Klondike_Hack_Installer.exe
2015-07-28 17:18 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 17:18 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 17:18 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 17:18 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 14:47 - 2015-07-23 14:47 - 00124822 _____ C:\Users\Dave\Downloads\delta_faq
2015-07-21 03:21 - 2015-08-05 21:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-20 17:20 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 17:20 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:20 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 10:21 - 2015-07-20 10:21 - 00000247 _____ C:\Windows\system32\2015-07-20-14-21-26.059-aswFe.exe-37060.log
2015-07-20 10:21 - 2015-07-20 10:21 - 00000197 _____ C:\Windows\system32\2015-07-20-14-21-20.079-AvastVBoxSVC.exe-36904.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000247 _____ C:\Windows\system32\2015-07-20-14-14-21.071-aswFe.exe-38112.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000197 _____ C:\Windows\system32\2015-07-20-14-14-15.077-AvastVBoxSVC.exe-37756.log
2015-07-20 10:05 - 2015-07-20 10:05 - 00000247 _____ C:\Windows\system32\2015-07-20-14-05-22.091-aswFe.exe-38036.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000247 _____ C:\Windows\system32\2015-07-20-14-03-41.073-aswFe.exe-1596.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000197 _____ C:\Windows\system32\2015-07-20-14-03-32.098-AvastVBoxSVC.exe-3720.log
2015-07-20 09:53 - 2015-07-20 09:53 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-17 03:45 - 2015-07-17 03:45 - 00000197 _____ C:\Windows\system32\2015-07-17-07-45-22.088-AvastVBoxSVC.exe-3828.log
2015-07-17 03:39 - 2015-07-17 03:39 - 00000000 _____ C:\Windows\SysWOW64\shoE2C.tmp
2015-07-15 20:06 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 20:06 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 20:06 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 20:06 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 20:06 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 20:06 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 20:06 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 20:06 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 20:06 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 20:05 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 20:05 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 20:05 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 20:05 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 20:05 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 20:05 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 20:05 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 20:05 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 20:03 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 20:03 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 20:03 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 20:03 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 20:03 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 20:03 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 20:03 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 20:03 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 20:03 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 20:03 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 20:03 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 20:03 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 20:03 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 20:03 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 20:03 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 20:03 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 20:03 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 20:03 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 20:03 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 20:03 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 20:03 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 20:03 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 20:03 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 20:03 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 20:03 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 20:03 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:59 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:59 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 19:59 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:59 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:59 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:59 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:59 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 19:59 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:58 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 19:58 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 19:58 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 19:58 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 19:58 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(2)
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(1)
2015-07-11 11:41 - 2015-07-11 11:41 - 00000197 _____ C:\Windows\system32\2015-07-11-15-41-02.074-AvastVBoxSVC.exe-2208.log
2015-07-11 10:49 - 2015-07-11 10:49 - 00000197 _____ C:\Windows\system32\2015-07-11-14-49-35.017-AvastVBoxSVC.exe-1916.log
2015-07-10 09:39 - 2015-08-02 12:58 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-06 19:21 - 2012-03-23 23:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 19:21 - 2012-03-23 23:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 19:06 - 2011-11-18 21:47 - 01932101 _____ C:\Windows\WindowsUpdate.log
2015-08-06 18:32 - 2012-03-30 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-06 16:36 - 2012-09-29 10:31 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA.job
2015-08-06 10:36 - 2012-09-29 10:31 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core.job
2015-08-06 06:12 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 06:12 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 02:33 - 2012-03-23 23:13 - 00002152 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 22:15 - 2009-07-14 00:51 - 00078592 _____ C:\Windows\setupact.log
2015-08-05 21:37 - 2012-04-03 21:18 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2015-08-05 21:36 - 2012-08-17 14:09 - 00000005 _____ C:\END
2015-08-05 21:32 - 2011-11-18 21:46 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-05 21:31 - 2015-03-21 20:22 - 319895965 _____ C:\Windows\MEMORY.DMP
2015-08-05 21:31 - 2013-04-08 19:56 - 00000000 ____D C:\Windows\Minidump
2015-08-05 21:31 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-05 20:44 - 2010-11-20 23:47 - 00947888 _____ C:\Windows\PFRO.log
2015-08-04 23:52 - 2013-10-31 14:59 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2015-08-04 21:54 - 2014-11-17 20:32 - 00000000 ____D C:\SUPERDelete
2015-08-02 23:32 - 2012-03-15 21:02 - 00001422 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 13:05 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2015-07-29 03:01 - 2014-04-30 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 10:31 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 09:40 - 2013-08-02 21:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-23 07:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-21 03:19 - 2009-07-14 00:45 - 00431936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 09:53 - 2014-09-11 05:07 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-20 09:53 - 2014-09-11 05:07 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 09:52 - 2012-03-23 23:08 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-17 03:44 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-17 03:37 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 03:37 - 2014-12-11 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-17 03:10 - 2013-07-30 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 19:38 - 2012-12-29 12:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 19:34 - 2014-12-25 20:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:35 - 2012-03-30 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:34 - 2012-03-30 23:09 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:34 - 2012-03-15 22:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:15 - 2012-03-23 23:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 19:15 - 2012-03-23 23:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-11 11:35 - 2012-03-19 22:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-11 10:44 - 2015-06-02 22:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 10:44 - 2012-04-25 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-10 23:00 - 2014-06-02 12:57 - 00000000 ____D C:\Users\Dave\Desktop\[bleep] i dont give a hit about
2015-07-08 13:05 - 2013-04-14 10:55 - 00000643 _____ C:\Windows\wininit.ini

==================== Files in the root of some directories =======

2013-11-03 18:20 - 2014-06-26 17:47 - 0000035 _____ () C:\Users\Dave\AppData\Roaming\WB.CFG
2013-12-31 14:01 - 2014-01-03 13:38 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 18:20 - 2014-02-01 01:41 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-TTL.DAT
2015-08-03 11:57 - 2015-08-06 17:00 - 0000112 _____ () C:\ProgramData\fJMqmDsP.dat
2012-05-08 16:46 - 2012-12-27 22:17 - 0001906 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Dave\AppData\Local\Temp\Traymonitor.exe
C:\ProgramData\fJMqmDsP.dat


Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\plg0.dll
C:\Users\Dave\AppData\Local\Temp\plg1.dll
C:\Users\Dave\AppData\Local\Temp\Traymonitor.exe
C:\Users\Dave\AppData\Local\Temp\{966A8EC7-2C61-4F5A-B60B-7380AD9036A8}-44.0.2403.130_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 07:14

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Dave (2015-08-06 19:27:38)
Running from C:\Users\Dave\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3386438342-948231862-3273088082-500 - Administrator - Disabled)
Dave (S-1-5-21-3386438342-948231862-3273088082-1001 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-3386438342-948231862-3273088082-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3386438342-948231862-3273088082-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3386438342-948231862-3273088082-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C6200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Cradle of Rome (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}) (Version:  - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DraftSight (HKLM-x32\...\{8EBF1B19-7756-42E5-A663-93ACB1D1FEA8}) (Version: 9.1.173 - Dassault Systemes)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.2.4 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
Free Text Pad (HKLM-x32\...\Free Text Pad) (Version: 1.0 - Zenith Technology Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Games Bot (HKLM-x32\...\Games Bot) (Version: 186.0.0.621 - CLICK YES BELOW LP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Zip Extractor (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\DigitalSite) (Version:  - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.9.8 - WildTangent) Hidden
Windows Codec Pack (HKLM-x32\...\Windows Codec Pack11.041.44) (Version: 11.041.44 - Media Codecs Interactive)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zip Extractor Packages (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-01-2015 15:00:59 Windows Update
05-01-2015 20:37:02 avast! antivirus system restore point
06-01-2015 15:35:40 Windows Update
13-01-2015 13:08:54 Windows Update
15-01-2015 04:00:28 Windows Update
16-01-2015 04:00:45 Windows Update
20-01-2015 14:08:16 Windows Update
23-01-2015 20:49:31 Windows Update
27-01-2015 08:08:28 Windows Update
30-01-2015 13:31:44 Windows Update
03-02-2015 06:07:28 Windows Update
10-02-2015 18:27:09 Windows Update
11-02-2015 04:00:47 Windows Update
12-02-2015 04:00:47 Windows Update
13-02-2015 04:00:44 Windows Update
17-02-2015 06:07:16 Windows Update
20-02-2015 07:03:41 Windows Update
23-02-2015 15:39:43 Installed Fitbit Connect
24-02-2015 08:53:04 Windows Update
26-02-2015 04:00:50 Windows Update
03-03-2015 07:38:06 Windows Update
04-03-2015 04:00:28 Windows Update
10-03-2015 14:23:09 Windows Update
11-03-2015 03:00:49 Windows Update
18-03-2015 20:08:40 Windows Update
24-03-2015 13:31:16 Windows Update
25-03-2015 03:00:54 Windows Update
31-03-2015 18:37:31 Windows Update
05-04-2015 03:00:51 Windows Update
10-04-2015 06:30:08 Windows Update
14-04-2015 11:21:57 Windows Update
16-04-2015 03:00:25 Windows Update
21-04-2015 05:54:46 Windows Update
24-04-2015 18:55:24 Windows Update
28-04-2015 13:42:29 Windows Update
01-05-2015 17:18:19 Windows Update
05-05-2015 06:05:44 Windows Update
08-05-2015 07:08:05 Windows Update
12-05-2015 11:09:37 Windows Update
14-05-2015 03:00:39 Windows Update
19-05-2015 06:26:42 Windows Update
20-05-2015 03:00:48 Windows Update
27-05-2015 05:45:22 Windows Update
02-06-2015 05:31:46 Windows Update
06-06-2015 03:00:43 Windows Update
09-06-2015 14:44:40 Windows Update
10-06-2015 03:00:44 Windows Update
16-06-2015 06:41:56 Windows Update
23-06-2015 05:06:04 Windows Update
26-06-2015 06:21:25 Windows Update
30-06-2015 13:56:19 Windows Update
04-07-2015 09:31:58 Windows Update
07-07-2015 11:26:33 Windows Update
14-07-2015 09:49:49 Windows Update
17-07-2015 03:00:50 Windows Update
20-07-2015 09:49:55 avast! antivirus system restore point
21-07-2015 03:00:22 Windows Update
24-07-2015 17:19:24 Windows Update
28-07-2015 17:18:06 Windows Update
29-07-2015 03:00:23 Windows Update
02-08-2015 11:52:55 Windows Update
02-08-2015 23:30:46 Windows Defender Checkpoint
04-08-2015 11:12:20 Windows Defender Checkpoint
05-08-2015 21:06:12 Windows Defender Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B50005-A389-4D58-AB99-DA7D922BB61C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {0AF5188E-7490-4502-9C61-60EF2D4CD389} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {2602C6AC-EA7D-485D-BBA0-3E53780BDCCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {2E2E6A14-B28C-433C-A299-79EA7577CFBB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {2E5F3393-B2EC-4A7F-9FE5-7EE55CE005B4} - System32\Tasks\{119550F2-DA53-447E-8FBF-4D4385C41223} => pcalua.exe -a C:\Users\Dave\Downloads\SpyHunter-Installer.exe -d C:\Users\Dave\Downloads
Task: {3A9008BE-A920-4840-B8AB-3D82451B0017} - System32\Tasks\Failover => C:\Users\Dave\AppData\Local\Temp\failover.exe <==== ATTENTION
Task: {41F9F46E-C9FE-47E5-8A68-94D247B2E648} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5ED060DD-53F4-43FF-A6BA-6CF400B391A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {65351377-23AD-4C8D-A05F-58049B660D5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {680A34B3-B27D-46B5-86CC-2C48DCB8B24D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {68A55FCA-A045-4967-AB34-F38380030BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {7B996D61-A9C4-43ED-8536-03BA17EBC741} - System32\Tasks\HUBXOWU1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {8B532580-7124-4BD9-8FEC-6F3831E5F0EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {BB3AB753-1A0E-44AA-8253-A76497FABCE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {C1121ECA-AD37-4603-AD34-FD87A55222E4} - System32\Tasks\UQKUIKKKPDMSKPOM => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
Task: {DAE79FB3-FFF4-4788-B9D2-57902A1C9BEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Failover.job => C:\Users\Dave\AppData\Local\Temp\failover.exeq/SC2 /S /FLAGC:\Users\Dave\AppData\Local\Temp\a3_1.txt <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HUBXOWU1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\UQKUIKKKPDMSKPOM.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-04-14 03:03 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-15 09:24 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-08-10 20:01 - 2009-08-10 20:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 20:00 - 2009-08-10 20:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 20:01 - 2009-08-10 20:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2015-04-07 05:12 - 2015-04-07 05:12 - 00622392 _____ () C:\Program Files\015\lxqvbcbiws32.exe
2009-08-10 20:01 - 2009-08-10 20:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-06-26 02:37 - 2015-06-26 02:37 - 00386152 _____ () C:\Program Files (x86)\Games Bot\GamesBot.exe
2011-01-18 21:08 - 2011-01-18 21:08 - 00620136 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2013-01-09 18:00 - 2012-11-30 00:53 - 00925416 ____H () C:\Users\Dave\AppData\Local\Temp\Traymonitor.exe
2015-08-05 21:36 - 2015-08-05 21:36 - 01170432 _____ () c:\windows\temp\uo124.exe
2014-11-22 16:09 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-02 23:40 - 2015-04-20 20:07 - 51334048 _____ () C:\Windows\SysWOW64\First Verify\afirst.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 09:52 - 2015-07-20 09:52 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-05 20:50 - 2015-08-05 20:50 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080502\algo.dll
2015-08-06 14:26 - 2015-08-06 14:26 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080602\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-26 05:10 - 2015-06-26 05:10 - 00109160 _____ () C:\Program Files (x86)\Games Bot\Modules\Base.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00041576 _____ () C:\Program Files (x86)\Games Bot\Modules\inws.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00058984 _____ () C:\Program Files (x86)\Games Bot\Modules\ups.dll
2015-06-26 05:10 - 2015-06-26 05:10 - 00039528 _____ () C:\Program Files (x86)\Games Bot\Modules\alzm.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00118376 _____ () C:\Program Files (x86)\Games Bot\Modules\brs.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00092776 _____ () C:\Program Files (x86)\Games Bot\Modules\cmd.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00096872 _____ () C:\Program Files (x86)\Games Bot\Modules\sipc.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00056424 _____ () C:\Program Files (x86)\Games Bot\Modules\wdm.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-07-19 21:52 - 2013-07-19 21:52 - 00911872 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-01-18 21:08 - 2011-01-18 21:08 - 00151656 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2013-01-09 18:00 - 2012-11-30 00:53 - 01261288 ____H () C:\Users\Dave\AppData\Local\Temp\plg0.dll
2013-01-09 18:00 - 2012-11-30 00:53 - 01249000 ____H () C:\Users\Dave\AppData\Local\Temp\plg1.dll
2015-07-20 09:53 - 2015-07-20 09:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-02 23:40 - 2014-10-20 11:42 - 01359360 _____ () C:\Windows\SysWOW64\First Verify\libglesv2.dll
2015-08-02 23:40 - 2014-10-20 11:42 - 00212992 _____ () C:\Windows\SysWOW64\First Verify\libegl.dll
2015-08-04 21:09 - 2015-03-26 10:39 - 08569856 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\pdf.dll
2015-08-04 21:09 - 2015-03-26 10:18 - 00324608 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
2015-08-04 21:09 - 2015-03-26 10:14 - 00880128 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
2015-08-04 21:09 - 2014-09-23 00:07 - 14891848 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\xdsjjqce.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:4BB9495E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.151 - 82.163.142.153
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8739928A-BE5C-446C-B0E0-4291BB78FAA6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{944F18B4-2348-462B-A994-C69B20A15319}] => (Allow) LPort=2869
FirewallRules: [{3A686F86-81C7-4476-AD0A-B76C59948B24}] => (Allow) LPort=1900
FirewallRules: [{8ED5BDF2-34CD-49E0-A5AF-3DCB31E17385}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{70D0560B-B11B-41EE-824F-50BCCD82E82E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{10E7BBEA-48AE-4062-967D-B4724A95D50C}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS7B98\setup\hpznui40.exe
FirewallRules: [{460FB2F0-7C44-42B8-905E-A73E4A177E0E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{209C159F-6500-4288-A31C-0D41277EACEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B6D024A5-3E7D-4E3C-9A71-166E9ACA641D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FE9178A9-0B5D-4950-83C4-328DF58FE6DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{059A8E39-AF51-460D-910B-275CA11D7DEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E4FB83D0-9104-4F55-B6CD-536DE8D14762}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7DDCAC9-E9C4-46F1-AB2D-39010E1DC066}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{F6804E05-4415-4E7B-9E4E-EEE128791AB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4E0B0301-AED7-4449-B958-12E05DEED4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6B50C10F-4892-49A1-8810-FC55392BE24D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{ED3656DB-3BF0-457C-91DE-89F919017AE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{3534C275-82B8-4DB5-AF20-42AA94BA0E3E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{5EB8C8FC-2953-4B5E-B636-EA33E5A2E5E9}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{059E02F3-80B1-484B-9352-E99E87288501}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{56D85588-A90A-47EA-927E-F77099A5D48E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{392AAC56-9EB6-40CE-B53E-D3353D19871E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0928A0D9-BC84-4D3A-B135-937E3D4C8DF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7EF279E3-B97F-4320-9109-632D00264BFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{13F52B63-340E-4424-8D31-8F1E9960B42C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CDDFF6C8-D9BD-44FB-84A0-CCA6330A63C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F842959B-A79D-4695-BA53-168967077D1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3A44F714-BBFC-42E5-998F-397B1828664B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{230F1142-A337-47B6-9622-08F8C4910C80}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{663AADDC-1E16-41F2-AEEC-34D9264798AD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D910256B-6A2C-4329-A0FA-52B916D5F3D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0E43D8AF-D74E-4294-A87F-42E94CABA106}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EEFD98DA-5517-491C-BC5F-1DD07812D513}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E8A88342-AE09-4C92-95E6-3F2B5D62818F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6D36BCA2-660E-44F2-B3CA-38D00E59136F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E346008-EBF8-496B-AF1C-0EFE9E71426A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB51D002-14C9-41F7-9014-2510E75D43E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{255EBE98-81F6-4F9F-A1A6-2EE79A8FA63B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40C455D0-7C34-4C70-AD92-F0C173A3B21D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DAA705F5-51CE-4405-A583-8DF9FA92D550}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{11C0E1CD-8821-42FF-B031-1D4317E788C7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{50409FFA-507A-460B-BCCD-A8462C2BEF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{083E2423-25F5-4003-97DA-DA2A5528C919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1735A76-BFE0-4122-ACE9-C4595695A6FD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{31C05C89-25E6-4A65-9296-21708FEB8EA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EB5A2761-E31F-416D-A45E-7228AD25FDB2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DB52F59D-16CA-497A-99BD-0F4886004CA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F7DCA3CF-2367-4A46-847A-01CD62D6B54B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7F5DC64D-4B9A-4DF9-937D-FC866F0B784C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DDFFBC22-8F37-42C0-AB46-70072364E210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: netfilter64
Description: netfilter64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: netfilter64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2015 07:22:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2474

Start Time: 01d0d0544a6b7150

Termination Time: 2938

Application Path: C:\Users\Dave\AppData\Local\Temp\is-VAD5J.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:22:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c44

Start Time: 01d0d055bcb43a70

Termination Time: 3485

Application Path: C:\Users\Dave\AppData\Local\Temp\is-U6HKL.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:22:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2638

Start Time: 01d0d04d084456e0

Termination Time: 2720

Application Path: C:\Users\Dave\AppData\Local\Temp\is-1AFAR.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:22:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2bf8

Start Time: 01d0d03d61a85a70

Termination Time: 2167

Application Path: C:\Users\Dave\AppData\Local\Temp\is-VB1MA.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:22:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23d0

Start Time: 01d0d04611c75a70

Termination Time: 2258

Application Path: C:\Users\Dave\AppData\Local\Temp\is-LP653.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:22:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f4c

Start Time: 01d0d0572f71e570

Termination Time: 2483

Application Path: C:\Users\Dave\AppData\Local\Temp\is-ECM0O.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:20:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 25bc

Start Time: 01d0d0432d817730

Termination Time: 2792

Application Path: C:\Users\Dave\AppData\Local\Temp\is-7BM5C.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2bfc

Start Time: 01d0d04745003000

Termination Time: 3095

Application Path: C:\Users\Dave\AppData\Local\Temp\is-AAHU1.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 27c0

Start Time: 01d0d044a2af85f0

Termination Time: 2576

Application Path: C:\Users\Dave\AppData\Local\Temp\is-08TNE.tmp\AF.tmp

Report Id:

Error: (08/06/2015 07:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AF.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4b8

Start Time: 01d0d04b9e8475b0

Termination Time: 2562

Application Path: C:\Users\Dave\AppData\Local\Temp\is-1PLON.tmp\AF.tmp

Report Id:


System errors:
=============
Error: (08/06/2015 07:31:45 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 07:23:41 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 07:15:10 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 07:06:56 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 06:59:26 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 06:50:59 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 06:43:02 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 06:34:49 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 06:26:20 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/06/2015 06:18:09 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.


Microsoft Office:
=========================
Error: (08/06/2015 07:22:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.0247401d0d0544a6b71502938C:\Users\Dave\AppData\Local\Temp\is-VAD5J.tmp\AF.tmp

Error: (08/06/2015 07:22:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.01c4401d0d055bcb43a703485C:\Users\Dave\AppData\Local\Temp\is-U6HKL.tmp\AF.tmp

Error: (08/06/2015 07:22:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.0263801d0d04d084456e02720C:\Users\Dave\AppData\Local\Temp\is-1AFAR.tmp\AF.tmp

Error: (08/06/2015 07:22:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.02bf801d0d03d61a85a702167C:\Users\Dave\AppData\Local\Temp\is-VB1MA.tmp\AF.tmp

Error: (08/06/2015 07:22:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.023d001d0d04611c75a702258C:\Users\Dave\AppData\Local\Temp\is-LP653.tmp\AF.tmp

Error: (08/06/2015 07:22:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.01f4c01d0d0572f71e5702483C:\Users\Dave\AppData\Local\Temp\is-ECM0O.tmp\AF.tmp

Error: (08/06/2015 07:20:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.025bc01d0d0432d8177302792C:\Users\Dave\AppData\Local\Temp\is-7BM5C.tmp\AF.tmp

Error: (08/06/2015 07:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.02bfc01d0d047450030003095C:\Users\Dave\AppData\Local\Temp\is-AAHU1.tmp\AF.tmp

Error: (08/06/2015 07:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.027c001d0d044a2af85f02576C:\Users\Dave\AppData\Local\Temp\is-08TNE.tmp\AF.tmp

Error: (08/06/2015 07:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AF.tmp51.1052.0.04b801d0d04b9e8475b02562C:\Users\Dave\AppData\Local\Temp\is-1PLON.tmp\AF.tmp


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 61%
Total physical RAM: 2815.37 MB
Available physical RAM: 1089.78 MB
Total Virtual: 7301.94 MB
Available Virtual: 3551.89 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:740.47 GB) NTFS
Drive e: (EOS_DIGITAL) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 952.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

Suggest you let Avast run a boot-time scan tonight while you sleep (Make sure you make the changes below):

 

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button

If you can't find it then take a screen shot of the Detailed Report:


  • 0

#3
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Dave (2015-08-07 19:18:09) Run:1
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & UpdatusUser (Available Profiles: Dave & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [AutoLoader] => C:\Users\Dave\AppData\Local\Temp\Traymonitor.exe [925416 2012-11-30] () <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [GamesBot] => C:\Program Files (x86)\Games Bot\GamesBot.exe [386152 2015-06-26] ()
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3386438342-948231862-3273088082-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {AAB8FA0F-6021-BA91-EE39-7F7ED39F356F} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF NewTab: hxxp://search.swagbucks.com/?f=51
FF DefaultSearchEngine.US: Swagbucks
FF SelectedSearchEngine: Swagbucks
FF Homepage: hxxp://search.swagbucks.com/?f=51
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF user.js: detected! => C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\user.js [2015-06-12]
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\searchplugins\safeguard-secure-search.xml [2013-10-30]
FF SearchPlugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\searchplugins\swagbucks.xml [2015-07-13]
FF Extension: SwagButton - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\Extensions\[email protected] [2014-10-27]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-26] (Games Bot Inc.)
S1 xdsjjqce; C:\Windows\system32\drivers\xdsjjqce.sys [55168 2015-08-05] (Microsoft Corporation)
R1 netfilter64; system32\drivers\netfilter64.sys [X]
2015-08-05 21:51 - 2015-08-05 21:51 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xdsjjqce.sys
2015-08-05 21:36 - 2015-08-05 21:36 - 00000000 ____D C:\Program Files\Coupoon
2015-08-04 20:56 - 2015-08-04 21:10 - 00000000 ____D C:\Users\Dave\AppData\Local\Games Bot
2015-08-04 20:56 - 2015-08-04 20:56 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-08-04 20:55 - 2015-08-06 18:00 - 00000340 ____H C:\Windows\Tasks\UQKUIKKKPDMSKPOM.job
2015-08-04 20:55 - 2015-08-05 21:32 - 00000328 _____ C:\Windows\Tasks\HUBXOWU1.job
2015-08-04 20:55 - 2015-08-04 20:56 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-08-04 20:55 - 2015-08-04 20:55 - 00003372 _____ C:\Windows\System32\Tasks\UQKUIKKKPDMSKPOM
2015-08-04 20:55 - 2015-08-04 20:55 - 00002850 _____ C:\Windows\System32\Tasks\HUBXOWU1
2015-08-04 20:55 - 2015-08-04 20:55 - 00000000 ____D C:\ProgramData\Service1291
2015-08-04 20:54 - 2015-08-04 20:54 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-04 20:54 - 2015-08-04 20:54 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010051
2015-08-04 20:45 - 2015-08-06 19:27 - 00000536 _____ C:\Windows\Tasks\Failover.job
2015-08-04 20:45 - 2015-08-04 20:45 - 00003558 _____ C:\Windows\System32\Tasks\Failover
2015-08-03 07:04 - 2015-08-05 21:51 - 00000000 ____D C:\Program Files (x86)\coupoon
2015-07-17 03:39 - 2015-07-17 03:39 - 00000000 _____ C:\Windows\SysWOW64\shoE2C.tmp
2015-07-08 13:05 - 2013-04-14 10:55 - 00000643 _____ C:\Windows\wininit.ini
2015-08-03 11:57 - 2015-08-06 17:00 - 0000112 _____ () C:\ProgramData\fJMqmDsP.dat
Task: {2E2E6A14-B28C-433C-A299-79EA7577CFBB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {3A9008BE-A920-4840-B8AB-3D82451B0017} - System32\Tasks\Failover => C:\Users\Dave\AppData\Local\Temp\failover.exe <==== ATTENTION
Task: {7B996D61-A9C4-43ED-8536-03BA17EBC741} - System32\Tasks\HUBXOWU1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {C1121ECA-AD37-4603-AD34-FD87A55222E4} - System32\Tasks\UQKUIKKKPDMSKPOM => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
Task: C:\Windows\Tasks\Failover.job => C:\Users\Dave\AppData\Local\Temp\failover.exeq/SC2 /S /FLAGC:\Users\Dave\AppData\Local\Temp\a3_1.txt <==== ATTENTION
Task: C:\Windows\Tasks\HUBXOWU1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\UQKUIKKKPDMSKPOM.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
2015-08-05 21:36 - 2015-08-05 21:36 - 01170432 _____ () c:\windows\temp\uo124.exe
2015-06-26 05:10 - 2015-06-26 05:10 - 00109160 _____ () C:\Program Files (x86)\Games Bot\Modules\Base.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00041576 _____ () C:\Program Files (x86)\Games Bot\Modules\inws.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00058984 _____ () C:\Program Files (x86)\Games Bot\Modules\ups.dll
2015-06-26 05:10 - 2015-06-26 05:10 - 00039528 _____ () C:\Program Files (x86)\Games Bot\Modules\alzm.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00118376 _____ () C:\Program Files (x86)\Games Bot\Modules\brs.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00092776 _____ () C:\Program Files (x86)\Games Bot\Modules\cmd.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00096872 _____ () C:\Program Files (x86)\Games Bot\Modules\sipc.dll
2015-06-26 05:11 - 2015-06-26 05:11 - 00056424 _____ () C:\Program Files (x86)\Games Bot\Modules\wdm.dll
2015-08-04 21:09 - 2015-03-26 10:39 - 08569856 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\pdf.dll
2015-08-04 21:09 - 2015-03-26 10:18 - 00324608 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
2015-08-04 21:09 - 2015-03-26 10:14 - 00880128 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
2015-08-04 21:09 - 2014-09-23 00:07 - 14891848 _____ () C:\Users\Dave\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll
C:\Users\Dave\AppData\Local\Temp\is-1AFAR.tmp\AF.tmp
2015-08-02 23:40 - 2015-08-06 19:24 - 00000000 ____D C:\Windows\SysWOW64\First Verify
C:\Windows\SysWOW64\First Verify
EmptyTemp:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AutoLoader => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GamesBot => value removed successfully
"C:\ProgramData\FlashBeat\FlashBeat64.dll" => Value data removed successfully.
"C:\ProgramData\FlashBeat\FlashBeat32.dll" => Value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3386438342-948231862-3273088082-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3386438342-948231862-3273088082-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAB8FA0F-6021-BA91-EE39-7F7ED39F356F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AAB8FA0F-6021-BA91-EE39-7F7ED39F356F} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
Firefox newtab removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox homepage removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\user.js => moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\searchplugins\safeguard-secure-search.xml => moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\searchplugins\swagbucks.xml => moved successfully.
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\Extensions\[email protected] => moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll not found.
C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
GamesBotService => Service stopped successfully.
GamesBotService => service removed successfully
xdsjjqce => service not found.
netfilter64 => Service stopped successfully.
netfilter64 => service removed successfully
"C:\Windows\system32\Drivers\xdsjjqce.sys" => File/Folder not found.
C:\Program Files\Coupoon => moved successfully.

"C:\Users\Dave\AppData\Local\Games Bot" folder move:

Could not move "C:\Users\Dave\AppData\Local\Games Bot" => Scheduled to move on reboot.

C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot => moved successfully.
C:\Windows\Tasks\UQKUIKKKPDMSKPOM.job => moved successfully.
C:\Windows\Tasks\HUBXOWU1.job => moved successfully.
C:\Program Files (x86)\Games Bot => moved successfully.
C:\Windows\System32\Tasks\UQKUIKKKPDMSKPOM => moved successfully.
C:\Windows\System32\Tasks\HUBXOWU1 => moved successfully.
C:\ProgramData\Service1291 => moved successfully.
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully.
C:\Program Files (x86)\ospd_us_014010051 => moved successfully.
C:\Windows\Tasks\Failover.job => moved successfully.
C:\Windows\System32\Tasks\Failover => moved successfully.
C:\Program Files (x86)\coupoon => moved successfully.
C:\Windows\SysWOW64\shoE2C.tmp => moved successfully.
C:\Windows\wininit.ini => moved successfully.
C:\ProgramData\fJMqmDsP.dat => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2E6A14-B28C-433C-A299-79EA7577CFBB} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A9008BE-A920-4840-B8AB-3D82451B0017}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A9008BE-A920-4840-B8AB-3D82451B0017}" => key removed successfully
C:\Windows\System32\Tasks\Failover not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Failover" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B996D61-A9C4-43ED-8536-03BA17EBC741}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B996D61-A9C4-43ED-8536-03BA17EBC741}" => key removed successfully
C:\Windows\System32\Tasks\HUBXOWU1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HUBXOWU1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1121ECA-AD37-4603-AD34-FD87A55222E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1121ECA-AD37-4603-AD34-FD87A55222E4}" => key removed successfully
C:\Windows\System32\Tasks\UQKUIKKKPDMSKPOM not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UQKUIKKKPDMSKPOM" => key removed successfully
C:\Windows\Tasks\Failover.job not found.
C:\Windows\Tasks\HUBXOWU1.job not found.
C:\Windows\Tasks\UQKUIKKKPDMSKPOM.job not found.
c:\windows\temp\uo124.exe => moved successfully.
"C:\Program Files (x86)\Games Bot\Modules\Base.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\inws.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\ups.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\alzm.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\brs.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\cmd.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\sipc.dll" => File/Folder not found.
"C:\Program Files (x86)\Games Bot\Modules\wdm.dll" => File/Folder not found.
C:\Users\Dave\AppData\Local\Games Bot\Explore\pdf.dll => moved successfully.
C:\Users\Dave\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll => moved successfully.
C:\Users\Dave\AppData\Local\Games Bot\Explore\ffmpegsumo.dll => moved successfully.
C:\Users\Dave\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll => moved successfully.
"C:\Users\Dave\AppData\Local\Temp\is-1AFAR.tmp\AF.tmp" => File/Folder not found.

"C:\Windows\SysWOW64\First Verify" folder move:

Could not move "C:\Windows\SysWOW64\First Verify" => Scheduled to move on reboot.


"C:\Windows\SysWOW64\First Verify" folder move:

Could not move "C:\Windows\SysWOW64\First Verify" => Scheduled to move on reboot.

EmptyTemp: => 3.5 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-07 19:35:47)<=

C:\Users\Dave\AppData\Local\Games Bot => moved successfully
C:\Windows\SysWOW64\First Verify => Is moved successfully
C:\Windows\SysWOW64\First Verify => Is moved successfully

==== End of Fixlog 19:35:49 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by Dave (administrator) on DAVE-PC (07-08-2015 20:02:33)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & UpdatusUser (Available Profiles: Dave & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Dassault Systèmes) C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files\015\lxqvbcbiws32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Facebook Update] => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-29] (Facebook Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 82.163.143.151,82.163.142.153
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-27]
FF HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-27] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-07-07] (Dassault Systèmes) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-03-31] (WildTangent)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-04-07] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)
S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [55808 2007-03-16] (Mars Semiconductor Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 uzoxwqjl; C:\Windows\system32\drivers\uzoxwqjl.sys [55168 2015-08-07] (Microsoft Corporation)
R1 netfilter64; system32\drivers\netfilter64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 20:00 - 2015-08-07 20:00 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uzoxwqjl.sys
2015-08-07 19:37 - 2015-08-07 20:00 - 00000000 ____D C:\Program Files (x86)\coupoon
2015-08-07 19:37 - 2015-08-07 19:37 - 00000000 ____D C:\Program Files\Coupoon
2015-08-07 19:17 - 2015-08-07 19:18 - 00050311 _____ C:\Users\Dave\Downloads\download
2015-08-07 19:17 - 2015-08-07 19:17 - 00000000 ____D C:\Users\Dave\Desktop\FRST-OlderVersion
2015-08-07 18:38 - 2015-08-07 18:38 - 00000000 ____D C:\Users\Dave\AppData\Local\TempTaskUpdateDetection3A394ED3-7BCA-4411-8F93-5FD3D204E44A
2015-08-06 20:47 - 2015-08-07 05:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 11:17 - 2015-08-06 11:19 - 05534539 _____ C:\Users\Dave\Downloads\filmon-hdi-3.1.3657.dmg.crdownload
2015-08-06 04:01 - 2015-08-06 04:02 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup (1).zip
2015-08-06 04:01 - 2015-08-06 04:01 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup.zip
2015-08-05 21:31 - 2015-08-05 21:31 - 00266288 _____ C:\Windows\Minidump\080515-35739-01.dmp
2015-08-05 21:30 - 2015-08-05 21:30 - 00003288 ____N C:\bootsqm.dat
2015-08-05 10:49 - 2015-08-05 10:49 - 00266288 _____ C:\Windows\Minidump\080515-36847-01.dmp
2015-08-04 22:13 - 2015-08-06 19:32 - 00051753 _____ C:\Users\Dave\Desktop\Addition.txt
2015-08-04 22:11 - 2015-08-07 20:02 - 00024224 _____ C:\Users\Dave\Desktop\FRST.txt
2015-08-04 22:09 - 2015-08-07 20:02 - 00000000 ____D C:\FRST
2015-08-04 22:04 - 2015-08-07 19:17 - 02170368 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2015-08-04 20:42 - 2015-08-04 20:43 - 01552912 _____ (Dummy, Ltd.) C:\Users\Dave\Downloads\klondike the lost expedition cheats_10924_i40680048_il345.exe
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____D C:\Users\Dave\AppData\Roaming\.mono
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____D C:\ProgramData\.mono
2015-08-04 07:28 - 2015-08-04 07:28 - 00288744 _____ C:\Windows\Minidump\080415-33041-01.dmp
2015-08-03 11:57 - 2015-08-07 19:32 - 00000112 _____ C:\ProgramData\fJMqmDsP.dat
2015-08-02 23:23 - 2015-08-02 23:32 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Opera Software
2015-08-02 23:23 - 2015-08-02 23:32 - 00000000 ____D C:\Users\Dave\AppData\Local\Opera Software
2015-08-02 23:16 - 2015-08-02 23:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-02 23:16 - 2015-08-02 23:16 - 00000000 ____D C:\Program Files\015
2015-08-02 23:15 - 2015-08-04 20:03 - 00000973 _____ C:\Users\Dave\Desktop\Continue Klondike_Hack_Installer.lnk
2015-08-02 23:14 - 2015-08-02 23:14 - 00637544 _____ ( ) C:\Users\Dave\Downloads\Klondike_Hack_Installer.exe
2015-07-28 17:18 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 17:18 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 17:18 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 17:18 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 14:47 - 2015-07-23 14:47 - 00124822 _____ C:\Users\Dave\Downloads\delta_faq
2015-07-21 03:21 - 2015-08-07 18:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-20 17:20 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 17:20 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:20 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 10:21 - 2015-07-20 10:21 - 00000247 _____ C:\Windows\system32\2015-07-20-14-21-26.059-aswFe.exe-37060.log
2015-07-20 10:21 - 2015-07-20 10:21 - 00000197 _____ C:\Windows\system32\2015-07-20-14-21-20.079-AvastVBoxSVC.exe-36904.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000247 _____ C:\Windows\system32\2015-07-20-14-14-21.071-aswFe.exe-38112.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000197 _____ C:\Windows\system32\2015-07-20-14-14-15.077-AvastVBoxSVC.exe-37756.log
2015-07-20 10:05 - 2015-07-20 10:05 - 00000247 _____ C:\Windows\system32\2015-07-20-14-05-22.091-aswFe.exe-38036.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000247 _____ C:\Windows\system32\2015-07-20-14-03-41.073-aswFe.exe-1596.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000197 _____ C:\Windows\system32\2015-07-20-14-03-32.098-AvastVBoxSVC.exe-3720.log
2015-07-20 09:53 - 2015-07-20 09:53 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-17 03:45 - 2015-07-17 03:45 - 00000197 _____ C:\Windows\system32\2015-07-17-07-45-22.088-AvastVBoxSVC.exe-3828.log
2015-07-15 20:06 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 20:06 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 20:06 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 20:06 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 20:06 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 20:06 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 20:06 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 20:06 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 20:06 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 20:05 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 20:05 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 20:05 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 20:05 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 20:05 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 20:05 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 20:05 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 20:05 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 20:03 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 20:03 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 20:03 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 20:03 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 20:03 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 20:03 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 20:03 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 20:03 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 20:03 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 20:03 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 20:03 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 20:03 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 20:03 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 20:03 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 20:03 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 20:03 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 20:03 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 20:03 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 20:03 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 20:03 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 20:03 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 20:03 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 20:03 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 20:03 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 20:03 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 20:03 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:59 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:59 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 19:59 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:59 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:59 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:59 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:59 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 19:59 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:58 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 19:58 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 19:58 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 19:58 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 19:58 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(2)
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(1)
2015-07-11 11:41 - 2015-07-11 11:41 - 00000197 _____ C:\Windows\system32\2015-07-11-15-41-02.074-AvastVBoxSVC.exe-2208.log
2015-07-11 10:49 - 2015-07-11 10:49 - 00000197 _____ C:\Windows\system32\2015-07-11-14-49-35.017-AvastVBoxSVC.exe-1916.log
2015-07-10 09:39 - 2015-08-02 12:58 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 19:45 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 19:45 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 19:41 - 2011-11-18 21:47 - 01998050 _____ C:\Windows\WindowsUpdate.log
2015-08-07 19:37 - 2012-08-17 14:09 - 00000005 _____ C:\END
2015-08-07 19:36 - 2012-09-29 10:31 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA.job
2015-08-07 19:35 - 2012-03-23 23:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 19:35 - 2011-11-18 21:46 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 19:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 19:34 - 2009-07-14 00:51 - 00078872 _____ C:\Windows\setupact.log
2015-08-07 19:33 - 2010-11-20 23:47 - 00953666 _____ C:\Windows\PFRO.log
2015-08-07 19:32 - 2012-03-30 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 19:21 - 2012-03-23 23:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 19:18 - 2012-04-03 21:18 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2015-08-07 05:42 - 2012-04-25 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-06 10:36 - 2012-09-29 10:31 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core.job
2015-08-06 02:33 - 2012-03-23 23:13 - 00002152 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 21:31 - 2015-03-21 20:22 - 319895965 _____ C:\Windows\MEMORY.DMP
2015-08-05 21:31 - 2013-04-08 19:56 - 00000000 ____D C:\Windows\Minidump
2015-08-04 23:52 - 2013-10-31 14:59 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2015-08-04 21:54 - 2014-11-17 20:32 - 00000000 ____D C:\SUPERDelete
2015-08-02 23:32 - 2012-03-15 21:02 - 00001422 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 13:05 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2015-07-29 03:01 - 2014-04-30 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 10:31 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 09:40 - 2013-08-02 21:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-23 07:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-21 03:19 - 2009-07-14 00:45 - 00431936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 09:53 - 2014-09-11 05:07 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-20 09:53 - 2014-09-11 05:07 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 09:52 - 2012-03-23 23:08 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-17 03:44 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-17 03:37 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 03:37 - 2014-12-11 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-17 03:10 - 2013-07-30 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 19:38 - 2012-12-29 12:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 19:34 - 2014-12-25 20:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:35 - 2012-03-30 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:34 - 2012-03-30 23:09 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:34 - 2012-03-15 22:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:15 - 2012-03-23 23:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 19:15 - 2012-03-23 23:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-11 11:35 - 2012-03-19 22:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-10 23:00 - 2014-06-02 12:57 - 00000000 ____D C:\Users\Dave\Desktop\[bleep] i dont give a hit about

==================== Files in the root of some directories =======

2013-11-03 18:20 - 2014-06-26 17:47 - 0000035 _____ () C:\Users\Dave\AppData\Roaming\WB.CFG
2013-12-31 14:01 - 2014-01-03 13:38 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 18:20 - 2014-02-01 01:41 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-TTL.DAT
2015-08-03 11:57 - 2015-08-07 19:32 - 0000112 _____ () C:\ProgramData\fJMqmDsP.dat
2012-05-08 16:46 - 2012-12-27 22:17 - 0001906 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\fJMqmDsP.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 07:14

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Dave (2015-08-07 20:03:25)
Running from C:\Users\Dave\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3386438342-948231862-3273088082-500 - Administrator - Disabled)
Dave (S-1-5-21-3386438342-948231862-3273088082-1001 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-3386438342-948231862-3273088082-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3386438342-948231862-3273088082-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3386438342-948231862-3273088082-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C6200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Cradle of Rome (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}) (Version:  - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DraftSight (HKLM-x32\...\{8EBF1B19-7756-42E5-A663-93ACB1D1FEA8}) (Version: 9.1.173 - Dassault Systemes)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.2.4 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
Free Text Pad (HKLM-x32\...\Free Text Pad) (Version: 1.0 - Zenith Technology Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Games Bot (HKLM-x32\...\Games Bot) (Version: 186.0.0.621 - CLICK YES BELOW LP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Zip Extractor (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\DigitalSite) (Version:  - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.9.8 - WildTangent) Hidden
Windows Codec Pack (HKLM-x32\...\Windows Codec Pack11.041.44) (Version: 11.041.44 - Media Codecs Interactive)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zip Extractor Packages (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-01-2015 20:37:02 avast! antivirus system restore point
06-01-2015 15:35:40 Windows Update
13-01-2015 13:08:54 Windows Update
15-01-2015 04:00:28 Windows Update
16-01-2015 04:00:45 Windows Update
20-01-2015 14:08:16 Windows Update
23-01-2015 20:49:31 Windows Update
27-01-2015 08:08:28 Windows Update
30-01-2015 13:31:44 Windows Update
03-02-2015 06:07:28 Windows Update
10-02-2015 18:27:09 Windows Update
11-02-2015 04:00:47 Windows Update
12-02-2015 04:00:47 Windows Update
13-02-2015 04:00:44 Windows Update
17-02-2015 06:07:16 Windows Update
20-02-2015 07:03:41 Windows Update
23-02-2015 15:39:43 Installed Fitbit Connect
24-02-2015 08:53:04 Windows Update
26-02-2015 04:00:50 Windows Update
03-03-2015 07:38:06 Windows Update
04-03-2015 04:00:28 Windows Update
10-03-2015 14:23:09 Windows Update
11-03-2015 03:00:49 Windows Update
18-03-2015 20:08:40 Windows Update
24-03-2015 13:31:16 Windows Update
25-03-2015 03:00:54 Windows Update
31-03-2015 18:37:31 Windows Update
05-04-2015 03:00:51 Windows Update
10-04-2015 06:30:08 Windows Update
14-04-2015 11:21:57 Windows Update
16-04-2015 03:00:25 Windows Update
21-04-2015 05:54:46 Windows Update
24-04-2015 18:55:24 Windows Update
28-04-2015 13:42:29 Windows Update
01-05-2015 17:18:19 Windows Update
05-05-2015 06:05:44 Windows Update
08-05-2015 07:08:05 Windows Update
12-05-2015 11:09:37 Windows Update
14-05-2015 03:00:39 Windows Update
19-05-2015 06:26:42 Windows Update
20-05-2015 03:00:48 Windows Update
27-05-2015 05:45:22 Windows Update
02-06-2015 05:31:46 Windows Update
06-06-2015 03:00:43 Windows Update
09-06-2015 14:44:40 Windows Update
10-06-2015 03:00:44 Windows Update
16-06-2015 06:41:56 Windows Update
23-06-2015 05:06:04 Windows Update
26-06-2015 06:21:25 Windows Update
30-06-2015 13:56:19 Windows Update
04-07-2015 09:31:58 Windows Update
07-07-2015 11:26:33 Windows Update
14-07-2015 09:49:49 Windows Update
17-07-2015 03:00:50 Windows Update
20-07-2015 09:49:55 avast! antivirus system restore point
21-07-2015 03:00:22 Windows Update
24-07-2015 17:19:24 Windows Update
28-07-2015 17:18:06 Windows Update
29-07-2015 03:00:23 Windows Update
02-08-2015 11:52:55 Windows Update
02-08-2015 23:30:46 Windows Defender Checkpoint
04-08-2015 11:12:20 Windows Defender Checkpoint
05-08-2015 21:06:12 Windows Defender Checkpoint
07-08-2015 19:20:06 Windows Defender Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B50005-A389-4D58-AB99-DA7D922BB61C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {0AF5188E-7490-4502-9C61-60EF2D4CD389} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {2602C6AC-EA7D-485D-BBA0-3E53780BDCCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {2E5F3393-B2EC-4A7F-9FE5-7EE55CE005B4} - System32\Tasks\{119550F2-DA53-447E-8FBF-4D4385C41223} => pcalua.exe -a C:\Users\Dave\Downloads\SpyHunter-Installer.exe -d C:\Users\Dave\Downloads
Task: {41F9F46E-C9FE-47E5-8A68-94D247B2E648} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5ED060DD-53F4-43FF-A6BA-6CF400B391A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {65351377-23AD-4C8D-A05F-58049B660D5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {680A34B3-B27D-46B5-86CC-2C48DCB8B24D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {68A55FCA-A045-4967-AB34-F38380030BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {8B532580-7124-4BD9-8FEC-6F3831E5F0EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {BB3AB753-1A0E-44AA-8253-A76497FABCE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {DAE79FB3-FFF4-4788-B9D2-57902A1C9BEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-14 03:03 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-15 09:24 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-22 16:09 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-08-10 20:01 - 2009-08-10 20:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 20:00 - 2009-08-10 20:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 20:01 - 2009-08-10 20:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2015-04-07 05:12 - 2015-04-07 05:12 - 00622392 _____ () C:\Program Files\015\lxqvbcbiws32.exe
2009-08-10 20:01 - 2009-08-10 20:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-08-07 19:39 - 2015-08-07 19:39 - 01170432 _____ () c:\windows\temp\uo124.exe
2011-01-18 21:08 - 2011-01-18 21:08 - 00620136 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 09:52 - 2015-07-20 09:52 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-07 18:35 - 2015-08-07 18:35 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080702\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-07 07:01 - 2012-07-07 07:01 - 00948144 _____ () C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\QtNetwork4.dll
2012-07-07 07:01 - 2012-07-07 07:01 - 02623408 _____ () C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\QtCore4.dll
2012-07-07 07:01 - 2012-07-07 07:01 - 00387505 _____ () C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\QtXml4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2011-01-18 21:08 - 2011-01-18 21:08 - 00151656 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2015-07-20 09:53 - 2015-07-20 09:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\uzoxwqjl.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:4BB9495E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.151 - 82.163.142.153
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8739928A-BE5C-446C-B0E0-4291BB78FAA6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{944F18B4-2348-462B-A994-C69B20A15319}] => (Allow) LPort=2869
FirewallRules: [{3A686F86-81C7-4476-AD0A-B76C59948B24}] => (Allow) LPort=1900
FirewallRules: [{8ED5BDF2-34CD-49E0-A5AF-3DCB31E17385}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{70D0560B-B11B-41EE-824F-50BCCD82E82E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{10E7BBEA-48AE-4062-967D-B4724A95D50C}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS7B98\setup\hpznui40.exe
FirewallRules: [{460FB2F0-7C44-42B8-905E-A73E4A177E0E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{209C159F-6500-4288-A31C-0D41277EACEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B6D024A5-3E7D-4E3C-9A71-166E9ACA641D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FE9178A9-0B5D-4950-83C4-328DF58FE6DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{059A8E39-AF51-460D-910B-275CA11D7DEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E4FB83D0-9104-4F55-B6CD-536DE8D14762}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7DDCAC9-E9C4-46F1-AB2D-39010E1DC066}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{F6804E05-4415-4E7B-9E4E-EEE128791AB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4E0B0301-AED7-4449-B958-12E05DEED4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6B50C10F-4892-49A1-8810-FC55392BE24D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{ED3656DB-3BF0-457C-91DE-89F919017AE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{3534C275-82B8-4DB5-AF20-42AA94BA0E3E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{5EB8C8FC-2953-4B5E-B636-EA33E5A2E5E9}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{059E02F3-80B1-484B-9352-E99E87288501}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{56D85588-A90A-47EA-927E-F77099A5D48E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{392AAC56-9EB6-40CE-B53E-D3353D19871E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0928A0D9-BC84-4D3A-B135-937E3D4C8DF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7EF279E3-B97F-4320-9109-632D00264BFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{13F52B63-340E-4424-8D31-8F1E9960B42C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CDDFF6C8-D9BD-44FB-84A0-CCA6330A63C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F842959B-A79D-4695-BA53-168967077D1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3A44F714-BBFC-42E5-998F-397B1828664B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{230F1142-A337-47B6-9622-08F8C4910C80}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{663AADDC-1E16-41F2-AEEC-34D9264798AD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D910256B-6A2C-4329-A0FA-52B916D5F3D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0E43D8AF-D74E-4294-A87F-42E94CABA106}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EEFD98DA-5517-491C-BC5F-1DD07812D513}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E8A88342-AE09-4C92-95E6-3F2B5D62818F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6D36BCA2-660E-44F2-B3CA-38D00E59136F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E346008-EBF8-496B-AF1C-0EFE9E71426A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB51D002-14C9-41F7-9014-2510E75D43E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{255EBE98-81F6-4F9F-A1A6-2EE79A8FA63B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40C455D0-7C34-4C70-AD92-F0C173A3B21D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DAA705F5-51CE-4405-A583-8DF9FA92D550}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{11C0E1CD-8821-42FF-B031-1D4317E788C7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{50409FFA-507A-460B-BCCD-A8462C2BEF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{083E2423-25F5-4003-97DA-DA2A5528C919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1735A76-BFE0-4122-ACE9-C4595695A6FD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{31C05C89-25E6-4A65-9296-21708FEB8EA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EB5A2761-E31F-416D-A45E-7228AD25FDB2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DB52F59D-16CA-497A-99BD-0F4886004CA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F7DCA3CF-2367-4A46-847A-01CD62D6B54B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7F5DC64D-4B9A-4DF9-937D-FC866F0B784C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DDFFBC22-8F37-42C0-AB46-70072364E210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (08/07/2015 07:38:13 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows (3512) Windows: An attempt to delete the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2015 07:38:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3512) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2015 07:36:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/07/2015 07:36:01 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/07/2015 08:00:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CoupoonService64 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/07/2015 07:38:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/07/2015 07:38:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/07/2015 07:38:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (08/07/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/07/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/07/2015 07:35:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (08/07/2015 07:18:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/07/2015 07:07:23 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/07/2015 06:59:28 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.


Microsoft Office:
=========================
Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (08/07/2015 07:38:13 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows3512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2015 07:38:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows3512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2015 07:36:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/07/2015 07:36:01 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 46%
Total physical RAM: 2815.37 MB
Available physical RAM: 1505.69 MB
Total Virtual: 5628.94 MB
Available Virtual: 3825.77 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:745.64 GB) NTFS
Drive e: (EOS_DIGITAL) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 952.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Let's try it again.  We made some progress but didn't get it all:

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that. 

 

 

Download the adwCleaner
Pause your anti-virus.  Close all browsers.

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right  click in the adwCleaner.exe and select the Delete option
     
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html

:!: Turn off your screen saver so you can see what is going on

Download and Save this file --  to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.  



    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.

Download TDSSKiller:
http://support.kaspe...lity#TDSSKiller
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

 

Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 


  • 0

#5
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Here is the boot scan -  it was running when you replied

 

08/07/2013 21:28
Scan of all local drives


Scanning aborted
Number of searched folders: 49
Number of tested files: 11398
Number of infected files: 0

----------------------------------------
05/19/2015 19:08
Scan of all local drives

File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z6DYNTT\search_defender_166[1].exe|>nsis.hdr is infected by NSIS:SProtector-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z6DYNTT\Setup[1].exe|>nsis.hdr is infected by NSIS:BrowseFox-E [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z6DYNTT\Setup[1].exe|>$INSTDIR\BatBrowseBHO.dll is infected by Win32:BrowseFox-CZ [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z6DYNTT\Setup[1].exe|>$INSTDIR\updateBatBrowse.exe is infected by Win32:BrowseFox-CZ [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z6DYNTT\Setup[1].exe is infected by Win32:BrowseFox-CZ [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R2\$PLUGINSDIR\SPtool.dll is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R1\rep\$R1\CltMngSvc.exe is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R1\rep\$R1\SPTool.dll is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R1\rep\$R1\uninstall.exe|>$R2\$PLUGINSDIR\SPtool.dll is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R1\rep\$R1\cltmng.exe is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R1\rep\$R1\SPVC32.dll is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3LB98CH\SPSetup[1].exe|>$R1\dialogs\libs\$R1\cltmngui.exe is infected by Win32:Conduit-A [PUP], Moved to chest
File C:\Users\Dave\AppData\LocalLow\Google\GoogleEarth\webdata\f_000005|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\Desktop\Old Firefox Data\bbrskqqf.default\extensions\[email protected]|>content\prefman.js is infected by JS:Febipos-N [Trj], Moved to chest
File C:\Users\Dave\Desktop\Old Firefox Data\bbrskqqf.default\extensions\[email protected]|>content\script-compiler-overlay.xul is infected by XML:Febipos-C [Trj], Moved to chest
File C:\Users\Dave\Desktop\Old Firefox Data\bbrskqqf.default\extensions\[email protected]|>content\script-compiler.js is infected by JS:Febipos-M [Trj], Moved to chest
File C:\Users\Dave\Desktop\Old Firefox Data\bbrskqqf.default\extensions\[email protected]|>content\xmlhttprequester.js is infected by JS:Febipos-O [Trj], Moved to chest
File C:\Users\Dave\Desktop\Old Firefox Data\bbrskqqf.default\extensions\[email protected]|>content\youtube.js is infected by JS:Includer-B [Trj], Moved to chest
File C:\Users\Dave\Desktop\Old Firefox Data\bbrskqqf.default\extensions\[email protected]|>chrome.manifest is infected by Other:Febipos-A [Trj], Moved to chest
File C:\Users\Dave\Downloads\iCloudSetup.exe|>iCloud64.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab|>AS_msmdlocal_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\Update.exe is infected by Win32:Adware-CAH [PUP], Moved to chest
Number of searched folders: 39454
Number of tested files: 1097007
Number of infected files: 19

----------------------------------------
08/02/2015 23:42
Scan of all local drives

File C:\Users\Dave\AppData\LocalLow\Google\GoogleEarth\webdata\f_000005|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\Downloads\iCloudSetup.exe|>iCloud64.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab|>AS_msmdlocal_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab Error 42127 {CAB archive is corrupted.}
File C:\Windows\Temp\AF\AF.exe|>Inno0001.bin is infected by Win32:GenMaliciousA-RGV [Trj], Moved to chest
Number of searched folders: 40920
Number of tested files: 1100670
Number of infected files: 1

----------------------------------------
08/04/2015 11:24
Scan of all local drives


Scanning aborted
Number of searched folders: 3674
Number of tested files: 54418
Number of infected files: 0

----------------------------------------
08/04/2015 12:03
Scan of all local drives


Scanning aborted
Number of searched folders: 10
Number of tested files: 2013
Number of infected files: 0

----------------------------------------
08/04/2015 14:24
Scan of all local drives

File C:\Users\Dave\AppData\LocalLow\Google\GoogleEarth\webdata\f_000005|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\Downloads\iCloudSetup.exe|>iCloud64.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab|>AS_msmdlocal_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab Error 42127 {CAB archive is corrupted.}
File C:\Windows\Temp\AF\AF.exe|>Inno0001.bin is infected by Win32:GenMaliciousA-RGV [Trj], Moved to chest
Number of searched folders: 41736
Number of tested files: 1103571
Number of infected files: 1

----------------------------------------
08/06/2015 20:13
Scan of all local drives


Scanning aborted
Number of searched folders: 3
Number of tested files: 6
Number of infected files: 0

----------------------------------------
08/07/2015 20:21
Scan of all local drives

File C:\FRST\Quarantine\C\Windows\SysWOW64\First Verify\trz678B.tmp is infected by Win32:GenMaliciousA-RGV [Trj], Moved to chest
File C:\FRST\Quarantine\C\Windows\SysWOW64\First Verify\trzFD33.tmp is infected by Win32:GenMaliciousA-RGV [Trj], Moved to chest
File C:\Users\Dave\AppData\LocalLow\Google\GoogleEarth\webdata\f_000005|>doc.kml Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Users\Dave\Downloads\iCloudSetup.exe|>iCloud64.msi Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\klondike the lost expedition cheats_10924_i40680048_il345.exe is infected by Win32:Amonetize-JO [PUP], Moved to chest
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab|>AS_msmdlocal_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC Error 42127 {CAB archive is corrupted.}
File C:\Users\Dave\Downloads\X16-32250.exe|>ProPrWW.cab Error 42127 {CAB archive is corrupted.}
File C:\Windows\Temp\AF\AF.exe|>Inno0001.bin is infected by Win32:GenMaliciousA-RGV [Trj], Moved to chest
Number of searched folders: 39744
Number of tested files: 942177
Number of infected files: 4
 


  • 0

#6
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Grrr - let me try this again in smaller portions.  I tried to post it all at once and I think it was too big.

 

First run of FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by Dave (administrator) on DAVE-PC (07-08-2015 20:02:33)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & UpdatusUser (Available Profiles: Dave & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Dassault Systèmes) C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files\015\lxqvbcbiws32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Facebook Update] => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-29] (Facebook Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 82.163.143.151,82.163.142.153
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-27]
FF HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-27] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-07-07] (Dassault Systèmes) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-03-31] (WildTangent)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-04-07] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)
S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [55808 2007-03-16] (Mars Semiconductor Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 uzoxwqjl; C:\Windows\system32\drivers\uzoxwqjl.sys [55168 2015-08-07] (Microsoft Corporation)
R1 netfilter64; system32\drivers\netfilter64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 20:00 - 2015-08-07 20:00 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uzoxwqjl.sys
2015-08-07 19:37 - 2015-08-07 20:00 - 00000000 ____D C:\Program Files (x86)\coupoon
2015-08-07 19:37 - 2015-08-07 19:37 - 00000000 ____D C:\Program Files\Coupoon
2015-08-07 19:17 - 2015-08-07 19:18 - 00050311 _____ C:\Users\Dave\Downloads\download
2015-08-07 19:17 - 2015-08-07 19:17 - 00000000 ____D C:\Users\Dave\Desktop\FRST-OlderVersion
2015-08-07 18:38 - 2015-08-07 18:38 - 00000000 ____D C:\Users\Dave\AppData\Local\TempTaskUpdateDetection3A394ED3-7BCA-4411-8F93-5FD3D204E44A
2015-08-06 20:47 - 2015-08-07 05:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 11:17 - 2015-08-06 11:19 - 05534539 _____ C:\Users\Dave\Downloads\filmon-hdi-3.1.3657.dmg.crdownload
2015-08-06 04:01 - 2015-08-06 04:02 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup (1).zip
2015-08-06 04:01 - 2015-08-06 04:01 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup.zip
2015-08-05 21:31 - 2015-08-05 21:31 - 00266288 _____ C:\Windows\Minidump\080515-35739-01.dmp
2015-08-05 21:30 - 2015-08-05 21:30 - 00003288 ____N C:\bootsqm.dat
2015-08-05 10:49 - 2015-08-05 10:49 - 00266288 _____ C:\Windows\Minidump\080515-36847-01.dmp
2015-08-04 22:13 - 2015-08-06 19:32 - 00051753 _____ C:\Users\Dave\Desktop\Addition.txt
2015-08-04 22:11 - 2015-08-07 20:02 - 00024224 _____ C:\Users\Dave\Desktop\FRST.txt
2015-08-04 22:09 - 2015-08-07 20:02 - 00000000 ____D C:\FRST
2015-08-04 22:04 - 2015-08-07 19:17 - 02170368 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2015-08-04 20:42 - 2015-08-04 20:43 - 01552912 _____ (Dummy, Ltd.) C:\Users\Dave\Downloads\klondike the lost expedition cheats_10924_i40680048_il345.exe
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____D C:\Users\Dave\AppData\Roaming\.mono
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____D C:\ProgramData\.mono
2015-08-04 07:28 - 2015-08-04 07:28 - 00288744 _____ C:\Windows\Minidump\080415-33041-01.dmp
2015-08-03 11:57 - 2015-08-07 19:32 - 00000112 _____ C:\ProgramData\fJMqmDsP.dat
2015-08-02 23:23 - 2015-08-02 23:32 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Opera Software
2015-08-02 23:23 - 2015-08-02 23:32 - 00000000 ____D C:\Users\Dave\AppData\Local\Opera Software
2015-08-02 23:16 - 2015-08-02 23:32 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-02 23:16 - 2015-08-02 23:16 - 00000000 ____D C:\Program Files\015
2015-08-02 23:15 - 2015-08-04 20:03 - 00000973 _____ C:\Users\Dave\Desktop\Continue Klondike_Hack_Installer.lnk
2015-08-02 23:14 - 2015-08-02 23:14 - 00637544 _____ ( ) C:\Users\Dave\Downloads\Klondike_Hack_Installer.exe
2015-07-28 17:18 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 17:18 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 17:18 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 17:18 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 14:47 - 2015-07-23 14:47 - 00124822 _____ C:\Users\Dave\Downloads\delta_faq
2015-07-21 03:21 - 2015-08-07 18:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-20 17:20 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 17:20 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:20 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 10:21 - 2015-07-20 10:21 - 00000247 _____ C:\Windows\system32\2015-07-20-14-21-26.059-aswFe.exe-37060.log
2015-07-20 10:21 - 2015-07-20 10:21 - 00000197 _____ C:\Windows\system32\2015-07-20-14-21-20.079-AvastVBoxSVC.exe-36904.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000247 _____ C:\Windows\system32\2015-07-20-14-14-21.071-aswFe.exe-38112.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000197 _____ C:\Windows\system32\2015-07-20-14-14-15.077-AvastVBoxSVC.exe-37756.log
2015-07-20 10:05 - 2015-07-20 10:05 - 00000247 _____ C:\Windows\system32\2015-07-20-14-05-22.091-aswFe.exe-38036.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000247 _____ C:\Windows\system32\2015-07-20-14-03-41.073-aswFe.exe-1596.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000197 _____ C:\Windows\system32\2015-07-20-14-03-32.098-AvastVBoxSVC.exe-3720.log
2015-07-20 09:53 - 2015-07-20 09:53 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-17 03:45 - 2015-07-17 03:45 - 00000197 _____ C:\Windows\system32\2015-07-17-07-45-22.088-AvastVBoxSVC.exe-3828.log
2015-07-15 20:06 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 20:06 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 20:06 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 20:06 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 20:06 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 20:06 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 20:06 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 20:06 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 20:06 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 20:05 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 20:05 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 20:05 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 20:05 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 20:05 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 20:05 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 20:05 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 20:05 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 20:03 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 20:03 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 20:03 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 20:03 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 20:03 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 20:03 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 20:03 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 20:03 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 20:03 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 20:03 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 20:03 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 20:03 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 20:03 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 20:03 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 20:03 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 20:03 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 20:03 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 20:03 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 20:03 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 20:03 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 20:03 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 20:03 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 20:03 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 20:03 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 20:03 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 20:03 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:59 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:59 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 19:59 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:59 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:59 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:59 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:59 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 19:59 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:58 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 19:58 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 19:58 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 19:58 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 19:58 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(2)
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(1)
2015-07-11 11:41 - 2015-07-11 11:41 - 00000197 _____ C:\Windows\system32\2015-07-11-15-41-02.074-AvastVBoxSVC.exe-2208.log
2015-07-11 10:49 - 2015-07-11 10:49 - 00000197 _____ C:\Windows\system32\2015-07-11-14-49-35.017-AvastVBoxSVC.exe-1916.log
2015-07-10 09:39 - 2015-08-02 12:58 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 19:45 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 19:45 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 19:41 - 2011-11-18 21:47 - 01998050 _____ C:\Windows\WindowsUpdate.log
2015-08-07 19:37 - 2012-08-17 14:09 - 00000005 _____ C:\END
2015-08-07 19:36 - 2012-09-29 10:31 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA.job
2015-08-07 19:35 - 2012-03-23 23:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 19:35 - 2011-11-18 21:46 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 19:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 19:34 - 2009-07-14 00:51 - 00078872 _____ C:\Windows\setupact.log
2015-08-07 19:33 - 2010-11-20 23:47 - 00953666 _____ C:\Windows\PFRO.log
2015-08-07 19:32 - 2012-03-30 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 19:21 - 2012-03-23 23:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 19:18 - 2012-04-03 21:18 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2015-08-07 05:42 - 2012-04-25 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-06 10:36 - 2012-09-29 10:31 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core.job
2015-08-06 02:33 - 2012-03-23 23:13 - 00002152 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 21:31 - 2015-03-21 20:22 - 319895965 _____ C:\Windows\MEMORY.DMP
2015-08-05 21:31 - 2013-04-08 19:56 - 00000000 ____D C:\Windows\Minidump
2015-08-04 23:52 - 2013-10-31 14:59 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2015-08-04 21:54 - 2014-11-17 20:32 - 00000000 ____D C:\SUPERDelete
2015-08-02 23:32 - 2012-03-15 21:02 - 00001422 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 13:05 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2015-07-29 03:01 - 2014-04-30 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 10:31 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 09:40 - 2013-08-02 21:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-23 07:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-21 03:19 - 2009-07-14 00:45 - 00431936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 09:53 - 2014-09-11 05:07 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-20 09:53 - 2014-09-11 05:07 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 09:52 - 2012-03-23 23:08 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-17 03:44 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-17 03:37 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 03:37 - 2014-12-11 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-17 03:10 - 2013-07-30 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 19:38 - 2012-12-29 12:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 19:34 - 2014-12-25 20:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:35 - 2012-03-30 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:34 - 2012-03-30 23:09 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:34 - 2012-03-15 22:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:15 - 2012-03-23 23:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 19:15 - 2012-03-23 23:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-11 11:35 - 2012-03-19 22:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-10 23:00 - 2014-06-02 12:57 - 00000000 ____D C:\Users\Dave\Desktop\[bleep] i dont give a hit about

==================== Files in the root of some directories =======

2013-11-03 18:20 - 2014-06-26 17:47 - 0000035 _____ () C:\Users\Dave\AppData\Roaming\WB.CFG
2013-12-31 14:01 - 2014-01-03 13:38 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 18:20 - 2014-02-01 01:41 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-TTL.DAT
2015-08-03 11:57 - 2015-08-07 19:32 - 0000112 _____ () C:\ProgramData\fJMqmDsP.dat
2012-05-08 16:46 - 2012-12-27 22:17 - 0001906 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\fJMqmDsP.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 07:14

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Dave (2015-08-07 20:03:25)
Running from C:\Users\Dave\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3386438342-948231862-3273088082-500 - Administrator - Disabled)
Dave (S-1-5-21-3386438342-948231862-3273088082-1001 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-3386438342-948231862-3273088082-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3386438342-948231862-3273088082-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3386438342-948231862-3273088082-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C6200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Cradle of Rome (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}) (Version:  - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DraftSight (HKLM-x32\...\{8EBF1B19-7756-42E5-A663-93ACB1D1FEA8}) (Version: 9.1.173 - Dassault Systemes)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.2.4 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
Free Text Pad (HKLM-x32\...\Free Text Pad) (Version: 1.0 - Zenith Technology Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Games Bot (HKLM-x32\...\Games Bot) (Version: 186.0.0.621 - CLICK YES BELOW LP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Zip Extractor (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\DigitalSite) (Version:  - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.9.8 - WildTangent) Hidden
Windows Codec Pack (HKLM-x32\...\Windows Codec Pack11.041.44) (Version: 11.041.44 - Media Codecs Interactive)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zip Extractor Packages (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-01-2015 20:37:02 avast! antivirus system restore point
06-01-2015 15:35:40 Windows Update
13-01-2015 13:08:54 Windows Update
15-01-2015 04:00:28 Windows Update
16-01-2015 04:00:45 Windows Update
20-01-2015 14:08:16 Windows Update
23-01-2015 20:49:31 Windows Update
27-01-2015 08:08:28 Windows Update
30-01-2015 13:31:44 Windows Update
03-02-2015 06:07:28 Windows Update
10-02-2015 18:27:09 Windows Update
11-02-2015 04:00:47 Windows Update
12-02-2015 04:00:47 Windows Update
13-02-2015 04:00:44 Windows Update
17-02-2015 06:07:16 Windows Update
20-02-2015 07:03:41 Windows Update
23-02-2015 15:39:43 Installed Fitbit Connect
24-02-2015 08:53:04 Windows Update
26-02-2015 04:00:50 Windows Update
03-03-2015 07:38:06 Windows Update
04-03-2015 04:00:28 Windows Update
10-03-2015 14:23:09 Windows Update
11-03-2015 03:00:49 Windows Update
18-03-2015 20:08:40 Windows Update
24-03-2015 13:31:16 Windows Update
25-03-2015 03:00:54 Windows Update
31-03-2015 18:37:31 Windows Update
05-04-2015 03:00:51 Windows Update
10-04-2015 06:30:08 Windows Update
14-04-2015 11:21:57 Windows Update
16-04-2015 03:00:25 Windows Update
21-04-2015 05:54:46 Windows Update
24-04-2015 18:55:24 Windows Update
28-04-2015 13:42:29 Windows Update
01-05-2015 17:18:19 Windows Update
05-05-2015 06:05:44 Windows Update
08-05-2015 07:08:05 Windows Update
12-05-2015 11:09:37 Windows Update
14-05-2015 03:00:39 Windows Update
19-05-2015 06:26:42 Windows Update
20-05-2015 03:00:48 Windows Update
27-05-2015 05:45:22 Windows Update
02-06-2015 05:31:46 Windows Update
06-06-2015 03:00:43 Windows Update
09-06-2015 14:44:40 Windows Update
10-06-2015 03:00:44 Windows Update
16-06-2015 06:41:56 Windows Update
23-06-2015 05:06:04 Windows Update
26-06-2015 06:21:25 Windows Update
30-06-2015 13:56:19 Windows Update
04-07-2015 09:31:58 Windows Update
07-07-2015 11:26:33 Windows Update
14-07-2015 09:49:49 Windows Update
17-07-2015 03:00:50 Windows Update
20-07-2015 09:49:55 avast! antivirus system restore point
21-07-2015 03:00:22 Windows Update
24-07-2015 17:19:24 Windows Update
28-07-2015 17:18:06 Windows Update
29-07-2015 03:00:23 Windows Update
02-08-2015 11:52:55 Windows Update
02-08-2015 23:30:46 Windows Defender Checkpoint
04-08-2015 11:12:20 Windows Defender Checkpoint
05-08-2015 21:06:12 Windows Defender Checkpoint
07-08-2015 19:20:06 Windows Defender Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B50005-A389-4D58-AB99-DA7D922BB61C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {0AF5188E-7490-4502-9C61-60EF2D4CD389} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {2602C6AC-EA7D-485D-BBA0-3E53780BDCCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {2E5F3393-B2EC-4A7F-9FE5-7EE55CE005B4} - System32\Tasks\{119550F2-DA53-447E-8FBF-4D4385C41223} => pcalua.exe -a C:\Users\Dave\Downloads\SpyHunter-Installer.exe -d C:\Users\Dave\Downloads
Task: {41F9F46E-C9FE-47E5-8A68-94D247B2E648} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5ED060DD-53F4-43FF-A6BA-6CF400B391A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {65351377-23AD-4C8D-A05F-58049B660D5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {680A34B3-B27D-46B5-86CC-2C48DCB8B24D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {68A55FCA-A045-4967-AB34-F38380030BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {8B532580-7124-4BD9-8FEC-6F3831E5F0EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-29] (Facebook Inc.)
Task: {BB3AB753-1A0E-44AA-8253-A76497FABCE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {DAE79FB3-FFF4-4788-B9D2-57902A1C9BEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001Core.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3386438342-948231862-3273088082-1001UA.job => C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-14 03:03 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-15 09:24 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-22 16:09 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-08-10 20:01 - 2009-08-10 20:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 20:00 - 2009-08-10 20:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 20:01 - 2009-08-10 20:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2015-04-07 05:12 - 2015-04-07 05:12 - 00622392 _____ () C:\Program Files\015\lxqvbcbiws32.exe
2009-08-10 20:01 - 2009-08-10 20:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-08-07 19:39 - 2015-08-07 19:39 - 01170432 _____ () c:\windows\temp\uo124.exe
2011-01-18 21:08 - 2011-01-18 21:08 - 00620136 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 09:52 - 2015-07-20 09:52 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-07 18:35 - 2015-08-07 18:35 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080702\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-07 07:01 - 2012-07-07 07:01 - 00948144 _____ () C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\QtNetwork4.dll
2012-07-07 07:01 - 2012-07-07 07:01 - 02623408 _____ () C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\QtCore4.dll
2012-07-07 07:01 - 2012-07-07 07:01 - 00387505 _____ () C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\QtXml4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2011-01-18 21:08 - 2011-01-18 21:08 - 00151656 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
2015-07-20 09:53 - 2015-07-20 09:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\uzoxwqjl.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:4BB9495E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.151 - 82.163.142.153
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8739928A-BE5C-446C-B0E0-4291BB78FAA6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{944F18B4-2348-462B-A994-C69B20A15319}] => (Allow) LPort=2869
FirewallRules: [{3A686F86-81C7-4476-AD0A-B76C59948B24}] => (Allow) LPort=1900
FirewallRules: [{8ED5BDF2-34CD-49E0-A5AF-3DCB31E17385}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{70D0560B-B11B-41EE-824F-50BCCD82E82E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{10E7BBEA-48AE-4062-967D-B4724A95D50C}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS7B98\setup\hpznui40.exe
FirewallRules: [{460FB2F0-7C44-42B8-905E-A73E4A177E0E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{209C159F-6500-4288-A31C-0D41277EACEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B6D024A5-3E7D-4E3C-9A71-166E9ACA641D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FE9178A9-0B5D-4950-83C4-328DF58FE6DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{059A8E39-AF51-460D-910B-275CA11D7DEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E4FB83D0-9104-4F55-B6CD-536DE8D14762}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7DDCAC9-E9C4-46F1-AB2D-39010E1DC066}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{F6804E05-4415-4E7B-9E4E-EEE128791AB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4E0B0301-AED7-4449-B958-12E05DEED4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6B50C10F-4892-49A1-8810-FC55392BE24D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{ED3656DB-3BF0-457C-91DE-89F919017AE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{3534C275-82B8-4DB5-AF20-42AA94BA0E3E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{5EB8C8FC-2953-4B5E-B636-EA33E5A2E5E9}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{059E02F3-80B1-484B-9352-E99E87288501}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{56D85588-A90A-47EA-927E-F77099A5D48E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{392AAC56-9EB6-40CE-B53E-D3353D19871E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0928A0D9-BC84-4D3A-B135-937E3D4C8DF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7EF279E3-B97F-4320-9109-632D00264BFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{13F52B63-340E-4424-8D31-8F1E9960B42C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CDDFF6C8-D9BD-44FB-84A0-CCA6330A63C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F842959B-A79D-4695-BA53-168967077D1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3A44F714-BBFC-42E5-998F-397B1828664B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{230F1142-A337-47B6-9622-08F8C4910C80}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{663AADDC-1E16-41F2-AEEC-34D9264798AD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D910256B-6A2C-4329-A0FA-52B916D5F3D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0E43D8AF-D74E-4294-A87F-42E94CABA106}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EEFD98DA-5517-491C-BC5F-1DD07812D513}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E8A88342-AE09-4C92-95E6-3F2B5D62818F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6D36BCA2-660E-44F2-B3CA-38D00E59136F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E346008-EBF8-496B-AF1C-0EFE9E71426A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB51D002-14C9-41F7-9014-2510E75D43E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{255EBE98-81F6-4F9F-A1A6-2EE79A8FA63B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40C455D0-7C34-4C70-AD92-F0C173A3B21D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DAA705F5-51CE-4405-A583-8DF9FA92D550}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{11C0E1CD-8821-42FF-B031-1D4317E788C7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{50409FFA-507A-460B-BCCD-A8462C2BEF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{083E2423-25F5-4003-97DA-DA2A5528C919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1735A76-BFE0-4122-ACE9-C4595695A6FD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{31C05C89-25E6-4A65-9296-21708FEB8EA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EB5A2761-E31F-416D-A45E-7228AD25FDB2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DB52F59D-16CA-497A-99BD-0F4886004CA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F7DCA3CF-2367-4A46-847A-01CD62D6B54B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7F5DC64D-4B9A-4DF9-937D-FC866F0B784C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DDFFBC22-8F37-42C0-AB46-70072364E210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (08/07/2015 07:38:13 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows (3512) Windows: An attempt to delete the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2015 07:38:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3512) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2015 07:36:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/07/2015 07:36:01 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/07/2015 08:00:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CoupoonService64 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/07/2015 07:38:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/07/2015 07:38:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/07/2015 07:38:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (08/07/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/07/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (08/07/2015 07:35:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (08/07/2015 07:18:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/07/2015 07:07:23 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (08/07/2015 06:59:28 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Dave-PC\Dave (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.


Microsoft Office:
=========================
Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (08/07/2015 07:38:13 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows3512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2015 07:38:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows3512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2015 07:36:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/07/2015 07:36:04 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/07/2015 07:36:01 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 46%
Total physical RAM: 2815.37 MB
Available physical RAM: 1505.69 MB
Total Virtual: 5628.94 MB
Available Virtual: 3825.77 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:745.64 GB) NTFS
Drive e: (EOS_DIGITAL) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 952.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

#7
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

ADWCleaner

 

# AdwCleaner v4.208 - Logfile created 08/08/2015 at 17:19:17
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Desktop\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\Dave\AppData\Roaming\WBPU-Q5-TTL.DAT
File Found : C:\Users\Dave\AppData\Roaming\WBPU-TTL.DAT
File Found : C:\Users\Dave\daemonprocess.txt
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\openit
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Dave\AppData\Local\genienext
Folder Found : C:\Users\Dave\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dave\AppData\LocalLow\continuetosave
Folder Found : C:\Users\Dave\AppData\Roaming\digitalsite
Folder Found : C:\Users\Dave\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Dave\AppData\Roaming\NCdownloader
Folder Found : C:\Windows\SysWOW64\First Verify

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Games Bot
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\b3.playsushi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\b4.playsushi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lab.search.conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.snapdo.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Key Found : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Games Bot
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2998365
Key Found : HKLM\SOFTWARE\coupoon
Key Found : HKLM\SOFTWARE\FlashBeat
Key Found : HKLM\SOFTWARE\Games Bot
Key Found : HKLM\SOFTWARE\GamesBarSetup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Games Bot
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\coupoon
Key Found : [x64] HKLM\SOFTWARE\FlashBeat
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0.3 (x86 en-US)

[62sr11ei.default-1377043760093] - Line Found : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[62sr11ei.default-1377043760093] - Line Found : user_pref("CT2260173.smartbar.CTID", "CT2260173");
[62sr11ei.default-1377043760093] - Line Found : user_pref("CT2260173.smartbar.Uninstall", "0");
[62sr11ei.default-1377043760093] - Line Found : user_pref("CT2260173.smartbar.homepage", true);
[62sr11ei.default-1377043760093] - Line Found : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.TBHomepagesList", "");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.TBSearchEngineList", "");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.TBSearchUrlList", "");
[62sr11ei.default-1377043760093] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2260173");
[62sr11ei.default-1377043760093] - Line Found : user_pref("browser.search.hiddenOneOffs", "AVG Secure Search");
[62sr11ei.default-1377043760093] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData", "auto%20search");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate", 1);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData", "dns%20catch");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown", true);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781", 1);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData", "tab%20search");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions", true);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate", "1417473292192");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData", "top%20right%20search");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved", true);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage", "www.msn.com");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search", "Google");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled", true);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove", true);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.session", "72DD1955DE9F5948B86DC20727D6648BABA30CE06509226040386895C5EB19E76DDA2C45629ABF697807A8F6D2A758BC8104320523F9EBC390AAD06D8CE4BBDD");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang", "en");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.tool_id", "62781");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_id", "84439750");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_key", "3fe9c2d6174cb7b4e74ef149be3d86524f044286");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts", "62781");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames", "Gamers%20Unite%21%20Snag%20Bar");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url", "64e3a27980eeceb34248bc3e680b4e63");
[62sr11ei.default-1377043760093] - Line Found : user_pref("freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch", false);
[62sr11ei.default-1377043760093] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT2260173");
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2260173&CUI=UN35002166852816615&UM=4&SearchSource=13");
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN35002166852816615&UM=4&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT2260173");
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.homePageOwnerCTID", "CT2260173");
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT2260173&CUI=UN35002166852816615&UM=4&SearchSource=13");
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.machineId", "S7NQAF/4EEIUUHG9OACAGQMMZE5TIBHURM4+FL1LCJUVVSDRMVGXRBTPYHUHLDCEBYJTFTAWC2JJKEJMDWLSCA");
[62sr11ei.default-1377043760093] - Line Found : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN35002166852816615&UM=4&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]

-\\ Google Chrome v44.0.2403.130

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=11384781-0af8-4825-9e38-09e2438c209d&searchtype=ds&q={searchTerms}&installDate=19/07/2013
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&dpid=us&lan=en&p=1&st=ds&publisher=snapdogoblidoo&country=us
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [13821 bytes] - [08/08/2015 17:19:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13881 bytes] ##########
 


  • 0

#8
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Junkware-Removal-Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Dave on Sat 08/08/2015 at 17:23:25.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2998365
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2998365



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\shoA16F.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{06FB3DC1-CB96-4B63-9328-5A6588B8CD50}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{282A4BD3-0195-4E1C-BEED-2B06E1E31162}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{28D3E414-5535-464A-985D-6188B6DFC9FA}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{31D478C4-5734-480F-A2B9-3A5ACDC2D8D9}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{4067050A-C4EE-48FE-AF23-A51929A0CE34}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{5321BFC3-74C2-47CF-81C2-F87A668370DD}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{56A3F67F-7135-4349-B754-C1D23258173F}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{5F4DDAF6-94A9-4A8A-80BC-8AB9042201BA}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{69A3E47E-E516-4A8D-BD69-D6B0EC3C8B9E}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{8834D752-8D94-4951-AB90-5363267519FA}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{991A005E-F449-4A2B-9723-767926AEBEF0}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{C25E6252-79C4-4860-BD65-AEF230C7E4AD}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{C3E65815-70FB-4962-88FC-A642546B2F09}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{C63F23BC-A2FF-4516-B142-E08B6B071EEF}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{C9E64AE3-123B-4322-B926-438826C68B9B}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{CACECEE4-7FB6-497C-BF2A-C26AD699564B}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{D8987FCC-4849-419D-BC6E-889899AE2783}
Successfully deleted: [Empty Folder] C:\Users\Dave\Appdata\Local\{E820439A-BA26-476C-9A76-2C0418E076F7}
Successfully deleted: [Folder] C:\Program Files (x86)\coupons
Successfully deleted: [Folder] C:\Program Files (x86)\oapps
Successfully deleted: [Folder] C:\Program Files (x86)\openit
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coupons
Successfully deleted: [Folder] C:\ProgramData\starapp
Successfully deleted: [Folder] C:\Users\Dave\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Dave\Appdata\Local\genienext
Successfully deleted: [Folder] C:\Users\Dave\Appdata\LocalLow\conduit
Successfully deleted: [Folder] C:\Users\Dave\Appdata\LocalLow\continuetosave
Successfully deleted: [Folder] C:\Users\Dave\AppData\Roaming\digitalsite
Successfully deleted: [Folder] C:\Windows\SysWOW64\first verify



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\62sr11ei.default-1377043760093\fctb
Successfully deleted: [Folder] C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\62sr11ei.default-1377043760093\smartbar
Successfully deleted the following from C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\62sr11ei.default-1377043760093\prefs.js

user_pref(CT2260173.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT2260173.FF19Solved, true);
user_pref(CT2260173.FirstTime, true);
user_pref(CT2260173.FirstTimeFF3, true);
user_pref(CT2260173.RestartDialogFirstTime, false);
user_pref(CT2260173.RestartDialogShouldDisplay, false);
user_pref(CT2260173.SEmemberInfo.enc, eyJoYXNoIjoiMmRhNTUwMmZiM2JmZmNkOTRmNzZkMzU4OGFlMTI2ODgiLCJzdGF0dXMiOjEsInNidHYiOnRydWUsImRhaWx5U2IiOiIwIiwiYWxsb3dTaG9wRWFybiI6dHJ1ZS
user_pref(CT2260173.UserID, UN35002166852816615);
user_pref(CT2260173.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2260173.appOptions, {});
user_pref(CT2260173.browser.search.defaultthis.engineName, true);
user_pref(CT2260173.countryCode, US);
user_pref(CT2260173.defaultSearch, true);
user_pref(CT2260173.enableSearchFromAddressBar, true);
user_pref(CT2260173.firstTimeDialogOpened, true);
user_pref(CT2260173.fixPageNotFoundErrorByUser, FALSE);
user_pref(CT2260173.fixPageNotFoundErrorInHidden, true);
user_pref(CT2260173.fullUserID, UN35002166852816615.IN.20140224221937);
user_pref(CT2260173.homepageuserchanged, true);
user_pref(CT2260173.installDate, 24/02/2014 22:19:42);
user_pref(CT2260173.installId, dm);
user_pref(CT2260173.installSessionId, F7E922DD-1ECB-4653-BC4A-59ACACC2591E);
user_pref(CT2260173.installSp, true);
user_pref(CT2260173.installType, xpe);
user_pref(CT2260173.installUsage, 2014-02-25T06:20:19.908927+03:00);
user_pref(CT2260173.installUsageEarly, 2014-02-25T06:20:18.7856982+03:00);
user_pref(CT2260173.installerVersion, 1.8.1.4);
user_pref(CT2260173.isCheckedStartAsHidden, true);
user_pref(CT2260173.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT2260173.isFirstTimeToolbarLoading, false);
user_pref(CT2260173.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT2260173.isWelcomPage, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2260173.keyword, true);
user_pref(CT2260173.lastVersion, 10.29.0.520);
user_pref(CT2260173.mam_gk_installer_preapproved.enc, dHJ1ZQ==);
user_pref(CT2260173.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\\,\EB_MAIN_FRAME_TITLE\:\\,\EB_TOOLBAR_SUB_DOMAIN\:\hxxp://SwagBucks.Our
user_pref(CT2260173.newSettings, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2260173.openThankYouPage, true);
user_pref(CT2260173.openUninstallPage, true);
user_pref(CT2260173.originalHomepage, hxxp://www.msn.com/);
user_pref(CT2260173.originalSearchAddressUrl, );
user_pref(CT2260173.originalSearchEngine, Google);
user_pref(CT2260173.originalSearchEngineName, Google);
user_pref(CT2260173.performedDomainChangesMigration, true);
user_pref(CT2260173.revertSettingsEnabled, false);
user_pref(CT2260173.search.searchAppId, 128848965243869715);
user_pref(CT2260173.search.searchCount, 2);
user_pref(CT2260173.searchFromAddressBarEnabledByUser, true);
user_pref(CT2260173.searchInNewTabEnabledByUser, true);
user_pref(CT2260173.searchInNewTabEnabledInHidden, true);
user_pref(CT2260173.searchRevert, false);
user_pref(CT2260173.searchSuggestEnabledByUser, true);
user_pref(CT2260173.searchUninstallUserMode, 4);
user_pref(CT2260173.searchUserMode, 4);
user_pref(CT2260173.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2260173.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2260173.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2260173.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2260173\});
user_pref(CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://SwagBucks.OurToolbar.com//xpi\});
user_pref(CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\Swag Bucks \});
user_pref(CT2260173.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2260173.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2260173.serviceLayer_services_Configuration_lastUpdate, 1397695952037);
user_pref(CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1393298425292);
user_pref(CT2260173.serviceLayer_services_appsMetadata_lastUpdate, 1393973332248);
user_pref(CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1393298425045);
user_pref(CT2260173.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate, 1393298424125);
user_pref(CT2260173.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate, 1393298425352);
user_pref(CT2260173.serviceLayer_services_login_10.23.0.722_lastUpdate, 1394342920087);
user_pref(CT2260173.serviceLayer_services_login_10.23.0.822_lastUpdate, 1395777973007);
user_pref(CT2260173.serviceLayer_services_login_10.29.0.520_lastUpdate, 1397695951803);
user_pref(CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1393298425149);
user_pref(CT2260173.serviceLayer_services_searchAPI_lastUpdate, 1397695951919);
user_pref(CT2260173.serviceLayer_services_serviceMap_lastUpdate, 1397695951233);
user_pref(CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate, 1393973332198);
user_pref(CT2260173.serviceLayer_services_toolbarSettings_lastUpdate, 1397695951363);
user_pref(CT2260173.serviceLayer_services_translation_lastUpdate, 1397695951729);
user_pref(CT2260173.settingsINI, true);
user_pref(CT2260173.shouldFirstTimeDialog, false);
user_pref(CT2260173.showToolbarPermission, false);
user_pref(CT2260173.smartbar.CTID, CT2260173);
user_pref(CT2260173.smartbar.Uninstall, 0);
user_pref(CT2260173.smartbar.homepage, true);
user_pref(CT2260173.smartbar.toolbarName, Swag Bucks );
user_pref(CT2260173.startPage, true);
user_pref(CT2260173.toolbarBornServerTime, 25-2-2014);
user_pref(CT2260173.toolbarCurrentServerTime, 17-4-2014);
user_pref(CT2260173.toolbarInstallDate, 24-02-2014 22:19:37);
user_pref(CT2260173.toolbarLoginClientTime, Mon Feb 24 2014 22:20:25 GMT-0500 (Eastern Standard Time));
user_pref(CT2260173.versionFromInstaller, 10.23.0.722);
user_pref(CT2260173.xpeMode, 1);
user_pref(CT2260173_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1397695947433,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, );
user_pref(Smartbar.ConduitSearchEngineList, );
user_pref(Smartbar.ConduitSearchUrlList, );
user_pref(Smartbar.TBHomepagesList, );
user_pref(Smartbar.TBSearchEngineList, );
user_pref(Smartbar.TBSearchUrlList, );
user_pref(Smartbar.keywordURLSelectedCTID, CT2260173);
user_pref(browser.search.hiddenOneOffs, AVG Secure Search);
user_pref(extensions.toolbar.mindspark.lastInstalled, [email protected]);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.AutoSearchEventData, auto%20search);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.ClearCacheDate, 1);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.DNSCatch, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.DisplayEULA, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.DnsCatchEventData, dns%20catch);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.FirstLaunchShown, true);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.LoadLayoutDate.62781, 1);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.NewTabSearchEventData, tab%20search);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.ShowRecommendedOptions, true);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.StateReportDate, 1417473292192);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.TopRightSearchEventData, top%20right%20search);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.beforeInstallSaved, true);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.homepage, www.msn.com);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.beforeinstall.search, Google);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.comp.affiliate.2810218.disabled, true);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.customNewTab, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.helpUsImprove, true);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.hideOthers, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.processAddrBar, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.restoreSearch, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.searchHistory, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.session, 72DD1955DE9F5948B86DC20727D6648BABA30CE06509226040386895C5EB19E76DDA2C45629ABF697807A8F6D2A758BC8104320523F9EBC
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.showFirstLaunchOptions, false);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.tb_lang, en);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.tool_id, 62781);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.user_id, 84439750);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.user_key, 3fe9c2d6174cb7b4e74ef149be3d86524f044286);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.user_layouts, 62781);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.user_lnames, Gamers%20Unite%21%20Snag%20Bar);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.xml_service_url, 64e3a27980eeceb34248bc3e680b4e63);
user_pref(freecauseafe43e800abc4df281a03fe44b74abe8.yahooSearch, false);
user_pref(plugin.state.npconduitfirefoxplugin, 2);
user_pref(smartbar.addressBarOwnerCTID, CT2260173);
user_pref(smartbar.conduitHomepageList, hxxp://search.conduit.com/?ctid=CT2260173&CUI=UN35002166852816615&UM=4&SearchSource=13);
user_pref(smartbar.conduitSearchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN35002166852816615&UM=4&q=,hxxp://search.condui
user_pref(smartbar.defaultSearchOwnerCTID, CT2260173);
user_pref(smartbar.homePageOwnerCTID, CT2260173);
user_pref(smartbar.homepageList, hxxp://search.conduit.com/?ctid=CT2260173&CUI=UN35002166852816615&UM=4&SearchSource=13);
user_pref(smartbar.machineId, S7NQAF/4EEIUUHG9OACAGQMMZE5TIBHURM4+FL1LCJUVVSDRMVGXRBTPYHUHLDCEBYJTFTAWC2JJKEJMDWLSCA);
user_pref(smartbar.searchAddressUrlList, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN35002166852816615&UM=4&q=,hxxp://search.conduit.com/R
user_pref(valueApps.CT2260173.mam_gk_currentVersion, 312E31332E302E3137);
user_pref(valueApps.CT2260173.mam_gk_currentVersion.storedInFile, false);
user_pref(valueApps.CT2260173.mam_gk_migrated_from_ls, 31);
user_pref(valueApps.CT2260173.mam_gk_migrated_from_ls.storedInFile, false);
user_pref(valueApps.CT2260173.mam_gk_userBornDate, 4E2F41);
user_pref(valueApps.CT2260173.mam_gk_userBornDate.storedInFile, false);
user_pref(valueApps.storage.mam_gk_userId, 33313263616537332D633334662D346165662D383861352D636131346466386530666332);
Emptied folder: C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\62sr11ei.default-1377043760093\minidumps [38 files]



~~~ Chrome


[C:\Users\Dave\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Dave\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Dave\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Dave\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/08/2015 at 17:29:31.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#9
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

aswMBR

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-08-08 16:48:56
-----------------------------
16:48:56.409    OS Version: Windows x64 6.1.7601 Service Pack 1
16:48:56.409    Number of processors: 2 586 0x603
16:48:56.409    ComputerName: DAVE-PC  UserName: Dave
16:48:59.077    Initialize success
16:48:59.092    VM: initialized successfully
16:48:59.092    VM: Amd CPU supported virtualized
16:49:03.881    AVAST engine defs: 15080801
16:49:21.260    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
16:49:21.275    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
16:49:21.353    Disk 0 MBR read successfully
16:49:21.353    Disk 0 MBR scan
16:49:21.369    Disk 0 unknown MBR code
16:49:21.697    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20000 MB offset 2048
16:49:21.728    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 40962048
16:49:21.728    Disk 0 default boot code
16:49:21.743    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       933767 MB offset 41166848
16:49:21.821    Disk 0 scanning C:\Windows\system32\drivers
16:49:29.950    Service scanning
16:49:50.370    Modules scanning
16:49:52.586    AVAST engine scan C:\Windows
16:49:57.437    AVAST engine scan C:\Windows\system32
16:52:29.693    AVAST engine scan C:\Windows\system32\drivers
16:52:42.672    AVAST engine scan C:\Users\Dave
17:08:11.117    AVAST engine scan C:\ProgramData
17:10:08.398    Disk 0 statistics 4196982/0/0 @ 2.03 MB/s
17:10:08.398    Scan finished successfully
17:14:44.175    Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
17:14:44.190    The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-08-08 17:32:19
-----------------------------
17:32:19.695    OS Version: Windows x64 6.1.7601 Service Pack 1
17:32:19.695    Number of processors: 2 586 0x603
17:32:19.695    ComputerName: DAVE-PC  UserName: Dave
17:32:23.564    Initialize success
17:32:23.720    VM: initialized successfully
17:32:23.720    VM: Amd CPU supported virtualized
17:32:27.401    AVAST engine defs: 15080801
17:32:37.697    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
17:32:37.697    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
17:32:37.900    Disk 0 MBR read successfully
17:32:37.900    Disk 0 MBR scan
17:32:37.900    Disk 0 unknown MBR code
17:32:39.788    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20000 MB offset 2048
17:32:39.850    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 40962048
17:32:39.866    Disk 0 default boot code
17:32:39.881    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       933767 MB offset 41166848
17:32:40.162    Disk 0 scanning C:\Windows\system32\drivers
17:33:05.715    Service scanning
17:33:26.416    Modules scanning
17:33:28.553    AVAST engine scan C:\Windows
17:34:37.926    AVAST engine scan C:\Windows\system32
17:44:06.099    AVAST engine scan C:\Windows\system32\drivers
17:47:07.792    AVAST engine scan C:\Users\Dave
18:00:37.102    Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
18:00:37.117    The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

 


  • 0

#10
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

ComboFix

 

ComboFix 15-08-08.01 - Dave 08/08/2015  18:09:03.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1599 [GMT -4:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\Documents\pubAAD5.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-08 to 2015-08-08  )))))))))))))))))))))))))))))))
.
.
2015-08-08 22:17 . 2015-08-08 22:17    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2015-08-08 22:17 . 2015-08-08 22:17    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-08-08 21:18 . 2015-08-08 21:20    --------    d-----w-    C:\AdwCleaner
2015-08-08 21:18 . 2015-08-08 21:18    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB0A162F-5EAF-4615-AA5D-100013EDA13A}\offreg.1516.dll
2015-08-08 16:45 . 2015-07-15 01:12    12222168    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB0A162F-5EAF-4615-AA5D-100013EDA13A}\mpengine.dll
2015-08-05 02:09 . 2015-08-08 17:33    --------    d-----w-    C:\FRST
2015-07-28 21:18 . 2015-07-25 18:04    726528    ----a-w-    c:\windows\system32\generaltel.dll
2015-07-28 21:18 . 2015-07-25 18:04    765440    ----a-w-    c:\windows\system32\invagent.dll
2015-07-28 21:18 . 2015-07-25 18:03    433664    ----a-w-    c:\windows\system32\devinv.dll
2015-07-28 21:18 . 2015-07-25 18:03    1085440    ----a-w-    c:\windows\system32\appraiser.dll
2015-07-28 21:18 . 2015-07-25 18:03    67584    ----a-w-    c:\windows\system32\acmigration.dll
2015-07-28 21:18 . 2015-07-25 17:55    1145856    ----a-w-    c:\windows\system32\aeinv.dll
2015-07-28 21:18 . 2015-07-25 18:07    17856    ----a-w-    c:\windows\system32\CompatTelRunner.exe
2015-07-28 21:18 . 2015-07-25 18:03    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-07-20 21:20 . 2015-07-15 03:19    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-07-20 21:20 . 2015-07-15 03:19    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-07-20 21:20 . 2015-07-15 01:59    372224    ----a-w-    c:\windows\system32\atmfd.dll
2015-07-20 21:20 . 2015-07-15 01:52    299008    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-07-20 21:20 . 2015-07-15 03:19    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-07-20 21:20 . 2015-07-15 03:19    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-07-20 21:20 . 2015-07-15 02:55    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-07-20 21:20 . 2015-07-15 02:55    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-07-20 21:20 . 2015-07-15 02:55    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-07-20 21:20 . 2015-07-15 02:54    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-07-20 13:53 . 2015-07-20 13:53    378880    ----a-w-    c:\windows\system32\aswBoot.exe
2015-07-20 13:53 . 2015-07-20 13:53    43112    ----a-w-    c:\windows\avastSS.scr
2015-07-16 00:03 . 2015-06-20 19:57    49664    ----a-w-    c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-07-15 23:59 . 2015-07-04 18:07    2087424    ----a-w-    c:\windows\system32\ole32.dll
2015-07-15 23:58 . 2015-07-01 20:49    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2015-07-10 13:39 . 2015-08-02 16:58    --------    d-----w-    C:\$Windows.~BT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-20 13:53 . 2014-09-11 09:07    150160    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-07-20 13:53 . 2014-09-11 08:59    274808    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-07-20 13:53 . 2012-03-24 03:08    447944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-07-20 13:53 . 2014-09-11 09:07    28656    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-07-20 13:53 . 2014-09-11 08:59    65224    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-07-20 13:53 . 2012-03-24 03:08    90968    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-07-20 13:53 . 2012-03-24 03:08    93528    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-07-20 13:52 . 2012-03-24 03:08    1048856    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-07-15 23:34 . 2012-03-31 03:09    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 23:34 . 2012-03-16 02:27    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 12:43 . 2012-05-14 23:07    130333168    ----a-w-    c:\windows\system32\MRT.exe
2015-06-23 17:30 . 2010-11-21 03:27    300704    ------w-    c:\windows\system32\MpSigStub.exe
2015-06-09 10:51 . 2013-08-03 02:23    627920    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-05-25 18:24 . 2015-06-09 18:58    5569984    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-09 18:58    1728960    ----a-w-    c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-09 18:58    243712    ----a-w-    c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-09 18:58    362496    ----a-w-    c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-09 18:58    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-09 18:58    215040    ----a-w-    c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-09 18:58    1255424    ----a-w-    c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-09 18:58    879104    ----a-w-    c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-09 18:58    503808    ----a-w-    c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-09 18:58    113664    ----a-w-    c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 18:58    50176    ----a-w-    c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-09 18:58    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-09 18:58    424960    ----a-w-    c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-09 18:58    1162752    ----a-w-    c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-09 18:58    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-09 18:58    879104    ----a-w-    c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-09 18:58    404992    ----a-w-    c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-09 18:58    47104    ----a-w-    c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-09 18:58    112640    ----a-w-    c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-09 18:58    296960    ----a-w-    c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-09 18:58    43008    ----a-w-    c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-09 18:58    104448    ----a-w-    c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-09 18:58    19456    ----a-w-    c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-09 18:58    338432    ----a-w-    c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-09 18:58    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-09 18:58    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-09 18:58    3989440    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-09 18:58    3934144    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-09 18:58    1310744    ----a-w-    c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-09 18:58    635392    ----a-w-    c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-09 18:58    43008    ----a-w-    c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-09 18:58    92160    ----a-w-    c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 18:58    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-09 18:58    641536    ----a-w-    c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-09 18:58    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-09 18:58    40448    ----a-w-    c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-09 18:58    364544    ----a-w-    c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-09 18:58    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-09 18:58    37888    ----a-w-    c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-09 18:58    82944    ----a-w-    c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-09 18:58    17408    ----a-w-    c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-09 18:58    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-09 18:58    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 18:58    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 14:08    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 14:08    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 14:08    1730264    ----a-w-    c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-08-08 7930136]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-11-07 4369952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"OOTag"="c:\program files (x86)\eMachines\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-20 6109776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-18 508800]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-11-07 4369952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DraftSight API Service;DraftSight API Service;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
R2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-06 06:32    995144    ----a-w-    c:\program files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 14:59    2335448    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 14:59    2335448    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 14:59    2335448    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-20 13:53    777544    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"OOTag"="c:\program files (x86)\eMachines\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.co...ast&type=odc179
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = https://www.yahoo.co...ast&type=odc179
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.yahoo...p={searchTerms}
mSearch Bar = https://www.yahoo.co...ast&type=odc179
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: NameServer = 82.163.143.151,82.163.142.153
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - ExtSQL: !HIDDEN! 2012-12-27 21:14; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Coupon Printer for Windows5.0.1.6 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-FlashBeat - c:\programdata\FlashBeat\SoftConfigTest.exe
AddRemove-Games Bot - c:\program files (x86)\Games Bot\uninstall.exe
AddRemove-{7AF56C9C-F827-41A9-9998-047116F688A4}_is1 - c:\windows\SysWOW64\First Verify\unins000.exe
AddRemove-DigitalSite - c:\users\Dave\AppData\Roaming\DIGITA~1\UpdateProc\UpdateTask.exe
AddRemove-Zip Extractor Packages - c:\users\Dave\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-08  18:20:36
ComboFix-quarantined-files.txt  2015-08-08 22:20
.
Pre-Run: 798,437,666,816 bytes free
Post-Run: 798,297,030,656 bytes free
.
- - End Of File - - 98C3C043E73460FDBD3CBB0E0ED73034
70E629B51C16B3C007730C6AE57144C9
 


  • 0

Advertisements


#11
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

TDSSKiller

 

 

18:25:31.0320 0x02f0  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:25:45.0765 0x02f0  ============================================================
18:25:45.0781 0x02f0  Current date / time: 2015/08/08 18:25:45.0765
18:25:45.0781 0x02f0  SystemInfo:
18:25:45.0781 0x02f0  
18:25:45.0781 0x02f0  OS Version: 6.1.7601 ServicePack: 1.0
18:25:45.0781 0x02f0  Product type: Workstation
18:25:45.0781 0x02f0  ComputerName: DAVE-PC
18:25:45.0781 0x02f0  UserName: Dave
18:25:45.0781 0x02f0  Windows directory: C:\Windows
18:25:45.0781 0x02f0  System windows directory: C:\Windows
18:25:45.0781 0x02f0  Running under WOW64
18:25:45.0781 0x02f0  Processor architecture: Intel x64
18:25:45.0781 0x02f0  Number of processors: 2
18:25:45.0781 0x02f0  Page size: 0x1000
18:25:45.0781 0x02f0  Boot type: Normal boot
18:25:45.0781 0x02f0  ============================================================
18:25:46.0935 0x02f0  KLMD registered as C:\Windows\system32\drivers\48351177.sys
18:25:47.0185 0x02f0  System UUID: {F3FB09E2-994B-45E1-0194-C52E37BA49C3}
18:25:47.0637 0x02f0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:25:47.0637 0x02f0  Drive \Device\Harddisk1\DR1 - Size: 0x3B880000 ( 0.93 Gb ), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:25:47.0653 0x02f0  ============================================================
18:25:47.0653 0x02f0  \Device\Harddisk0\DR0:
18:25:47.0653 0x02f0  MBR partitions:
18:25:47.0653 0x02f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000
18:25:47.0653 0x02f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x71FC3DB0
18:25:47.0653 0x02f0  \Device\Harddisk1\DR1:
18:25:47.0653 0x02f0  MBR partitions:
18:25:47.0653 0x02f0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x1DC37F
18:25:47.0653 0x02f0  ============================================================
18:25:47.0684 0x02f0  C: <-> \Device\Harddisk0\DR0\Partition2
18:25:47.0684 0x02f0  ============================================================
18:25:47.0684 0x02f0  Initialize success
18:25:47.0684 0x02f0  ============================================================
18:26:22.0769 0x1458  ============================================================
18:26:22.0769 0x1458  Scan started
18:26:22.0769 0x1458  Mode: Manual;
18:26:22.0769 0x1458  ============================================================
18:26:22.0769 0x1458  KSN ping started
18:26:26.0279 0x1458  KSN ping finished: true
18:26:27.0573 0x1458  ================ Scan system memory ========================
18:26:27.0573 0x1458  System memory - ok
18:26:27.0573 0x1458  ================ Scan services =============================
18:26:27.0651 0x1458  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:26:27.0667 0x1458  !SASCORE - ok
18:26:27.0839 0x1458  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:26:27.0854 0x1458  1394ohci - ok
18:26:27.0885 0x1458  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:26:27.0901 0x1458  ACPI - ok
18:26:27.0901 0x1458  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:26:27.0901 0x1458  AcpiPmi - ok
18:26:28.0010 0x1458  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:26:28.0010 0x1458  AdobeARMservice - ok
18:26:28.0119 0x1458  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:26:28.0135 0x1458  AdobeFlashPlayerUpdateSvc - ok
18:26:28.0166 0x1458  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:26:28.0182 0x1458  adp94xx - ok
18:26:28.0244 0x1458  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:26:28.0260 0x1458  adpahci - ok
18:26:28.0275 0x1458  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:26:28.0275 0x1458  adpu320 - ok
18:26:28.0307 0x1458  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:26:28.0322 0x1458  AeLookupSvc - ok
18:26:28.0353 0x1458  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:26:28.0369 0x1458  AFD - ok
18:26:28.0385 0x1458  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:26:28.0385 0x1458  agp440 - ok
18:26:28.0400 0x1458  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:26:28.0400 0x1458  ALG - ok
18:26:28.0431 0x1458  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:26:28.0431 0x1458  aliide - ok
18:26:28.0463 0x1458  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:26:28.0463 0x1458  amdide - ok
18:26:28.0525 0x1458  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:26:28.0525 0x1458  AmdK8 - ok
18:26:28.0587 0x1458  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:26:28.0587 0x1458  AmdPPM - ok
18:26:28.0634 0x1458  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:26:28.0634 0x1458  amdsata - ok
18:26:28.0681 0x1458  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:26:28.0681 0x1458  amdsbs - ok
18:26:28.0697 0x1458  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:26:28.0697 0x1458  amdxata - ok
18:26:28.0728 0x1458  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
18:26:28.0728 0x1458  AppID - ok
18:26:28.0743 0x1458  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:26:28.0743 0x1458  AppIDSvc - ok
18:26:28.0775 0x1458  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
18:26:28.0775 0x1458  Appinfo - ok
18:26:28.0837 0x1458  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:26:28.0837 0x1458  Apple Mobile Device - ok
18:26:28.0884 0x1458  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:26:28.0884 0x1458  arc - ok
18:26:28.0899 0x1458  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:26:28.0899 0x1458  arcsas - ok
18:26:28.0993 0x1458  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:26:29.0009 0x1458  aspnet_state - ok
18:26:29.0055 0x1458  [ 25863B5A3AC02DD35063D77C1F1415FF, F3F61F83CCF78F2FB3CD3DC66C28C1BE4D6D6F3C7440B6E5F7EEAC3739DB80DD ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
18:26:29.0055 0x1458  aswHwid - ok
18:26:29.0102 0x1458  [ 2894AC8C6159201940C8CD5B33CC5203, 4717301395100BD71B49451109AA29A58F702AF1E24C816CE5CC4320B6F3CA67 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:26:29.0118 0x1458  aswMonFlt - ok
18:26:29.0133 0x1458  [ C384DC3DDF65F3E011DFBDFDB500F89A, 0B15E09AE0DA51000B2AAF5DE6C5BBD7EBE4EB1DACB680A159AD9369CDA6D7D1 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:26:29.0133 0x1458  aswRdr - ok
18:26:29.0196 0x1458  [ 7F5ADFD9CA8EF06D020273B81BFFD731, 04A47F26DA3E507D9C984D7C737EC29B04AA88F68222FB4538BEA80D4D07D7FB ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:26:29.0196 0x1458  aswRvrt - ok
18:26:29.0274 0x1458  [ 441FF83841FEF24969A28B6971C061D5, 2183810CC9F1113B6A1795BF604183555174EBE5E0384182432DFBCB19CDB157 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:26:29.0305 0x1458  aswSnx - ok
18:26:29.0336 0x1458  [ 13E75FA8BF6403DC0F4248C648234D20, 70A3E176CEA71F961032DD65E8431A049C087A910C3470637759F78F7374C09E ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:26:29.0336 0x1458  aswSP - ok
18:26:29.0367 0x1458  [ 82F2525A22A380AA977428490AA849E3, 457F3D58B23BB61ED1BFA84B4CB2E12EE54C4BA7F9286F952E6632477EE9B548 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:26:29.0383 0x1458  aswStm - ok
18:26:29.0414 0x1458  [ 2F3F0B08EBF741FE22745BECC794CE34, 969C12129C9C9981BF20656057C05290E050B410E4ECF8405C020F9A23728099 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:26:29.0430 0x1458  aswVmm - ok
18:26:29.0445 0x1458  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:26:29.0445 0x1458  AsyncMac - ok
18:26:29.0461 0x1458  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:26:29.0461 0x1458  atapi - ok
18:26:29.0523 0x1458  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:26:29.0539 0x1458  AudioEndpointBuilder - ok
18:26:29.0555 0x1458  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:26:29.0570 0x1458  AudioSrv - ok
18:26:29.0633 0x1458  [ A97E144E84A665B22AE6E6A93E4DD465, 888D702B9B9E6C446AD7499571DAEAB072BEF141FF3300E74C6E538FA312BDCD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:26:29.0648 0x1458  avast! Antivirus - ok
18:26:29.0664 0x1458  AvastVBoxSvc - ok
18:26:29.0695 0x1458  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:26:29.0695 0x1458  AxInstSV - ok
18:26:29.0742 0x1458  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:26:29.0773 0x1458  b06bdrv - ok
18:26:29.0804 0x1458  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:26:29.0804 0x1458  b57nd60a - ok
18:26:29.0851 0x1458  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:26:29.0851 0x1458  BBSvc - ok
18:26:29.0867 0x1458  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:26:29.0867 0x1458  BDESVC - ok
18:26:29.0882 0x1458  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:26:29.0882 0x1458  Beep - ok
18:26:29.0929 0x1458  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:26:29.0945 0x1458  BFE - ok
18:26:29.0991 0x1458  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
18:26:30.0007 0x1458  BITS - ok
18:26:30.0023 0x1458  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:26:30.0023 0x1458  blbdrive - ok
18:26:30.0069 0x1458  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:26:30.0085 0x1458  Bonjour Service - ok
18:26:30.0101 0x1458  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:26:30.0101 0x1458  bowser - ok
18:26:30.0116 0x1458  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:26:30.0116 0x1458  BrFiltLo - ok
18:26:30.0132 0x1458  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:26:30.0132 0x1458  BrFiltUp - ok
18:26:30.0179 0x1458  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:26:30.0179 0x1458  BridgeMP - ok
18:26:30.0225 0x1458  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:26:30.0225 0x1458  Browser - ok
18:26:30.0241 0x1458  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:26:30.0257 0x1458  Brserid - ok
18:26:30.0272 0x1458  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:26:30.0272 0x1458  BrSerWdm - ok
18:26:30.0288 0x1458  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:26:30.0288 0x1458  BrUsbMdm - ok
18:26:30.0303 0x1458  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:26:30.0303 0x1458  BrUsbSer - ok
18:26:30.0303 0x1458  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:26:30.0303 0x1458  BTHMODEM - ok
18:26:30.0335 0x1458  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:26:30.0335 0x1458  bthserv - ok
18:26:30.0350 0x1458  catchme - ok
18:26:30.0366 0x1458  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:26:30.0366 0x1458  cdfs - ok
18:26:30.0381 0x1458  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:26:30.0381 0x1458  cdrom - ok
18:26:30.0413 0x1458  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:26:30.0413 0x1458  CertPropSvc - ok
18:26:30.0428 0x1458  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:26:30.0444 0x1458  circlass - ok
18:26:30.0475 0x1458  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:26:30.0475 0x1458  CLFS - ok
18:26:30.0662 0x1458  [ 39AD82B006786799438123A983AC795C, 7D63F9BBB9F925F042CF7CC6592940B82CF8204A68101D34DAA621C7E24344F2 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
18:26:30.0740 0x1458  ClickToRunSvc - ok
18:26:30.0803 0x1458  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:26:30.0803 0x1458  clr_optimization_v2.0.50727_32 - ok
18:26:30.0849 0x1458  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:26:30.0865 0x1458  clr_optimization_v2.0.50727_64 - ok
18:26:30.0927 0x1458  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:26:30.0927 0x1458  clr_optimization_v4.0.30319_32 - ok
18:26:30.0959 0x1458  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:26:30.0959 0x1458  clr_optimization_v4.0.30319_64 - ok
18:26:30.0990 0x1458  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:26:30.0990 0x1458  CmBatt - ok
18:26:31.0021 0x1458  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:26:31.0021 0x1458  cmdide - ok
18:26:31.0068 0x1458  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
18:26:31.0083 0x1458  CNG - ok
18:26:31.0099 0x1458  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:26:31.0099 0x1458  Compbatt - ok
18:26:31.0115 0x1458  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:26:31.0115 0x1458  CompositeBus - ok
18:26:31.0130 0x1458  COMSysApp - ok
18:26:31.0146 0x1458  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:26:31.0146 0x1458  crcdisk - ok
18:26:31.0193 0x1458  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:26:31.0208 0x1458  CryptSvc - ok
18:26:31.0317 0x1458  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:26:31.0349 0x1458  cvhsvc - ok
18:26:31.0380 0x1458  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:26:31.0395 0x1458  DcomLaunch - ok
18:26:31.0427 0x1458  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:26:31.0442 0x1458  defragsvc - ok
18:26:31.0458 0x1458  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:26:31.0458 0x1458  DfsC - ok
18:26:31.0489 0x1458  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:26:31.0489 0x1458  Dhcp - ok
18:26:31.0629 0x1458  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:26:31.0645 0x1458  DiagTrack - ok
18:26:31.0676 0x1458  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:26:31.0676 0x1458  discache - ok
18:26:31.0707 0x1458  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:26:31.0707 0x1458  Disk - ok
18:26:31.0739 0x1458  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:26:31.0739 0x1458  Dnscache - ok
18:26:31.0770 0x1458  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:26:31.0770 0x1458  dot3svc - ok
18:26:31.0785 0x1458  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:26:31.0785 0x1458  DPS - ok
18:26:31.0879 0x1458  [ 3B4273C47CFB4416A99F4B1DF80C9C16, 28F9A942F9E7030557BC2AC5DC91927C6B32E051C5ED052408FA2A3CA71F0E31 ] DraftSight API Service C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
18:26:31.0895 0x1458  DraftSight API Service - ok
18:26:31.0926 0x1458  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:26:31.0941 0x1458  drmkaud - ok
18:26:32.0019 0x1458  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:26:32.0035 0x1458  DXGKrnl - ok
18:26:32.0051 0x1458  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:26:32.0066 0x1458  EapHost - ok
18:26:32.0175 0x1458  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:26:32.0253 0x1458  ebdrv - ok
18:26:32.0285 0x1458  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS             C:\Windows\System32\lsass.exe
18:26:32.0285 0x1458  EFS - ok
18:26:32.0363 0x1458  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:26:32.0394 0x1458  ehRecvr - ok
18:26:32.0425 0x1458  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:26:32.0441 0x1458  ehSched - ok
18:26:32.0472 0x1458  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:26:32.0487 0x1458  elxstor - ok
18:26:32.0503 0x1458  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:26:32.0503 0x1458  ErrDev - ok
18:26:32.0534 0x1458  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:26:32.0550 0x1458  EventSystem - ok
18:26:32.0550 0x1458  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:26:32.0565 0x1458  exfat - ok
18:26:32.0581 0x1458  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:26:32.0597 0x1458  fastfat - ok
18:26:32.0612 0x1458  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:26:32.0643 0x1458  Fax - ok
18:26:32.0659 0x1458  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:26:32.0659 0x1458  fdc - ok
18:26:32.0675 0x1458  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:26:32.0675 0x1458  fdPHost - ok
18:26:32.0675 0x1458  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:26:32.0675 0x1458  FDResPub - ok
18:26:32.0690 0x1458  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:26:32.0706 0x1458  FileInfo - ok
18:26:32.0721 0x1458  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:26:32.0721 0x1458  Filetrace - ok
18:26:33.0002 0x1458  [ 4CA249A65FE29C960ADE8B6F5AC6DFDE, FF92711645A384A5462C8106ADFAC01A397CEE42A5764C7524F3BD93D605A6FB ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
18:26:33.0143 0x1458  Fitbit Connect - ok
18:26:33.0174 0x1458  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:26:33.0174 0x1458  flpydisk - ok
18:26:33.0205 0x1458  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:26:33.0205 0x1458  FltMgr - ok
18:26:33.0267 0x1458  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
18:26:33.0299 0x1458  FontCache - ok
18:26:33.0330 0x1458  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:26:33.0330 0x1458  FontCache3.0.0.0 - ok
18:26:33.0439 0x1458  [ 52B58A46BEEFB238C580B69FD051CB5B, 6C3B92F953DD55619BD6F0876850A441CAF7774EB873196F567F6A1C0D8CF182 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
18:26:33.0455 0x1458  ForceWare Intelligent Application Manager (IAM) - ok
18:26:33.0486 0x1458  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:26:33.0486 0x1458  FsDepends - ok
18:26:33.0501 0x1458  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:26:33.0501 0x1458  Fs_Rec - ok
18:26:33.0533 0x1458  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:26:33.0548 0x1458  fvevol - ok
18:26:33.0564 0x1458  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:26:33.0564 0x1458  gagp30kx - ok
18:26:33.0642 0x1458  [ CF4F970FB35A645D8643F7C3F1506A7A, DD68DAB35AB8515163F138D93840AB36C6C565B462B78E52F9C1392B59589B70 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
18:26:33.0657 0x1458  GamesAppIntegrationService - ok
18:26:33.0673 0x1458  [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:26:33.0673 0x1458  GamesAppService - ok
18:26:33.0704 0x1458  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:26:33.0720 0x1458  GEARAspiWDM - ok
18:26:33.0782 0x1458  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:26:33.0798 0x1458  gpsvc - ok
18:26:33.0829 0x1458  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
18:26:33.0829 0x1458  GREGService - ok
18:26:33.0891 0x1458  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:26:33.0907 0x1458  gupdate - ok
18:26:33.0923 0x1458  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:26:33.0923 0x1458  gupdatem - ok
18:26:33.0954 0x1458  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:26:33.0954 0x1458  gusvc - ok
18:26:33.0985 0x1458  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:26:33.0985 0x1458  hcw85cir - ok
18:26:34.0032 0x1458  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:26:34.0047 0x1458  HdAudAddService - ok
18:26:34.0063 0x1458  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:26:34.0063 0x1458  HDAudBus - ok
18:26:34.0079 0x1458  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:26:34.0079 0x1458  HidBatt - ok
18:26:34.0110 0x1458  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:26:34.0110 0x1458  HidBth - ok
18:26:34.0125 0x1458  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:26:34.0125 0x1458  HidIr - ok
18:26:34.0141 0x1458  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
18:26:34.0157 0x1458  hidserv - ok
18:26:34.0188 0x1458  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:26:34.0203 0x1458  HidUsb - ok
18:26:34.0203 0x1458  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:26:34.0219 0x1458  hkmsvc - ok
18:26:34.0235 0x1458  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:26:34.0235 0x1458  HomeGroupListener - ok
18:26:34.0266 0x1458  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:26:34.0266 0x1458  HomeGroupProvider - ok
18:26:34.0375 0x1458  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:26:34.0391 0x1458  hpqcxs08 - ok
18:26:34.0406 0x1458  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:26:34.0422 0x1458  hpqddsvc - ok
18:26:34.0437 0x1458  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:26:34.0437 0x1458  HpSAMD - ok
18:26:34.0484 0x1458  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:26:34.0515 0x1458  HPSLPSVC - ok
18:26:34.0547 0x1458  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:26:34.0547 0x1458  HTCAND64 - ok
18:26:34.0625 0x1458  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:26:34.0640 0x1458  HTTP - ok
18:26:34.0656 0x1458  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:26:34.0656 0x1458  hwpolicy - ok
18:26:34.0687 0x1458  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:26:34.0687 0x1458  i8042prt - ok
18:26:34.0718 0x1458  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:26:34.0734 0x1458  iaStorV - ok
18:26:34.0781 0x1458  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:26:34.0812 0x1458  idsvc - ok
18:26:34.0827 0x1458  IEEtwCollectorService - ok
18:26:34.0843 0x1458  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:26:34.0843 0x1458  iirsp - ok
18:26:34.0890 0x1458  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:26:34.0905 0x1458  IKEEXT - ok
18:26:35.0015 0x1458  [ 2E3B99E8C23BE2BF32EBE1DB5261F275, F78C556A5152568301E8F8A2B02B154D802448D5402AB916AF8F59A95FDF479D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:26:35.0061 0x1458  IntcAzAudAddService - ok
18:26:35.0093 0x1458  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:26:35.0093 0x1458  intelide - ok
18:26:35.0108 0x1458  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
18:26:35.0108 0x1458  intelppm - ok
18:26:35.0124 0x1458  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:26:35.0124 0x1458  IPBusEnum - ok
18:26:35.0155 0x1458  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:35.0155 0x1458  IpFilterDriver - ok
18:26:35.0186 0x1458  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:26:35.0202 0x1458  iphlpsvc - ok
18:26:35.0217 0x1458  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:26:35.0233 0x1458  IPMIDRV - ok
18:26:35.0233 0x1458  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:26:35.0249 0x1458  IPNAT - ok
18:26:35.0280 0x1458  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:26:35.0295 0x1458  iPod Service - ok
18:26:35.0311 0x1458  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:26:35.0311 0x1458  IRENUM - ok
18:26:35.0327 0x1458  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:26:35.0327 0x1458  isapnp - ok
18:26:35.0358 0x1458  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:26:35.0358 0x1458  iScsiPrt - ok
18:26:35.0373 0x1458  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:26:35.0389 0x1458  kbdclass - ok
18:26:35.0405 0x1458  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:26:35.0405 0x1458  kbdhid - ok
18:26:35.0420 0x1458  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso          C:\Windows\system32\lsass.exe
18:26:35.0420 0x1458  KeyIso - ok
18:26:35.0451 0x1458  [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:26:35.0451 0x1458  KSecDD - ok
18:26:35.0467 0x1458  [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:26:35.0467 0x1458  KSecPkg - ok
18:26:35.0483 0x1458  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:26:35.0483 0x1458  ksthunk - ok
18:26:35.0498 0x1458  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:26:35.0514 0x1458  KtmRm - ok
18:26:35.0545 0x1458  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:26:35.0545 0x1458  LanmanServer - ok
18:26:35.0561 0x1458  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:26:35.0576 0x1458  LanmanWorkstation - ok
18:26:35.0607 0x1458  [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
18:26:35.0623 0x1458  Live Updater Service - ok
18:26:35.0639 0x1458  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:26:35.0639 0x1458  lltdio - ok
18:26:35.0670 0x1458  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:26:35.0670 0x1458  lltdsvc - ok
18:26:35.0685 0x1458  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:26:35.0685 0x1458  lmhosts - ok
18:26:35.0717 0x1458  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:26:35.0717 0x1458  LSI_FC - ok
18:26:35.0732 0x1458  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:26:35.0732 0x1458  LSI_SAS - ok
18:26:35.0748 0x1458  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:26:35.0748 0x1458  LSI_SAS2 - ok
18:26:35.0763 0x1458  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:26:35.0763 0x1458  LSI_SCSI - ok
18:26:35.0779 0x1458  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:26:35.0779 0x1458  luafv - ok
18:26:35.0826 0x1458  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
18:26:35.0826 0x1458  MBAMSwissArmy - ok
18:26:35.0857 0x1458  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:26:35.0857 0x1458  Mcx2Svc - ok
18:26:35.0857 0x1458  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:26:35.0857 0x1458  megasas - ok
18:26:35.0888 0x1458  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:26:35.0888 0x1458  MegaSR - ok
18:26:35.0904 0x1458  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:26:35.0904 0x1458  MMCSS - ok
18:26:35.0919 0x1458  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:26:35.0919 0x1458  Modem - ok
18:26:35.0951 0x1458  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:26:35.0951 0x1458  monitor - ok
18:26:35.0966 0x1458  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:26:35.0966 0x1458  mouclass - ok
18:26:36.0013 0x1458  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:26:36.0013 0x1458  mouhid - ok
18:26:36.0044 0x1458  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:26:36.0044 0x1458  mountmgr - ok
18:26:36.0107 0x1458  [ 31A94358EF55B871B1B81ADE3ACEBFF9, 611E9502DC15733F37EEF8EA3D6DCD51434EACE3EBC204197E05A7B299FFC0D4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:26:36.0122 0x1458  MozillaMaintenance - ok
18:26:36.0153 0x1458  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:26:36.0153 0x1458  mpio - ok
18:26:36.0169 0x1458  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:26:36.0169 0x1458  mpsdrv - ok
18:26:36.0216 0x1458  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:26:36.0231 0x1458  MpsSvc - ok
18:26:36.0263 0x1458  [ 500AA519C22B9B039C4308267A002B06, 289BC2D4796B8EEAE83DF8F59109DD2DE899A86485C105A73E3C4B79D4E0B5DC ] mr7910          C:\Windows\system32\DRIVERS\mr7910.sys
18:26:36.0263 0x1458  mr7910 - ok
18:26:36.0294 0x1458  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:26:36.0294 0x1458  MRxDAV - ok
18:26:36.0325 0x1458  [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:36.0325 0x1458  mrxsmb - ok
18:26:36.0356 0x1458  [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:36.0356 0x1458  mrxsmb10 - ok
18:26:36.0372 0x1458  [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:36.0372 0x1458  mrxsmb20 - ok
18:26:36.0387 0x1458  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:26:36.0387 0x1458  msahci - ok
18:26:36.0419 0x1458  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:26:36.0419 0x1458  msdsm - ok
18:26:36.0434 0x1458  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:26:36.0434 0x1458  MSDTC - ok
18:26:36.0465 0x1458  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:26:36.0465 0x1458  Msfs - ok
18:26:36.0465 0x1458  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:26:36.0465 0x1458  mshidkmdf - ok
18:26:36.0481 0x1458  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:26:36.0497 0x1458  msisadrv - ok
18:26:36.0528 0x1458  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:26:36.0528 0x1458  MSiSCSI - ok
18:26:36.0543 0x1458  msiserver - ok
18:26:36.0575 0x1458  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:26:36.0575 0x1458  MSKSSRV - ok
18:26:36.0590 0x1458  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:36.0590 0x1458  MSPCLOCK - ok
18:26:36.0606 0x1458  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:26:36.0606 0x1458  MSPQM - ok
18:26:36.0637 0x1458  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:26:36.0653 0x1458  MsRPC - ok
18:26:36.0653 0x1458  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:26:36.0668 0x1458  mssmbios - ok
18:26:36.0668 0x1458  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:26:36.0668 0x1458  MSTEE - ok
18:26:36.0699 0x1458  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:26:36.0699 0x1458  MTConfig - ok
18:26:36.0699 0x1458  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:26:36.0699 0x1458  Mup - ok
18:26:36.0746 0x1458  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:26:36.0746 0x1458  napagent - ok
18:26:36.0793 0x1458  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:26:36.0793 0x1458  NativeWifiP - ok
18:26:36.0871 0x1458  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:26:36.0887 0x1458  NAUpdate - ok
18:26:36.0965 0x1458  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:26:36.0980 0x1458  NDIS - ok
18:26:37.0011 0x1458  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:26:37.0011 0x1458  NdisCap - ok
18:26:37.0027 0x1458  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:37.0027 0x1458  NdisTapi - ok
18:26:37.0043 0x1458  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:37.0043 0x1458  Ndisuio - ok
18:26:37.0058 0x1458  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:37.0058 0x1458  NdisWan - ok
18:26:37.0074 0x1458  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:26:37.0074 0x1458  NDProxy - ok
18:26:37.0136 0x1458  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:26:37.0152 0x1458  Net Driver HPZ12 - ok
18:26:37.0167 0x1458  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:26:37.0167 0x1458  NetBIOS - ok
18:26:37.0199 0x1458  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:26:37.0214 0x1458  NetBT - ok
18:26:37.0230 0x1458  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon        C:\Windows\system32\lsass.exe
18:26:37.0230 0x1458  Netlogon - ok
18:26:37.0261 0x1458  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:26:37.0277 0x1458  Netman - ok
18:26:37.0308 0x1458  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:37.0308 0x1458  NetMsmqActivator - ok
18:26:37.0308 0x1458  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:37.0323 0x1458  NetPipeActivator - ok
18:26:37.0339 0x1458  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:26:37.0339 0x1458  netprofm - ok
18:26:37.0355 0x1458  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:37.0355 0x1458  NetTcpActivator - ok
18:26:37.0370 0x1458  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:37.0370 0x1458  NetTcpPortSharing - ok
18:26:37.0386 0x1458  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:26:37.0386 0x1458  nfrd960 - ok
18:26:37.0417 0x1458  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:26:37.0433 0x1458  NlaSvc - ok
18:26:37.0589 0x1458  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:26:37.0651 0x1458  NOBU - ok
18:26:37.0667 0x1458  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:26:37.0667 0x1458  Npfs - ok
18:26:37.0682 0x1458  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:26:37.0682 0x1458  nsi - ok
18:26:37.0713 0x1458  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:26:37.0713 0x1458  nsiproxy - ok
18:26:37.0729 0x1458  [ 20E179A7FE78B37A02D30C4D34C870E7, 3E720CD52749E2F86897A89A2B7D3DE4C14255638111DB644C8F2C15174A6A2A ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
18:26:37.0745 0x1458  nSvcIp - ok
18:26:37.0838 0x1458  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:26:37.0885 0x1458  Ntfs - ok
18:26:37.0901 0x1458  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:26:37.0901 0x1458  Null - ok
18:26:37.0932 0x1458  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
18:26:37.0932 0x1458  NVENETFD - ok
18:26:38.0353 0x1458  [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:26:38.0681 0x1458  nvlddmkm - ok
18:26:38.0743 0x1458  [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
18:26:38.0743 0x1458  NVNET - ok
18:26:38.0774 0x1458  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:26:38.0790 0x1458  nvraid - ok
18:26:38.0805 0x1458  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:26:38.0805 0x1458  nvstor - ok
18:26:38.0837 0x1458  [ 1E45F96342429D63DC30E0D9117DA3D8, 3D6DB9514594377CACFD766F0153B8DCF51DDF4172864DAF589CB1EE480D2027 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
18:26:38.0837 0x1458  nvstor64 - ok
18:26:38.0883 0x1458  [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:26:38.0899 0x1458  nvsvc - ok
18:26:39.0039 0x1458  [ A3A25E0509F67473B960DAF214828BE3, F2EC38B82DF46E5765FD8976AA5A7043637AC716F56B17D6DC7524E774602DE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:26:39.0071 0x1458  nvUpdatusService - ok
18:26:39.0102 0x1458  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:26:39.0102 0x1458  nv_agp - ok
18:26:39.0117 0x1458  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:26:39.0117 0x1458  ohci1394 - ok
18:26:39.0164 0x1458  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:39.0164 0x1458  ose - ok
18:26:39.0383 0x1458  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:26:39.0492 0x1458  osppsvc - ok
18:26:39.0539 0x1458  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:26:39.0539 0x1458  p2pimsvc - ok
18:26:39.0570 0x1458  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:26:39.0570 0x1458  p2psvc - ok
18:26:39.0601 0x1458  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:26:39.0617 0x1458  Parport - ok
18:26:39.0632 0x1458  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:26:39.0632 0x1458  partmgr - ok
18:26:39.0663 0x1458  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:26:39.0663 0x1458  PcaSvc - ok
18:26:39.0679 0x1458  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:26:39.0695 0x1458  pci - ok
18:26:39.0710 0x1458  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:26:39.0710 0x1458  pciide - ok
18:26:39.0726 0x1458  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:26:39.0726 0x1458  pcmcia - ok
18:26:39.0741 0x1458  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:26:39.0741 0x1458  pcw - ok
18:26:39.0773 0x1458  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:26:39.0788 0x1458  PEAUTH - ok
18:26:39.0851 0x1458  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:26:39.0851 0x1458  PerfHost - ok
18:26:39.0913 0x1458  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:26:39.0944 0x1458  pla - ok
18:26:39.0975 0x1458  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:26:39.0991 0x1458  PlugPlay - ok
18:26:40.0022 0x1458  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:26:40.0038 0x1458  Pml Driver HPZ12 - ok
18:26:40.0038 0x1458  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:26:40.0053 0x1458  PNRPAutoReg - ok
18:26:40.0069 0x1458  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:26:40.0069 0x1458  PNRPsvc - ok
18:26:40.0116 0x1458  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:26:40.0116 0x1458  PolicyAgent - ok
18:26:40.0131 0x1458  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:26:40.0147 0x1458  Power - ok
18:26:40.0163 0x1458  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:26:40.0163 0x1458  PptpMiniport - ok
18:26:40.0178 0x1458  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:26:40.0178 0x1458  Processor - ok
18:26:40.0241 0x1458  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:26:40.0256 0x1458  ProfSvc - ok
18:26:40.0256 0x1458  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
18:26:40.0272 0x1458  ProtectedStorage - ok
18:26:40.0287 0x1458  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:26:40.0287 0x1458  Psched - ok
18:26:40.0365 0x1458  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:26:40.0397 0x1458  ql2300 - ok
18:26:40.0412 0x1458  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:26:40.0412 0x1458  ql40xx - ok
18:26:40.0443 0x1458  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:26:40.0443 0x1458  QWAVE - ok
18:26:40.0475 0x1458  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:26:40.0475 0x1458  QWAVEdrv - ok
18:26:40.0475 0x1458  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:26:40.0490 0x1458  RasAcd - ok
18:26:40.0537 0x1458  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:26:40.0537 0x1458  RasAgileVpn - ok
18:26:40.0553 0x1458  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:26:40.0553 0x1458  RasAuto - ok
18:26:40.0568 0x1458  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:40.0568 0x1458  Rasl2tp - ok
18:26:40.0584 0x1458  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:26:40.0599 0x1458  RasMan - ok
18:26:40.0615 0x1458  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:40.0615 0x1458  RasPppoe - ok
18:26:40.0631 0x1458  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:26:40.0631 0x1458  RasSstp - ok
18:26:40.0646 0x1458  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:26:40.0662 0x1458  rdbss - ok
18:26:40.0662 0x1458  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:26:40.0677 0x1458  rdpbus - ok
18:26:40.0677 0x1458  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:26:40.0693 0x1458  RDPCDD - ok
18:26:40.0709 0x1458  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:26:40.0709 0x1458  RDPENCDD - ok
18:26:40.0724 0x1458  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:26:40.0724 0x1458  RDPREFMP - ok
18:26:40.0755 0x1458  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:26:40.0771 0x1458  RDPWD - ok
18:26:40.0787 0x1458  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:26:40.0787 0x1458  rdyboost - ok
18:26:40.0802 0x1458  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:26:40.0802 0x1458  RemoteAccess - ok
18:26:40.0833 0x1458  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:26:40.0833 0x1458  RemoteRegistry - ok
18:26:40.0865 0x1458  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:26:40.0880 0x1458  RimUsb - ok
18:26:40.0896 0x1458  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:26:40.0911 0x1458  RpcEptMapper - ok
18:26:40.0927 0x1458  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:26:40.0943 0x1458  RpcLocator - ok
18:26:40.0958 0x1458  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
18:26:40.0974 0x1458  RpcSs - ok
18:26:41.0005 0x1458  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:26:41.0005 0x1458  rspndr - ok
18:26:41.0021 0x1458  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs           C:\Windows\system32\lsass.exe
18:26:41.0021 0x1458  SamSs - ok
18:26:41.0036 0x1458  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:26:41.0052 0x1458  SASDIFSV - ok
18:26:41.0052 0x1458  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:26:41.0052 0x1458  SASKUTIL - ok
18:26:41.0067 0x1458  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:26:41.0067 0x1458  sbp2port - ok
18:26:41.0099 0x1458  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:26:41.0114 0x1458  SCardSvr - ok
18:26:41.0130 0x1458  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:26:41.0130 0x1458  scfilter - ok
18:26:41.0161 0x1458  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:26:41.0192 0x1458  Schedule - ok
18:26:41.0223 0x1458  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:26:41.0223 0x1458  SCPolicySvc - ok
18:26:41.0239 0x1458  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:26:41.0239 0x1458  SDRSVC - ok
18:26:41.0301 0x1458  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:26:41.0317 0x1458  SeaPort - ok
18:26:41.0348 0x1458  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:26:41.0348 0x1458  secdrv - ok
18:26:41.0364 0x1458  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:26:41.0364 0x1458  seclogon - ok
18:26:41.0379 0x1458  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
18:26:41.0395 0x1458  SENS - ok
18:26:41.0411 0x1458  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:26:41.0411 0x1458  SensrSvc - ok
18:26:41.0442 0x1458  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:26:41.0442 0x1458  Serenum - ok
18:26:41.0457 0x1458  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:26:41.0473 0x1458  Serial - ok
18:26:41.0489 0x1458  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:26:41.0504 0x1458  sermouse - ok
18:26:41.0535 0x1458  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:26:41.0535 0x1458  SessionEnv - ok
18:26:41.0567 0x1458  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:26:41.0567 0x1458  sffdisk - ok
18:26:41.0567 0x1458  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:26:41.0567 0x1458  sffp_mmc - ok
18:26:41.0582 0x1458  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:26:41.0582 0x1458  sffp_sd - ok
18:26:41.0598 0x1458  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:26:41.0598 0x1458  sfloppy - ok
18:26:41.0645 0x1458  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:26:41.0660 0x1458  Sftfs - ok
18:26:41.0738 0x1458  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:26:41.0754 0x1458  sftlist - ok
18:26:41.0785 0x1458  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:26:41.0785 0x1458  Sftplay - ok
18:26:41.0801 0x1458  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:26:41.0801 0x1458  Sftredir - ok
18:26:41.0801 0x1458  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:26:41.0816 0x1458  Sftvol - ok
18:26:41.0816 0x1458  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:26:41.0832 0x1458  sftvsa - ok
18:26:41.0863 0x1458  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:26:41.0879 0x1458  SharedAccess - ok
18:26:41.0910 0x1458  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:26:41.0910 0x1458  ShellHWDetection - ok
18:26:41.0941 0x1458  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:26:41.0941 0x1458  SiSRaid2 - ok
18:26:41.0957 0x1458  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:26:41.0957 0x1458  SiSRaid4 - ok
18:26:41.0972 0x1458  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:26:41.0972 0x1458  Smb - ok
18:26:42.0003 0x1458  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:26:42.0003 0x1458  SNMPTRAP - ok
18:26:42.0019 0x1458  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:26:42.0019 0x1458  spldr - ok
18:26:42.0066 0x1458  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:26:42.0081 0x1458  Spooler - ok
18:26:42.0191 0x1458  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:26:42.0253 0x1458  sppsvc - ok
18:26:42.0269 0x1458  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:26:42.0284 0x1458  sppuinotify - ok
18:26:42.0315 0x1458  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:26:42.0331 0x1458  srv - ok
18:26:42.0347 0x1458  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:26:42.0362 0x1458  srv2 - ok
18:26:42.0378 0x1458  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:26:42.0378 0x1458  srvnet - ok
18:26:42.0393 0x1458  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:26:42.0409 0x1458  SSDPSRV - ok
18:26:42.0425 0x1458  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:26:42.0425 0x1458  SstpSvc - ok
18:26:42.0456 0x1458  [ A52DDA7F28FF685AD63D77FE0549707E, 2252E86329B9ED113F79DEA80315943314E1F6B73E146AB80A27D9120929E8A7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:26:42.0471 0x1458  Stereo Service - ok
18:26:42.0487 0x1458  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:26:42.0487 0x1458  stexstor - ok
18:26:42.0534 0x1458  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:26:42.0534 0x1458  StillCam - ok
18:26:42.0596 0x1458  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:26:42.0612 0x1458  stisvc - ok
18:26:42.0627 0x1458  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:26:42.0627 0x1458  swenum - ok
18:26:42.0659 0x1458  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:26:42.0674 0x1458  swprv - ok
18:26:42.0737 0x1458  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:26:42.0768 0x1458  SysMain - ok
18:26:42.0783 0x1458  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:26:42.0799 0x1458  TabletInputService - ok
18:26:42.0815 0x1458  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:26:42.0815 0x1458  TapiSrv - ok
18:26:42.0830 0x1458  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:26:42.0830 0x1458  TBS - ok
18:26:42.0939 0x1458  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:26:42.0986 0x1458  Tcpip - ok
18:26:43.0049 0x1458  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:26:43.0095 0x1458  TCPIP6 - ok
18:26:43.0127 0x1458  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:26:43.0127 0x1458  tcpipreg - ok
18:26:43.0158 0x1458  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:26:43.0158 0x1458  TDPIPE - ok
18:26:43.0173 0x1458  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:26:43.0173 0x1458  TDTCP - ok
18:26:43.0205 0x1458  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:26:43.0220 0x1458  tdx - ok
18:26:43.0220 0x1458  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:26:43.0220 0x1458  TermDD - ok
18:26:43.0267 0x1458  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:26:43.0283 0x1458  TermService - ok
18:26:43.0298 0x1458  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:26:43.0314 0x1458  Themes - ok
18:26:43.0329 0x1458  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:26:43.0329 0x1458  THREADORDER - ok
18:26:43.0345 0x1458  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:26:43.0361 0x1458  TrkWks - ok
18:26:43.0392 0x1458  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:26:43.0407 0x1458  TrustedInstaller - ok
18:26:43.0439 0x1458  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:43.0439 0x1458  tssecsrv - ok
18:26:43.0470 0x1458  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:26:43.0470 0x1458  TsUsbFlt - ok
18:26:43.0485 0x1458  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:26:43.0485 0x1458  TsUsbGD - ok
18:26:43.0517 0x1458  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:26:43.0517 0x1458  tunnel - ok
18:26:43.0532 0x1458  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:26:43.0532 0x1458  uagp35 - ok
18:26:43.0548 0x1458  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:26:43.0563 0x1458  udfs - ok
18:26:43.0595 0x1458  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:26:43.0595 0x1458  UI0Detect - ok
18:26:43.0610 0x1458  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:26:43.0610 0x1458  uliagpkx - ok
18:26:43.0626 0x1458  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:26:43.0626 0x1458  umbus - ok
18:26:43.0641 0x1458  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:26:43.0641 0x1458  UmPass - ok
18:26:43.0673 0x1458  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:26:43.0688 0x1458  upnphost - ok
18:26:43.0719 0x1458  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:26:43.0719 0x1458  USBAAPL64 - ok
18:26:43.0751 0x1458  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:43.0751 0x1458  usbccgp - ok
18:26:43.0782 0x1458  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:26:43.0782 0x1458  usbcir - ok
18:26:43.0813 0x1458  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:26:43.0813 0x1458  usbehci - ok
18:26:43.0844 0x1458  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:26:43.0860 0x1458  usbhub - ok
18:26:43.0875 0x1458  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:26:43.0875 0x1458  usbohci - ok
18:26:43.0891 0x1458  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:26:43.0891 0x1458  usbprint - ok
18:26:43.0907 0x1458  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:43.0922 0x1458  USBSTOR - ok
18:26:43.0938 0x1458  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:26:43.0938 0x1458  usbuhci - ok
18:26:43.0953 0x1458  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:26:43.0953 0x1458  UxSms - ok
18:26:43.0969 0x1458  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc        C:\Windows\system32\lsass.exe
18:26:43.0969 0x1458  VaultSvc - ok
18:26:44.0016 0x1458  VBoxAswDrv - ok
18:26:44.0047 0x1458  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:26:44.0047 0x1458  vdrvroot - ok
18:26:44.0094 0x1458  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:26:44.0094 0x1458  vds - ok
18:26:44.0109 0x1458  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:44.0109 0x1458  vga - ok
18:26:44.0125 0x1458  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:26:44.0125 0x1458  VgaSave - ok
18:26:44.0156 0x1458  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:26:44.0156 0x1458  vhdmp - ok
18:26:44.0187 0x1458  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:26:44.0187 0x1458  viaide - ok
18:26:44.0203 0x1458  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:26:44.0203 0x1458  volmgr - ok
18:26:44.0234 0x1458  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:26:44.0234 0x1458  volmgrx - ok
18:26:44.0250 0x1458  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:26:44.0265 0x1458  volsnap - ok
18:26:44.0281 0x1458  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:26:44.0281 0x1458  vsmraid - ok
18:26:44.0343 0x1458  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:26:44.0375 0x1458  VSS - ok
18:26:44.0390 0x1458  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:26:44.0390 0x1458  vwifibus - ok
18:26:44.0406 0x1458  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:26:44.0421 0x1458  W32Time - ok
18:26:44.0437 0x1458  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:26:44.0437 0x1458  WacomPen - ok
18:26:44.0468 0x1458  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:26:44.0468 0x1458  WANARP - ok
18:26:44.0484 0x1458  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:26:44.0484 0x1458  Wanarpv6 - ok
18:26:44.0671 0x1458  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:26:44.0718 0x1458  WatAdminSvc - ok
18:26:44.0811 0x1458  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:26:44.0843 0x1458  wbengine - ok
18:26:44.0858 0x1458  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:26:44.0874 0x1458  WbioSrvc - ok
18:26:44.0889 0x1458  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:26:44.0905 0x1458  wcncsvc - ok
18:26:44.0921 0x1458  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:26:44.0921 0x1458  WcsPlugInService - ok
18:26:44.0936 0x1458  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:26:44.0936 0x1458  Wd - ok
18:26:44.0983 0x1458  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:26:44.0999 0x1458  Wdf01000 - ok
18:26:45.0030 0x1458  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:26:45.0045 0x1458  WdiServiceHost - ok
18:26:45.0045 0x1458  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:26:45.0061 0x1458  WdiSystemHost - ok
18:26:45.0077 0x1458  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:26:45.0077 0x1458  WebClient - ok
18:26:45.0092 0x1458  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:26:45.0108 0x1458  Wecsvc - ok
18:26:45.0123 0x1458  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:26:45.0123 0x1458  wercplsupport - ok
18:26:45.0139 0x1458  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:26:45.0155 0x1458  WerSvc - ok
18:26:45.0155 0x1458  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:26:45.0155 0x1458  WfpLwf - ok
18:26:45.0170 0x1458  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:26:45.0170 0x1458  WIMMount - ok
18:26:45.0201 0x1458  WinDefend - ok
18:26:45.0201 0x1458  WinHttpAutoProxySvc - ok
18:26:45.0248 0x1458  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:26:45.0264 0x1458  Winmgmt - ok
18:26:45.0342 0x1458  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:26:45.0389 0x1458  WinRM - ok
18:26:45.0420 0x1458  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:26:45.0435 0x1458  WinUsb - ok
18:26:45.0467 0x1458  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:26:45.0498 0x1458  Wlansvc - ok
18:26:45.0529 0x1458  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:26:45.0529 0x1458  wlcrasvc - ok
18:26:45.0638 0x1458  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:26:45.0701 0x1458  wlidsvc - ok
18:26:45.0716 0x1458  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:26:45.0716 0x1458  WmiAcpi - ok
18:26:45.0747 0x1458  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:26:45.0747 0x1458  wmiApSrv - ok
18:26:45.0779 0x1458  WMPNetworkSvc - ok
18:26:45.0794 0x1458  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:26:45.0794 0x1458  WPCSvc - ok
18:26:45.0810 0x1458  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:26:45.0825 0x1458  WPDBusEnum - ok
18:26:45.0841 0x1458  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:26:45.0841 0x1458  ws2ifsl - ok
18:26:45.0857 0x1458  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
18:26:45.0857 0x1458  wscsvc - ok
18:26:45.0888 0x1458  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:26:45.0888 0x1458  WSDPrintDevice - ok
18:26:45.0903 0x1458  WSearch - ok
18:26:46.0028 0x1458  [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:26:46.0075 0x1458  wuauserv - ok
18:26:46.0106 0x1458  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:26:46.0106 0x1458  WudfPf - ok
18:26:46.0137 0x1458  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:46.0153 0x1458  WUDFRd - ok
18:26:46.0184 0x1458  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:26:46.0184 0x1458  wudfsvc - ok
18:26:46.0215 0x1458  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:26:46.0231 0x1458  WwanSvc - ok
18:26:46.0231 0x1458  ================ Scan global ===============================
18:26:46.0247 0x1458  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:26:46.0278 0x1458  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
18:26:46.0293 0x1458  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
18:26:46.0325 0x1458  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:26:46.0356 0x1458  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
18:26:46.0371 0x1458  [ Global ] - ok
18:26:46.0371 0x1458  ================ Scan MBR ==================================
18:26:46.0387 0x1458  [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
18:26:48.0509 0x1458  \Device\Harddisk0\DR0 - ok
18:26:48.0524 0x1458  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:26:48.0524 0x1458  \Device\Harddisk1\DR1 - ok
18:26:48.0524 0x1458  ================ Scan VBR ==================================
18:26:48.0540 0x1458  [ B7CAEC7C8BC77644351F08C502C2CB2A ] \Device\Harddisk0\DR0\Partition1
18:26:48.0571 0x1458  \Device\Harddisk0\DR0\Partition1 - ok
18:26:48.0602 0x1458  [ 80CE2CD362B2AC67F67980991AB1F004 ] \Device\Harddisk0\DR0\Partition2
18:26:48.0633 0x1458  \Device\Harddisk0\DR0\Partition2 - ok
18:26:48.0665 0x1458  [ 27BE7E5AA424DAEC97D7F03D30F1413A ] \Device\Harddisk1\DR1\Partition1
18:26:48.0665 0x1458  \Device\Harddisk1\DR1\Partition1 - ok
18:26:48.0665 0x1458  ================ Scan generic autorun ======================
18:26:48.0992 0x1458  [ 96922E3892E299FED3F2B82FD5DDB99F, 0F01DAC0F6B026653DE220494347212441B50340B7A8068A709BF6953D799B57 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:26:49.0211 0x1458  RtHDVCpl - ok
18:26:49.0257 0x1458  [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\eMachines\OOBEOffer\ootag.exe
18:26:49.0257 0x1458  OOTag - ok
18:26:49.0335 0x1458  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
18:26:49.0367 0x1458  Norton Online Backup - ok
18:26:49.0367 0x1458  [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe
18:26:49.0367 0x1458  OOTag - ok
18:26:49.0413 0x1458  [ 2EA4B2BC3260CF3D20F6A164B362F6D4, 04E9262329F7B326468B6E57502CBD600B6BFF578E63242404FF612C1DBD08DE ] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
18:26:49.0429 0x1458  Hotkey Utility - ok
18:26:49.0507 0x1458  [ 72860972F8196EBB3C896F53D2B95470, 95C046A66DD0089377867F073CADCE585B7C69CA23E724DCAD9D896BF01E023D ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
18:26:49.0523 0x1458  hpqSRMon - ok
18:26:49.0538 0x1458  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
18:26:49.0538 0x1458  HP Software Update - ok
18:26:49.0601 0x1458  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
18:26:49.0616 0x1458  iTunesHelper - ok
18:26:49.0835 0x1458  [ 799450710D1B09FAF0D220B4DA3BF431, EE77DE14BC91D9A26D08AF4507071BB13F9D7F835AE6616B7D313F4FAF877793 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:26:49.0944 0x1458  AvastUI.exe - ok
18:26:50.0037 0x1458  [ 9153F2335BCDB87F41559CF066223BF9, C0F89F9A63B1F49F007A971F5180128EC0AFBBBF7CFA82CA1FA44CB9DB5F8BB3 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:26:50.0069 0x1458  SunJavaUpdateSched - ok
18:26:50.0209 0x1458  [ A2D1941C1BDA0FE8628FE8EFF18AB797, 743B1492551C0927C01F473B50F386CFB00AD0CBFAADFEBFEE5F8DED616FC443 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
18:26:50.0287 0x1458  Fitbit Connect - ok
18:26:50.0552 0x1458  [ 52BB1038DE18319F9AAC7B3603522AE4, 33F9054C58F6768327740EDCEBDAA05E6DD0692CCCA6284E89E715C2459B666E ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
18:26:50.0693 0x1458  SUPERAntiSpyware - ok
18:26:50.0771 0x1458  [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
18:26:50.0786 0x1458  iCloudServices - ok
18:26:50.0942 0x1458  [ A2D1941C1BDA0FE8628FE8EFF18AB797, 743B1492551C0927C01F473B50F386CFB00AD0CBFAADFEBFEE5F8DED616FC443 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
18:26:51.0020 0x1458  Fitbit Connect - ok
18:26:51.0098 0x1458  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:26:51.0114 0x1458  Sidebar - ok
18:26:51.0145 0x1458  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:26:51.0145 0x1458  mctadmin - ok
18:26:51.0176 0x1458  [ 6E9DBF6B982AEA2EC6614F0B81AB2846, BEBD1E26E3C2810B19A71446A2CC5B9BD9436E802DD8CD0432DFC35BFF248593 ] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe
18:26:51.0192 0x1458  ScrSav - ok
18:26:51.0192 0x1458  Waiting for KSN requests completion. In queue: 60
18:26:52.0206 0x1458  Waiting for KSN requests completion. In queue: 60
18:26:53.0221 0x1458  Waiting for KSN requests completion. In queue: 60
18:26:54.0235 0x1458  Waiting for KSN requests completion. In queue: 60
18:26:55.0311 0x1458  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2223.1143 ), 0x42000 ( disabled : updated )
18:26:55.0342 0x1458  Win FW state via NFP2: enabled ( trusted )
18:26:58.0821 0x1458  ============================================================
18:26:58.0821 0x1458  Scan finished
18:26:58.0821 0x1458  ============================================================
18:26:58.0837 0x1244  Detected object count: 0
18:26:58.0837 0x1244  Actual detected object count: 0
18:28:12.0188 0x1738  ============================================================
18:28:12.0188 0x1738  Scan started
18:28:12.0188 0x1738  Mode: Manual; SigCheck; TDLFS;
18:28:12.0188 0x1738  ============================================================
18:28:12.0188 0x1738  KSN ping started
18:28:15.0682 0x1738  KSN ping finished: true
18:28:16.0291 0x1738  ================ Scan system memory ========================
18:28:16.0291 0x1738  System memory - ok
18:28:16.0291 0x1738  ================ Scan services =============================
18:28:16.0353 0x1738  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:28:16.0416 0x1738  !SASCORE - ok
18:28:16.0556 0x1738  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:28:16.0634 0x1738  1394ohci - ok
18:28:16.0665 0x1738  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:28:16.0681 0x1738  ACPI - ok
18:28:16.0696 0x1738  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:28:16.0728 0x1738  AcpiPmi - ok
18:28:16.0790 0x1738  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:28:16.0821 0x1738  AdobeARMservice - ok
18:28:16.0899 0x1738  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:28:16.0930 0x1738  AdobeFlashPlayerUpdateSvc - ok
18:28:16.0946 0x1738  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:28:16.0977 0x1738  adp94xx - ok
18:28:17.0008 0x1738  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:28:17.0024 0x1738  adpahci - ok
18:28:17.0040 0x1738  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:28:17.0055 0x1738  adpu320 - ok
18:28:17.0086 0x1738  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:28:17.0118 0x1738  AeLookupSvc - ok
18:28:17.0180 0x1738  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:28:17.0242 0x1738  AFD - ok
18:28:17.0258 0x1738  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:28:17.0274 0x1738  agp440 - ok
18:28:17.0289 0x1738  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:28:17.0305 0x1738  ALG - ok
18:28:17.0320 0x1738  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:28:17.0336 0x1738  aliide - ok
18:28:17.0352 0x1738  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:28:17.0352 0x1738  amdide - ok
18:28:17.0383 0x1738  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:28:17.0383 0x1738  AmdK8 - ok
18:28:17.0414 0x1738  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:28:17.0430 0x1738  AmdPPM - ok
18:28:17.0445 0x1738  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:28:17.0445 0x1738  amdsata - ok
18:28:17.0476 0x1738  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:28:17.0492 0x1738  amdsbs - ok
18:28:17.0508 0x1738  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:28:17.0523 0x1738  amdxata - ok
18:28:17.0539 0x1738  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
18:28:17.0586 0x1738  AppID - ok
18:28:17.0601 0x1738  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:28:17.0632 0x1738  AppIDSvc - ok
18:28:17.0664 0x1738  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
18:28:17.0710 0x1738  Appinfo - ok
18:28:17.0773 0x1738  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:28:17.0804 0x1738  Apple Mobile Device - ok
18:28:17.0835 0x1738  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:28:17.0851 0x1738  arc - ok
18:28:17.0866 0x1738  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:28:17.0882 0x1738  arcsas - ok
18:28:17.0960 0x1738  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:28:17.0991 0x1738  aspnet_state - ok
18:28:18.0022 0x1738  [ 25863B5A3AC02DD35063D77C1F1415FF, F3F61F83CCF78F2FB3CD3DC66C28C1BE4D6D6F3C7440B6E5F7EEAC3739DB80DD ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
18:28:18.0054 0x1738  aswHwid - ok
18:28:18.0085 0x1738  [ 2894AC8C6159201940C8CD5B33CC5203, 4717301395100BD71B49451109AA29A58F702AF1E24C816CE5CC4320B6F3CA67 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:28:18.0100 0x1738  aswMonFlt - ok
18:28:18.0100 0x1738  [ C384DC3DDF65F3E011DFBDFDB500F89A, 0B15E09AE0DA51000B2AAF5DE6C5BBD7EBE4EB1DACB680A159AD9369CDA6D7D1 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:28:18.0116 0x1738  aswRdr - ok
18:28:18.0132 0x1738  [ 7F5ADFD9CA8EF06D020273B81BFFD731, 04A47F26DA3E507D9C984D7C737EC29B04AA88F68222FB4538BEA80D4D07D7FB ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:28:18.0147 0x1738  aswRvrt - ok
18:28:18.0194 0x1738  [ 441FF83841FEF24969A28B6971C061D5, 2183810CC9F1113B6A1795BF604183555174EBE5E0384182432DFBCB19CDB157 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:28:18.0225 0x1738  aswSnx - ok
18:28:18.0256 0x1738  [ 13E75FA8BF6403DC0F4248C648234D20, 70A3E176CEA71F961032DD65E8431A049C087A910C3470637759F78F7374C09E ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:28:18.0272 0x1738  aswSP - ok
18:28:18.0303 0x1738  [ 82F2525A22A380AA977428490AA849E3, 457F3D58B23BB61ED1BFA84B4CB2E12EE54C4BA7F9286F952E6632477EE9B548 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:28:18.0319 0x1738  aswStm - ok
18:28:18.0366 0x1738  [ 2F3F0B08EBF741FE22745BECC794CE34, 969C12129C9C9981BF20656057C05290E050B410E4ECF8405C020F9A23728099 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:28:18.0397 0x1738  aswVmm - ok
18:28:18.0412 0x1738  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:18.0444 0x1738  AsyncMac - ok
18:28:18.0459 0x1738  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:28:18.0459 0x1738  atapi - ok
18:28:18.0506 0x1738  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:28:18.0553 0x1738  AudioEndpointBuilder - ok
18:28:18.0568 0x1738  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:28:18.0600 0x1738  AudioSrv - ok
18:28:18.0678 0x1738  [ A97E144E84A665B22AE6E6A93E4DD465, 888D702B9B9E6C446AD7499571DAEAB072BEF141FF3300E74C6E538FA312BDCD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:28:18.0709 0x1738  avast! Antivirus - ok
18:28:18.0709 0x1738  AvastVBoxSvc - ok
18:28:18.0740 0x1738  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:28:18.0771 0x1738  AxInstSV - ok
18:28:18.0818 0x1738  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:28:18.0849 0x1738  b06bdrv - ok
18:28:18.0880 0x1738  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:18.0896 0x1738  b57nd60a - ok
18:28:18.0943 0x1738  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:28:18.0958 0x1738  BBSvc - ok
18:28:18.0990 0x1738  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:28:19.0005 0x1738  BDESVC - ok
18:28:19.0021 0x1738  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:28:19.0068 0x1738  Beep - ok
18:28:19.0114 0x1738  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:28:19.0146 0x1738  BFE - ok
18:28:19.0177 0x1738  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
18:28:19.0255 0x1738  BITS - ok
18:28:19.0270 0x1738  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:28:19.0302 0x1738  blbdrive - ok
18:28:19.0333 0x1738  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:28:19.0348 0x1738  Bonjour Service - ok
18:28:19.0364 0x1738  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:28:19.0411 0x1738  bowser - ok
18:28:19.0426 0x1738  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:28:19.0426 0x1738  BrFiltLo - ok
18:28:19.0442 0x1738  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:28:19.0458 0x1738  BrFiltUp - ok
18:28:19.0489 0x1738  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:28:19.0520 0x1738  BridgeMP - ok
18:28:19.0551 0x1738  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:28:19.0567 0x1738  Browser - ok
18:28:19.0567 0x1738  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:28:19.0598 0x1738  Brserid - ok
18:28:19.0614 0x1738  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:19.0629 0x1738  BrSerWdm - ok
18:28:19.0645 0x1738  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:19.0660 0x1738  BrUsbMdm - ok
18:28:19.0676 0x1738  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:19.0692 0x1738  BrUsbSer - ok
18:28:19.0707 0x1738  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:28:19.0738 0x1738  BTHMODEM - ok
18:28:19.0770 0x1738  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:28:19.0816 0x1738  bthserv - ok
18:28:19.0832 0x1738  catchme - ok
18:28:19.0848 0x1738  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:28:19.0894 0x1738  cdfs - ok
18:28:19.0910 0x1738  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:28:19.0926 0x1738  cdrom - ok
18:28:19.0941 0x1738  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:28:19.0972 0x1738  CertPropSvc - ok
18:28:19.0988 0x1738  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:28:20.0004 0x1738  circlass - ok
18:28:20.0035 0x1738  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:28:20.0066 0x1738  CLFS - ok
18:28:20.0206 0x1738  [ 39AD82B006786799438123A983AC795C, 7D63F9BBB9F925F042CF7CC6592940B82CF8204A68101D34DAA621C7E24344F2 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
18:28:20.0284 0x1738  ClickToRunSvc - ok
18:28:20.0347 0x1738  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:20.0378 0x1738  clr_optimization_v2.0.50727_32 - ok
18:28:20.0425 0x1738  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:28:20.0440 0x1738  clr_optimization_v2.0.50727_64 - ok
18:28:20.0487 0x1738  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:20.0503 0x1738  clr_optimization_v4.0.30319_32 - ok
18:28:20.0518 0x1738  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:28:20.0534 0x1738  clr_optimization_v4.0.30319_64 - ok
18:28:20.0550 0x1738  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:28:20.0565 0x1738  CmBatt - ok
18:28:20.0596 0x1738  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:28:20.0612 0x1738  cmdide - ok
18:28:20.0643 0x1738  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
18:28:20.0674 0x1738  CNG - ok
18:28:20.0690 0x1738  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:28:20.0706 0x1738  Compbatt - ok
18:28:20.0721 0x1738  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:28:20.0737 0x1738  CompositeBus - ok
18:28:20.0752 0x1738  COMSysApp - ok
18:28:20.0752 0x1738  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:28:20.0768 0x1738  crcdisk - ok
18:28:20.0799 0x1738  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:28:20.0815 0x1738  CryptSvc - ok
18:28:20.0940 0x1738  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:28:20.0971 0x1738  cvhsvc - ok
18:28:21.0018 0x1738  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:28:21.0064 0x1738  DcomLaunch - ok
18:28:21.0096 0x1738  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:28:21.0127 0x1738  defragsvc - ok
18:28:21.0142 0x1738  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:28:21.0189 0x1738  DfsC - ok
18:28:21.0205 0x1738  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:28:21.0220 0x1738  Dhcp - ok
18:28:21.0283 0x1738  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:28:21.0345 0x1738  DiagTrack - ok
18:28:21.0392 0x1738  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:28:21.0454 0x1738  discache - ok
18:28:21.0470 0x1738  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:28:21.0486 0x1738  Disk - ok
18:28:21.0517 0x1738  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:28:21.0532 0x1738  Dnscache - ok
18:28:21.0564 0x1738  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:28:21.0595 0x1738  dot3svc - ok
18:28:21.0610 0x1738  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:28:21.0642 0x1738  DPS - ok
18:28:21.0704 0x1738  [ 3B4273C47CFB4416A99F4B1DF80C9C16, 28F9A942F9E7030557BC2AC5DC91927C6B32E051C5ED052408FA2A3CA71F0E31 ] DraftSight API Service C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
18:28:21.0735 0x1738  DraftSight API Service - detected UnsignedFile.Multi.Generic ( 1 )
18:28:21.0829 0x1738  DraftSight API Service ( UnsignedFile.Multi.Generic ) - warning
18:28:21.0829 0x1738  Force sending object to P2P due to detect: DraftSight API Service
18:28:26.0509 0x1738  Object send P2P result: true
18:28:30.0034 0x1738  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:28:30.0112 0x1738  drmkaud - ok
18:28:30.0206 0x1738  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:28:30.0237 0x1738  DXGKrnl - ok
18:28:30.0268 0x1738  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:28:30.0331 0x1738  EapHost - ok
18:28:30.0471 0x1738  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:28:30.0565 0x1738  ebdrv - ok
18:28:30.0612 0x1738  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS             C:\Windows\System32\lsass.exe
18:28:30.0627 0x1738  EFS - ok
18:28:30.0690 0x1738  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:28:30.0721 0x1738  ehRecvr - ok
18:28:30.0752 0x1738  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:28:30.0783 0x1738  ehSched - ok
18:28:30.0861 0x1738  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:28:30.0892 0x1738  elxstor - ok
18:28:30.0892 0x1738  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:28:30.0908 0x1738  ErrDev - ok
18:28:30.0939 0x1738  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:28:30.0986 0x1738  EventSystem - ok
18:28:31.0002 0x1738  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:28:31.0048 0x1738  exfat - ok
18:28:31.0064 0x1738  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:28:31.0095 0x1738  fastfat - ok
18:28:31.0126 0x1738  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:28:31.0173 0x1738  Fax - ok
18:28:31.0204 0x1738  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:28:31.0220 0x1738  fdc - ok
18:28:31.0236 0x1738  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:28:31.0267 0x1738  fdPHost - ok
18:28:31.0282 0x1738  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:28:31.0314 0x1738  FDResPub - ok
18:28:31.0329 0x1738  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:28:31.0345 0x1738  FileInfo - ok
18:28:31.0360 0x1738  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:28:31.0392 0x1738  Filetrace - ok
18:28:31.0626 0x1738  [ 4CA249A65FE29C960ADE8B6F5AC6DFDE, FF92711645A384A5462C8106ADFAC01A397CEE42A5764C7524F3BD93D605A6FB ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
18:28:31.0782 0x1738  Fitbit Connect - ok
18:28:31.0813 0x1738  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:28:31.0860 0x1738  flpydisk - ok
18:28:31.0891 0x1738  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:28:31.0906 0x1738  FltMgr - ok
18:28:31.0953 0x1738  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
18:28:32.0016 0x1738  FontCache - ok
18:28:32.0062 0x1738  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:32.0094 0x1738  FontCache3.0.0.0 - ok
18:28:32.0187 0x1738  [ 52B58A46BEEFB238C580B69FD051CB5B, 6C3B92F953DD55619BD6F0876850A441CAF7774EB873196F567F6A1C0D8CF182 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
18:28:32.0218 0x1738  ForceWare Intelligent Application Manager (IAM) - ok
18:28:32.0250 0x1738  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:28:32.0265 0x1738  FsDepends - ok
18:28:32.0281 0x1738  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:28:32.0296 0x1738  Fs_Rec - ok
18:28:32.0328 0x1738  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:28:32.0359 0x1738  fvevol - ok
18:28:32.0374 0x1738  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:28:32.0390 0x1738  gagp30kx - ok
18:28:32.0421 0x1738  [ CF4F970FB35A645D8643F7C3F1506A7A, DD68DAB35AB8515163F138D93840AB36C6C565B462B78E52F9C1392B59589B70 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
18:28:32.0452 0x1738  GamesAppIntegrationService - ok
18:28:32.0468 0x1738  [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:28:32.0484 0x1738  GamesAppService - ok
18:28:32.0515 0x1738  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:32.0515 0x1738  GEARAspiWDM - ok
18:28:32.0562 0x1738  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:28:32.0624 0x1738  gpsvc - ok
18:28:32.0671 0x1738  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
18:28:32.0702 0x1738  GREGService - ok
18:28:32.0749 0x1738  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:32.0780 0x1738  gupdate - ok
18:28:32.0780 0x1738  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:28:32.0796 0x1738  gupdatem - ok
18:28:32.0842 0x1738  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:28:32.0874 0x1738  gusvc - ok
18:28:32.0889 0x1738  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:28:32.0905 0x1738  hcw85cir - ok
18:28:32.0936 0x1738  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:28:32.0998 0x1738  HdAudAddService - ok
18:28:33.0030 0x1738  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:28:33.0045 0x1738  HDAudBus - ok
18:28:33.0061 0x1738  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:28:33.0076 0x1738  HidBatt - ok
18:28:33.0092 0x1738  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:28:33.0108 0x1738  HidBth - ok
18:28:33.0123 0x1738  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:28:33.0154 0x1738  HidIr - ok
18:28:33.0186 0x1738  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
18:28:33.0217 0x1738  hidserv - ok
18:28:33.0232 0x1738  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:28:33.0248 0x1738  HidUsb - ok
18:28:33.0264 0x1738  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:28:33.0326 0x1738  hkmsvc - ok
18:28:33.0357 0x1738  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:28:33.0388 0x1738  HomeGroupListener - ok
18:28:33.0420 0x1738  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:28:33.0435 0x1738  HomeGroupProvider - ok
18:28:33.0529 0x1738  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:28:33.0560 0x1738  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
18:28:33.0560 0x1738  Detect skipped due to KSN trusted
18:28:33.0560 0x1738  hpqcxs08 - ok
18:28:33.0576 0x1738  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:28:33.0591 0x1738  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
18:28:33.0591 0x1738  Detect skipped due to KSN trusted
18:28:33.0591 0x1738  hpqddsvc - ok
18:28:33.0622 0x1738  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:28:33.0638 0x1738  HpSAMD - ok
18:28:33.0685 0x1738  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:28:33.0732 0x1738  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
18:28:33.0732 0x1738  Detect skipped due to KSN trusted
18:28:33.0732 0x1738  HPSLPSVC - ok
18:28:33.0778 0x1738  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:28:33.0810 0x1738  HTCAND64 - ok
18:28:33.0856 0x1738  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:28:33.0903 0x1738  HTTP - ok
18:28:33.0934 0x1738  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:28:33.0950 0x1738  hwpolicy - ok
18:28:33.0950 0x1738  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:28:33.0966 0x1738  i8042prt - ok
18:28:33.0997 0x1738  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:28:34.0028 0x1738  iaStorV - ok
18:28:34.0075 0x1738  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:28:34.0106 0x1738  idsvc - ok
18:28:34.0122 0x1738  IEEtwCollectorService - ok
18:28:34.0137 0x1738  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:28:34.0137 0x1738  iirsp - ok
18:28:34.0184 0x1738  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:28:34.0246 0x1738  IKEEXT - ok
18:28:34.0324 0x1738  [ 2E3B99E8C23BE2BF32EBE1DB5261F275, F78C556A5152568301E8F8A2B02B154D802448D5402AB916AF8F59A95FDF479D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:28:34.0387 0x1738  IntcAzAudAddService - ok
18:28:34.0418 0x1738  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:28:34.0418 0x1738  intelide - ok
18:28:34.0449 0x1738  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
18:28:34.0465 0x1738  intelppm - ok
18:28:34.0480 0x1738  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:28:34.0527 0x1738  IPBusEnum - ok
18:28:34.0543 0x1738  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:34.0590 0x1738  IpFilterDriver - ok
18:28:34.0621 0x1738  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:28:34.0683 0x1738  iphlpsvc - ok
18:28:34.0683 0x1738  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:28:34.0699 0x1738  IPMIDRV - ok
18:28:34.0730 0x1738  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:28:34.0761 0x1738  IPNAT - ok
18:28:34.0808 0x1738  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:28:34.0839 0x1738  iPod Service - ok
18:28:34.0855 0x1738  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:28:34.0870 0x1738  IRENUM - ok
18:28:34.0886 0x1738  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:28:34.0886 0x1738  isapnp - ok
18:28:34.0917 0x1738  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:28:34.0933 0x1738  iScsiPrt - ok
18:28:34.0948 0x1738  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:28:34.0964 0x1738  kbdclass - ok
18:28:34.0980 0x1738  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:28:34.0995 0x1738  kbdhid - ok
18:28:35.0026 0x1738  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso          C:\Windows\system32\lsass.exe
18:28:35.0042 0x1738  KeyIso - ok
18:28:35.0058 0x1738  [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:28:35.0073 0x1738  KSecDD - ok
18:28:35.0089 0x1738  [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:28:35.0104 0x1738  KSecPkg - ok
18:28:35.0120 0x1738  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:28:35.0151 0x1738  ksthunk - ok
18:28:35.0182 0x1738  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:28:35.0229 0x1738  KtmRm - ok
18:28:35.0260 0x1738  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:28:35.0307 0x1738  LanmanServer - ok
18:28:35.0338 0x1738  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:28:35.0370 0x1738  LanmanWorkstation - ok
18:28:35.0416 0x1738  [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
18:28:35.0432 0x1738  Live Updater Service - ok
18:28:35.0448 0x1738  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:28:35.0479 0x1738  lltdio - ok
18:28:35.0494 0x1738  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:28:35.0572 0x1738  lltdsvc - ok
18:28:35.0588 0x1738  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:28:35.0619 0x1738  lmhosts - ok
18:28:35.0635 0x1738  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:28:35.0650 0x1738  LSI_FC - ok
18:28:35.0666 0x1738  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:28:35.0682 0x1738  LSI_SAS - ok
18:28:35.0697 0x1738  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:28:35.0713 0x1738  LSI_SAS2 - ok
18:28:35.0728 0x1738  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:28:35.0744 0x1738  LSI_SCSI - ok
18:28:35.0760 0x1738  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:28:35.0791 0x1738  luafv - ok
18:28:35.0822 0x1738  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
18:28:35.0838 0x1738  MBAMSwissArmy - ok
18:28:35.0869 0x1738  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:28:35.0884 0x1738  Mcx2Svc - ok
18:28:35.0900 0x1738  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:28:35.0916 0x1738  megasas - ok
18:28:35.0931 0x1738  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:28:35.0947 0x1738  MegaSR - ok
18:28:35.0962 0x1738  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:28:36.0009 0x1738  MMCSS - ok
18:28:36.0025 0x1738  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:28:36.0056 0x1738  Modem - ok
18:28:36.0072 0x1738  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:28:36.0087 0x1738  monitor - ok
18:28:36.0103 0x1738  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:28:36.0103 0x1738  mouclass - ok
18:28:36.0118 0x1738  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:28:36.0150 0x1738  mouhid - ok
18:28:36.0165 0x1738  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:28:36.0181 0x1738  mountmgr - ok
18:28:36.0212 0x1738  [ 31A94358EF55B871B1B81ADE3ACEBFF9, 611E9502DC15733F37EEF8EA3D6DCD51434EACE3EBC204197E05A7B299FFC0D4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:28:36.0228 0x1738  MozillaMaintenance - ok
18:28:36.0243 0x1738  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:28:36.0259 0x1738  mpio - ok
18:28:36.0274 0x1738  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:28:36.0306 0x1738  mpsdrv - ok
18:28:36.0352 0x1738  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:28:36.0415 0x1738  MpsSvc - ok
18:28:36.0462 0x1738  [ 500AA519C22B9B039C4308267A002B06, 289BC2D4796B8EEAE83DF8F59109DD2DE899A86485C105A73E3C4B79D4E0B5DC ] mr7910          C:\Windows\system32\DRIVERS\mr7910.sys
18:28:36.0493 0x1738  mr7910 - ok
18:28:36.0524 0x1738  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:28:36.0540 0x1738  MRxDAV - ok
18:28:36.0571 0x1738  [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:36.0602 0x1738  mrxsmb - ok
18:28:36.0618 0x1738  [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:36.0633 0x1738  mrxsmb10 - ok
18:28:36.0649 0x1738  [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:36.0664 0x1738  mrxsmb20 - ok
18:28:36.0696 0x1738  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:28:36.0696 0x1738  msahci - ok
18:28:36.0727 0x1738  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:28:36.0742 0x1738  msdsm - ok
18:28:36.0758 0x1738  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:28:36.0789 0x1738  MSDTC - ok
18:28:36.0820 0x1738  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:28:36.0867 0x1738  Msfs - ok
18:28:36.0898 0x1738  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:28:36.0930 0x1738  mshidkmdf - ok
18:28:36.0930 0x1738  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:28:36.0945 0x1738  msisadrv - ok
18:28:36.0976 0x1738  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:28:37.0008 0x1738  MSiSCSI - ok
18:28:37.0008 0x1738  msiserver - ok
18:28:37.0023 0x1738  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:28:37.0054 0x1738  MSKSSRV - ok
18:28:37.0070 0x1738  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:37.0101 0x1738  MSPCLOCK - ok
18:28:37.0132 0x1738  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:28:37.0164 0x1738  MSPQM - ok
18:28:37.0179 0x1738  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:28:37.0195 0x1738  MsRPC - ok
18:28:37.0210 0x1738  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:28:37.0226 0x1738  mssmbios - ok
18:28:37.0242 0x1738  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:28:37.0273 0x1738  MSTEE - ok
18:28:37.0288 0x1738  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:28:37.0304 0x1738  MTConfig - ok
18:28:37.0320 0x1738  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:28:37.0320 0x1738  Mup - ok
18:28:37.0351 0x1738  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:28:37.0413 0x1738  napagent - ok
18:28:37.0460 0x1738  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:28:37.0491 0x1738  NativeWifiP - ok
18:28:37.0585 0x1738  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:28:37.0600 0x1738  NAUpdate - ok
18:28:37.0663 0x1738  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:28:37.0694 0x1738  NDIS - ok
18:28:37.0725 0x1738  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:37.0772 0x1738  NdisCap - ok
18:28:37.0788 0x1738  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:37.0819 0x1738  NdisTapi - ok
18:28:37.0834 0x1738  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:37.0881 0x1738  Ndisuio - ok
18:28:37.0897 0x1738  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:37.0959 0x1738  NdisWan - ok
18:28:37.0990 0x1738  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:28:38.0022 0x1738  NDProxy - ok
18:28:38.0037 0x1738  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:28:38.0053 0x1738  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
18:28:38.0053 0x1738  Detect skipped due to KSN trusted
18:28:38.0053 0x1738  Net Driver HPZ12 - ok
18:28:38.0068 0x1738  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:28:38.0115 0x1738  NetBIOS - ok
18:28:38.0146 0x1738  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:28:38.0178 0x1738  NetBT - ok
18:28:38.0193 0x1738  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon        C:\Windows\system32\lsass.exe
18:28:38.0209 0x1738  Netlogon - ok
18:28:38.0256 0x1738  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:28:38.0302 0x1738  Netman - ok
18:28:38.0334 0x1738  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:38.0349 0x1738  NetMsmqActivator - ok
18:28:38.0365 0x1738  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:38.0380 0x1738  NetPipeActivator - ok
18:28:38.0396 0x1738  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:28:38.0443 0x1738  netprofm - ok
18:28:38.0443 0x1738  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:38.0458 0x1738  NetTcpActivator - ok
18:28:38.0490 0x1738  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:38.0505 0x1738  NetTcpPortSharing - ok
18:28:38.0536 0x1738  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:28:38.0552 0x1738  nfrd960 - ok
18:28:38.0614 0x1738  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:28:38.0646 0x1738  NlaSvc - ok
18:28:38.0786 0x1738  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:28:38.0880 0x1738  NOBU - ok
18:28:38.0895 0x1738  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:28:38.0942 0x1738  Npfs - ok
18:28:38.0958 0x1738  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:28:38.0989 0x1738  nsi - ok
18:28:39.0020 0x1738  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:28:39.0051 0x1738  nsiproxy - ok
18:28:39.0067 0x1738  [ 20E179A7FE78B37A02D30C4D34C870E7, 3E720CD52749E2F86897A89A2B7D3DE4C14255638111DB644C8F2C15174A6A2A ] nSvcIp          C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
18:28:39.0082 0x1738  nSvcIp - ok
18:28:39.0160 0x1738  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:28:39.0207 0x1738  Ntfs - ok
18:28:39.0223 0x1738  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:28:39.0254 0x1738  Null - ok
18:28:39.0285 0x1738  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
18:28:39.0301 0x1738  NVENETFD - ok
18:28:39.0691 0x1738  [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:28:40.0096 0x1738  nvlddmkm - ok
18:28:40.0174 0x1738  [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
18:28:40.0190 0x1738  NVNET - ok
18:28:40.0221 0x1738  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:28:40.0237 0x1738  nvraid - ok
18:28:40.0252 0x1738  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:28:40.0268 0x1738  nvstor - ok
18:28:40.0284 0x1738  [ 1E45F96342429D63DC30E0D9117DA3D8, 3D6DB9514594377CACFD766F0153B8DCF51DDF4172864DAF589CB1EE480D2027 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
18:28:40.0299 0x1738  nvstor64 - ok
18:28:40.0346 0x1738  [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:28:40.0377 0x1738  nvsvc - ok
18:28:40.0486 0x1738  [ A3A25E0509F67473B960DAF214828BE3, F2EC38B82DF46E5765FD8976AA5A7043637AC716F56B17D6DC7524E774602DE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:28:40.0533 0x1738  nvUpdatusService - ok
18:28:40.0564 0x1738  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:28:40.0580 0x1738  nv_agp - ok
18:28:40.0596 0x1738  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:28:40.0611 0x1738  ohci1394 - ok
18:28:40.0658 0x1738  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:28:40.0674 0x1738  ose - ok
18:28:40.0908 0x1738  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:28:41.0048 0x1738  osppsvc - ok
18:28:41.0095 0x1738  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:28:41.0126 0x1738  p2pimsvc - ok
18:28:41.0142 0x1738  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:28:41.0173 0x1738  p2psvc - ok
18:28:41.0220 0x1738  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:28:41.0235 0x1738  Parport - ok
18:28:41.0266 0x1738  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:28:41.0282 0x1738  partmgr - ok
18:28:41.0313 0x1738  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:28:41.0329 0x1738  PcaSvc - ok
18:28:41.0344 0x1738  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:28:41.0360 0x1738  pci - ok
18:28:41.0376 0x1738  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:28:41.0391 0x1738  pciide - ok
18:28:41.0407 0x1738  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:28:41.0422 0x1738  pcmcia - ok
18:28:41.0438 0x1738  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:28:41.0454 0x1738  pcw - ok
18:28:41.0469 0x1738  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:28:41.0500 0x1738  PEAUTH - ok
18:28:41.0563 0x1738  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:28:41.0578 0x1738  PerfHost - ok
18:28:41.0641 0x1738  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:28:41.0734 0x1738  pla - ok
18:28:41.0797 0x1738  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:28:41.0844 0x1738  PlugPlay - ok
18:28:41.0875 0x1738  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:28:41.0906 0x1738  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
18:28:41.0906 0x1738  Detect skipped due to KSN trusted
18:28:41.0906 0x1738  Pml Driver HPZ12 - ok
18:28:41.0922 0x1738  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:28:41.0937 0x1738  PNRPAutoReg - ok
18:28:41.0968 0x1738  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:28:42.0000 0x1738  PNRPsvc - ok
18:28:42.0031 0x1738  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:28:42.0078 0x1738  PolicyAgent - ok
18:28:42.0124 0x1738  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:28:42.0156 0x1738  Power - ok
18:28:42.0171 0x1738  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:28:42.0202 0x1738  PptpMiniport - ok
18:28:42.0218 0x1738  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:28:42.0234 0x1738  Processor - ok
18:28:42.0265 0x1738  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:28:42.0296 0x1738  ProfSvc - ok
18:28:42.0327 0x1738  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:42.0343 0x1738  ProtectedStorage - ok
18:28:42.0358 0x1738  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:28:42.0405 0x1738  Psched - ok
18:28:42.0468 0x1738  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:28:42.0514 0x1738  ql2300 - ok
18:28:42.0530 0x1738  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:28:42.0546 0x1738  ql40xx - ok
18:28:42.0561 0x1738  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:28:42.0592 0x1738  QWAVE - ok
18:28:42.0608 0x1738  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:28:42.0624 0x1738  QWAVEdrv - ok
18:28:42.0639 0x1738  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:28:42.0686 0x1738  RasAcd - ok
18:28:42.0733 0x1738  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:42.0764 0x1738  RasAgileVpn - ok
18:28:42.0780 0x1738  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:28:42.0811 0x1738  RasAuto - ok
18:28:42.0842 0x1738  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:42.0873 0x1738  Rasl2tp - ok
18:28:42.0904 0x1738  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:28:42.0951 0x1738  RasMan - ok
18:28:42.0967 0x1738  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:43.0029 0x1738  RasPppoe - ok
18:28:43.0045 0x1738  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:28:43.0092 0x1738  RasSstp - ok
18:28:43.0123 0x1738  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:28:43.0154 0x1738  rdbss - ok
18:28:43.0170 0x1738  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:28:43.0185 0x1738  rdpbus - ok
18:28:43.0201 0x1738  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:43.0232 0x1738  RDPCDD - ok
18:28:43.0248 0x1738  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:28:43.0279 0x1738  RDPENCDD - ok
18:28:43.0294 0x1738  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:28:43.0326 0x1738  RDPREFMP - ok
18:28:43.0357 0x1738  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:28:43.0372 0x1738  RDPWD - ok
18:28:43.0388 0x1738  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:28:43.0404 0x1738  rdyboost - ok
18:28:43.0419 0x1738  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:28:43.0466 0x1738  RemoteAccess - ok
18:28:43.0482 0x1738  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:28:43.0528 0x1738  RemoteRegistry - ok
18:28:43.0560 0x1738  [ 5790BCA445CC40DF8B38C2C48608AAC2, E8CC273ECF44B6638FEC7AF443745C04E03580B5C6ECFE45648F18BA2B9B89E7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:28:43.0606 0x1738  RimUsb - ok
18:28:43.0638 0x1738  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:28:43.0684 0x1738  RpcEptMapper - ok
18:28:43.0716 0x1738  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:28:43.0716 0x1738  RpcLocator - ok
18:28:43.0747 0x1738  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
18:28:43.0778 0x1738  RpcSs - ok
18:28:43.0809 0x1738  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:28:43.0840 0x1738  rspndr - ok
18:28:43.0856 0x1738  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs           C:\Windows\system32\lsass.exe
18:28:43.0872 0x1738  SamSs - ok
18:28:43.0887 0x1738  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:28:43.0903 0x1738  SASDIFSV - ok
18:28:43.0903 0x1738  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:28:43.0918 0x1738  SASKUTIL - ok
18:28:43.0934 0x1738  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:28:43.0950 0x1738  sbp2port - ok
18:28:43.0965 0x1738  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:28:44.0012 0x1738  SCardSvr - ok
18:28:44.0012 0x1738  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:28:44.0043 0x1738  scfilter - ok
18:28:44.0090 0x1738  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:28:44.0137 0x1738  Schedule - ok
18:28:44.0168 0x1738  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:28:44.0199 0x1738  SCPolicySvc - ok
18:28:44.0230 0x1738  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:28:44.0262 0x1738  SDRSVC - ok
18:28:44.0340 0x1738  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:28:44.0371 0x1738  SeaPort - ok
18:28:44.0402 0x1738  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:28:44.0433 0x1738  secdrv - ok
18:28:44.0464 0x1738  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:28:44.0511 0x1738  seclogon - ok
18:28:44.0527 0x1738  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
18:28:44.0574 0x1738  SENS - ok
18:28:44.0589 0x1738  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:28:44.0605 0x1738  SensrSvc - ok
18:28:44.0620 0x1738  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:28:44.0636 0x1738  Serenum - ok
18:28:44.0636 0x1738  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:28:44.0667 0x1738  Serial - ok
18:28:44.0683 0x1738  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:28:44.0698 0x1738  sermouse - ok
18:28:44.0730 0x1738  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:28:44.0776 0x1738  SessionEnv - ok
18:28:44.0792 0x1738  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:28:44.0808 0x1738  sffdisk - ok
18:28:44.0808 0x1738  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:28:44.0823 0x1738  sffp_mmc - ok
18:28:44.0839 0x1738  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:28:44.0854 0x1738  sffp_sd - ok
18:28:44.0870 0x1738  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:28:44.0886 0x1738  sfloppy - ok
18:28:44.0964 0x1738  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
18:28:44.0995 0x1738  Sftfs - ok
18:28:45.0073 0x1738  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:28:45.0104 0x1738  sftlist - ok
18:28:45.0135 0x1738  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:28:45.0151 0x1738  Sftplay - ok
18:28:45.0151 0x1738  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:28:45.0166 0x1738  Sftredir - ok
18:28:45.0166 0x1738  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
18:28:45.0182 0x1738  Sftvol - ok
18:28:45.0198 0x1738  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:28:45.0213 0x1738  sftvsa - ok
18:28:45.0244 0x1738  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:28:45.0291 0x1738  SharedAccess - ok
18:28:45.0322 0x1738  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:28:45.0369 0x1738  ShellHWDetection - ok
18:28:45.0400 0x1738  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:28:45.0416 0x1738  SiSRaid2 - ok
18:28:45.0432 0x1738  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:28:45.0447 0x1738  SiSRaid4 - ok
18:28:45.0463 0x1738  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:28:45.0494 0x1738  Smb - ok
18:28:45.0525 0x1738  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:28:45.0556 0x1738  SNMPTRAP - ok
18:28:45.0572 0x1738  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:28:45.0588 0x1738  spldr - ok
18:28:45.0619 0x1738  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:28:45.0650 0x1738  Spooler - ok
18:28:45.0759 0x1738  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:28:45.0868 0x1738  sppsvc - ok
18:28:45.0884 0x1738  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:28:45.0931 0x1738  sppuinotify - ok
18:28:45.0962 0x1738  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:28:46.0009 0x1738  srv - ok
18:28:46.0040 0x1738  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:28:46.0056 0x1738  srv2 - ok
18:28:46.0071 0x1738  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:28:46.0102 0x1738  srvnet - ok
18:28:46.0149 0x1738  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:28:46.0180 0x1738  SSDPSRV - ok
18:28:46.0196 0x1738  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:28:46.0243 0x1738  SstpSvc - ok
18:28:46.0258 0x1738  [ A52DDA7F28FF685AD63D77FE0549707E, 2252E86329B9ED113F79DEA80315943314E1F6B73E146AB80A27D9120929E8A7 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:28:46.0290 0x1738  Stereo Service - ok
18:28:46.0305 0x1738  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:28:46.0321 0x1738  stexstor - ok
18:28:46.0336 0x1738  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:28:46.0368 0x1738  StillCam - ok
18:28:46.0446 0x1738  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:28:46.0492 0x1738  stisvc - ok
18:28:46.0508 0x1738  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:28:46.0524 0x1738  swenum - ok
18:28:46.0555 0x1738  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:28:46.0617 0x1738  swprv - ok
18:28:46.0680 0x1738  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:28:46.0726 0x1738  SysMain - ok
18:28:46.0742 0x1738  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:28:46.0773 0x1738  TabletInputService - ok
18:28:46.0804 0x1738  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:28:46.0836 0x1738  TapiSrv - ok
18:28:46.0851 0x1738  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:28:46.0898 0x1738  TBS - ok
18:28:46.0976 0x1738  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:28:47.0023 0x1738  Tcpip - ok
18:28:47.0085 0x1738  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:28:47.0132 0x1738  TCPIP6 - ok
18:28:47.0163 0x1738  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:28:47.0179 0x1738  tcpipreg - ok
18:28:47.0210 0x1738  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:28:47.0241 0x1738  TDPIPE - ok
18:28:47.0272 0x1738  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:28:47.0288 0x1738  TDTCP - ok
18:28:47.0304 0x1738  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:28:47.0319 0x1738  tdx - ok
18:28:47.0335 0x1738  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:28:47.0350 0x1738  TermDD - ok
18:28:47.0397 0x1738  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:28:47.0428 0x1738  TermService - ok
18:28:47.0444 0x1738  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:28:47.0460 0x1738  Themes - ok
18:28:47.0491 0x1738  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:28:47.0522 0x1738  THREADORDER - ok
18:28:47.0538 0x1738  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:28:47.0584 0x1738  TrkWks - ok
18:28:47.0647 0x1738  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:28:47.0709 0x1738  TrustedInstaller - ok
18:28:47.0756 0x1738  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:47.0772 0x1738  tssecsrv - ok
18:28:47.0787 0x1738  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:28:47.0818 0x1738  TsUsbFlt - ok
18:28:47.0834 0x1738  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:28:47.0850 0x1738  TsUsbGD - ok
18:28:47.0865 0x1738  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:28:47.0896 0x1738  tunnel - ok
18:28:47.0896 0x1738  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:28:47.0912 0x1738  uagp35 - ok
18:28:47.0943 0x1738  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:28:47.0990 0x1738  udfs - ok
18:28:48.0006 0x1738  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:28:48.0052 0x1738  UI0Detect - ok
18:28:48.0068 0x1738  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:28:48.0084 0x1738  uliagpkx - ok
18:28:48.0099 0x1738  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:28:48.0115 0x1738  umbus - ok
18:28:48.0115 0x1738  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:28:48.0130 0x1738  UmPass - ok
18:28:48.0162 0x1738  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:28:48.0208 0x1738  upnphost - ok
18:28:48.0240 0x1738  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:28:48.0255 0x1738  USBAAPL64 - ok
18:28:48.0271 0x1738  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:48.0286 0x1738  usbccgp - ok
18:28:48.0318 0x1738  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:28:48.0333 0x1738  usbcir - ok
18:28:48.0364 0x1738  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:28:48.0380 0x1738  usbehci - ok
18:28:48.0411 0x1738  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:28:48.0427 0x1738  usbhub - ok
18:28:48.0458 0x1738  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:28:48.0474 0x1738  usbohci - ok
18:28:48.0489 0x1738  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:28:48.0505 0x1738  usbprint - ok
18:28:48.0520 0x1738  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:28:48.0536 0x1738  USBSTOR - ok
18:28:48.0567 0x1738  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:28:48.0583 0x1738  usbuhci - ok
18:28:48.0583 0x1738  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:28:48.0645 0x1738  UxSms - ok
18:28:48.0661 0x1738  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc        C:\Windows\system32\lsass.exe
18:28:48.0676 0x1738  VaultSvc - ok
18:28:48.0708 0x1738  VBoxAswDrv - ok
18:28:48.0708 0x1738  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:28:48.0723 0x1738  vdrvroot - ok
18:28:48.0770 0x1738  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:28:48.0832 0x1738  vds - ok
18:28:48.0848 0x1738  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:48.0864 0x1738  vga - ok
18:28:48.0895 0x1738  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:28:48.0926 0x1738  VgaSave - ok
18:28:48.0926 0x1738  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:28:48.0942 0x1738  vhdmp - ok
18:28:48.0973 0x1738  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:28:48.0988 0x1738  viaide - ok
18:28:49.0004 0x1738  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:28:49.0020 0x1738  volmgr - ok
18:28:49.0035 0x1738  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:28:49.0051 0x1738  volmgrx - ok
18:28:49.0066 0x1738  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:28:49.0082 0x1738  volsnap - ok
18:28:49.0098 0x1738  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:28:49.0113 0x1738  vsmraid - ok
18:28:49.0207 0x1738  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:28:49.0285 0x1738  VSS - ok
18:28:49.0300 0x1738  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:28:49.0316 0x1738  vwifibus - ok
18:28:49.0347 0x1738  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:28:49.0378 0x1738  W32Time - ok
18:28:49.0410 0x1738  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:28:49.0441 0x1738  WacomPen - ok
18:28:49.0456 0x1738  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:28:49.0488 0x1738  WANARP - ok
18:28:49.0488 0x1738  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:28:49.0519 0x1738  Wanarpv6 - ok
18:28:49.0581 0x1738  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:28:49.0628 0x1738  WatAdminSvc - ok
18:28:49.0690 0x1738  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:28:49.0753 0x1738  wbengine - ok
18:28:49.0768 0x1738  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:28:49.0800 0x1738  WbioSrvc - ok
18:28:49.0831 0x1738  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:28:49.0862 0x1738  wcncsvc - ok
18:28:49.0893 0x1738  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:28:49.0909 0x1738  WcsPlugInService - ok
18:28:49.0924 0x1738  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:28:49.0940 0x1738  Wd - ok
18:28:49.0987 0x1738  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:28:50.0018 0x1738  Wdf01000 - ok
18:28:50.0049 0x1738  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:28:50.0065 0x1738  WdiServiceHost - ok
18:28:50.0065 0x1738  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:28:50.0080 0x1738  WdiSystemHost - ok
18:28:50.0112 0x1738  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:28:50.0143 0x1738  WebClient - ok
18:28:50.0158 0x1738  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:28:50.0190 0x1738  Wecsvc - ok
18:28:50.0205 0x1738  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:28:50.0268 0x1738  wercplsupport - ok
18:28:50.0299 0x1738  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:28:50.0330 0x1738  WerSvc - ok
18:28:50.0346 0x1738  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:50.0377 0x1738  WfpLwf - ok
18:28:50.0392 0x1738  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:28:50.0392 0x1738  WIMMount - ok
18:28:50.0424 0x1738  WinDefend - ok
18:28:50.0424 0x1738  WinHttpAutoProxySvc - ok
18:28:50.0470 0x1738  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:28:50.0517 0x1738  Winmgmt - ok
18:28:50.0595 0x1738  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:28:50.0658 0x1738  WinRM - ok
18:28:50.0673 0x1738  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:28:50.0689 0x1738  WinUsb - ok
18:28:50.0736 0x1738  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:28:50.0767 0x1738  Wlansvc - ok
18:28:50.0798 0x1738  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:28:50.0814 0x1738  wlcrasvc - ok
18:28:50.0907 0x1738  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:28:50.0970 0x1738  wlidsvc - ok
18:28:50.0985 0x1738  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:28:51.0001 0x1738  WmiAcpi - ok
18:28:51.0016 0x1738  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:28:51.0032 0x1738  wmiApSrv - ok
18:28:51.0048 0x1738  WMPNetworkSvc - ok
18:28:51.0063 0x1738  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:28:51.0094 0x1738  WPCSvc - ok
18:28:51.0110 0x1738  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:28:51.0126 0x1738  WPDBusEnum - ok
18:28:51.0141 0x1738  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:28:51.0188 0x1738  ws2ifsl - ok
18:28:51.0219 0x1738  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
18:28:51.0235 0x1738  wscsvc - ok
18:28:51.0266 0x1738  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:28:51.0282 0x1738  WSDPrintDevice - ok
18:28:51.0282 0x1738  WSearch - ok
18:28:51.0406 0x1738  [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:28:51.0484 0x1738  wuauserv - ok
18:28:51.0516 0x1738  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:28:51.0594 0x1738  WudfPf - ok
18:28:51.0625 0x1738  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:28:51.0656 0x1738  WUDFRd - ok
18:28:51.0672 0x1738  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:28:51.0703 0x1738  wudfsvc - ok
18:28:51.0734 0x1738  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:28:51.0750 0x1738  WwanSvc - ok
18:28:51.0750 0x1738  ================ Scan global ===============================
18:28:51.0781 0x1738  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:28:51.0812 0x1738  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
18:28:51.0828 0x1738  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
18:28:51.0843 0x1738  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:28:51.0874 0x1738  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
18:28:51.0890 0x1738  [ Global ] - ok
18:28:51.0890 0x1738  ================ Scan MBR ==================================
18:28:51.0890 0x1738  [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
18:28:54.0183 0x1738  \Device\Harddisk0\DR0 - ok
18:28:54.0199 0x1738  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:28:54.0386 0x1738  \Device\Harddisk1\DR1 - ok
18:28:54.0386 0x1738  ================ Scan VBR ==================================
18:28:54.0402 0x1738  [ B7CAEC7C8BC77644351F08C502C2CB2A ] \Device\Harddisk0\DR0\Partition1
18:28:54.0433 0x1738  \Device\Harddisk0\DR0\Partition1 - ok
18:28:54.0480 0x1738  [ 80CE2CD362B2AC67F67980991AB1F004 ] \Device\Harddisk0\DR0\Partition2
18:28:54.0511 0x1738  \Device\Harddisk0\DR0\Partition2 - ok
18:28:54.0511 0x1738  [ 27BE7E5AA424DAEC97D7F03D30F1413A ] \Device\Harddisk1\DR1\Partition1
18:28:54.0511 0x1738  \Device\Harddisk1\DR1\Partition1 - ok
18:28:54.0511 0x1738  ================ Scan generic autorun ======================
18:28:54.0854 0x1738  [ 96922E3892E299FED3F2B82FD5DDB99F, 0F01DAC0F6B026653DE220494347212441B50340B7A8068A709BF6953D799B57 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:28:55.0072 0x1738  RtHDVCpl - ok
18:28:55.0119 0x1738  [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\eMachines\OOBEOffer\ootag.exe
18:28:55.0135 0x1738  OOTag - ok
18:28:55.0213 0x1738  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
18:28:55.0244 0x1738  Norton Online Backup - ok
18:28:55.0260 0x1738  [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe
18:28:55.0260 0x1738  OOTag - ok
18:28:55.0306 0x1738  [ 2EA4B2BC3260CF3D20F6A164B362F6D4, 04E9262329F7B326468B6E57502CBD600B6BFF578E63242404FF612C1DBD08DE ] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
18:28:55.0338 0x1738  Hotkey Utility - ok
18:28:55.0431 0x1738  [ 72860972F8196EBB3C896F53D2B95470, 95C046A66DD0089377867F073CADCE585B7C69CA23E724DCAD9D896BF01E023D ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
18:28:55.0447 0x1738  hpqSRMon - detected UnsignedFile.Multi.Generic ( 1 )
18:28:55.0447 0x1738  Detect skipped due to KSN trusted
18:28:55.0447 0x1738  hpqSRMon - ok
18:28:55.0478 0x1738  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
18:28:55.0494 0x1738  HP Software Update - ok
18:28:55.0540 0x1738  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
18:28:55.0572 0x1738  iTunesHelper - ok
18:28:55.0806 0x1738  [ 799450710D1B09FAF0D220B4DA3BF431, EE77DE14BC91D9A26D08AF4507071BB13F9D7F835AE6616B7D313F4FAF877793 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:28:55.0977 0x1738  AvastUI.exe - ok
18:28:56.0086 0x1738  [ 9153F2335BCDB87F41559CF066223BF9, C0F89F9A63B1F49F007A971F5180128EC0AFBBBF7CFA82CA1FA44CB9DB5F8BB3 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:28:56.0118 0x1738  SunJavaUpdateSched - ok
18:28:56.0305 0x1738  [ A2D1941C1BDA0FE8628FE8EFF18AB797, 743B1492551C0927C01F473B50F386CFB00AD0CBFAADFEBFEE5F8DED616FC443 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
18:28:56.0430 0x1738  Fitbit Connect - ok
18:28:56.0757 0x1738  [ 52BB1038DE18319F9AAC7B3603522AE4, 33F9054C58F6768327740EDCEBDAA05E6DD0692CCCA6284E89E715C2459B666E ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
18:28:56.0976 0x1738  SUPERAntiSpyware - ok
18:28:57.0054 0x1738  [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
18:28:57.0085 0x1738  iCloudServices - ok
18:28:57.0210 0x1738  [ A2D1941C1BDA0FE8628FE8EFF18AB797, 743B1492551C0927C01F473B50F386CFB00AD0CBFAADFEBFEE5F8DED616FC443 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
18:28:57.0334 0x1738  Fitbit Connect - ok
18:28:57.0444 0x1738  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:28:57.0490 0x1738  Sidebar - ok
18:28:57.0522 0x1738  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:28:57.0537 0x1738  mctadmin - ok
18:28:57.0568 0x1738  [ 6E9DBF6B982AEA2EC6614F0B81AB2846, BEBD1E26E3C2810B19A71446A2CC5B9BD9436E802DD8CD0432DFC35BFF248593 ] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe
18:28:57.0584 0x1738  ScrSav - ok
18:28:57.0600 0x1738  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2223.1143 ), 0x42000 ( disabled : updated )
18:28:57.0600 0x1738  Win FW state via NFP2: enabled ( trusted )
18:29:01.0078 0x1738  ============================================================
18:29:01.0078 0x1738  Scan finished
18:29:01.0078 0x1738  ============================================================
18:29:01.0094 0x0570  Detected object count: 1
18:29:01.0094 0x0570  Actual detected object count: 1
18:29:11.0983 0x0570  DraftSight API Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:29:11.0983 0x0570  DraftSight API Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:31:35.0734 0x11c4  Deinitialize success
 


  • 0

#12
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Second run of FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by Dave (administrator) on DAVE-PC (08-08-2015 18:32:13)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave (Available Profiles: Dave & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-08] (SUPERAntiSpyware)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-12-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc179
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3386438342-948231862-3273088082-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 82.163.143.151,82.163.142.153
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\62sr11ei.default-1377043760093
FF DefaultSearchEngine: Google
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dave\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3386438342-948231862-3273088082-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-27]
FF HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-27] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 DraftSight API Service; C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [78336 2012-07-07] (Dassault Systèmes) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-03-31] (WildTangent)
S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)
S3 mr7910; C:\Windows\System32\DRIVERS\mr7910.sys [55808 2007-03-16] (Mars Semiconductor Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 Winsock; no ImagePath
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
U3 aswMBR; \??\C:\Users\Dave\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 18:32 - 2015-08-08 18:32 - 00020012 _____ C:\Users\Dave\Desktop\FRST.txt
2015-08-08 18:20 - 2015-08-08 18:20 - 00030285 _____ C:\Users\Dave\Desktop\ComboFix.txt
2015-08-08 18:06 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-08 18:06 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-08 18:06 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-08 18:06 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-08 18:06 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-08 18:06 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-08 18:06 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-08 18:06 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-08 18:04 - 2015-08-08 18:20 - 00000000 ____D C:\Qoobox
2015-08-08 18:03 - 2015-08-08 18:18 - 00000000 ____D C:\Windows\erdnt
2015-08-08 17:29 - 2015-08-08 17:29 - 00015600 _____ C:\Users\Dave\Desktop\JRT.txt
2015-08-08 17:22 - 2015-08-08 17:22 - 00014001 _____ C:\Users\Dave\Desktop\AdwCleaner[R0].txt
2015-08-08 17:18 - 2015-08-08 17:20 - 00000000 ____D C:\AdwCleaner
2015-08-08 17:14 - 2015-08-08 18:00 - 00003361 _____ C:\Users\Dave\Desktop\aswMBR.txt
2015-08-08 17:14 - 2015-08-08 18:00 - 00000512 _____ C:\Users\Dave\Desktop\MBR.dat
2015-08-08 13:55 - 2015-08-08 13:56 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Dave\Desktop\tdsskiller.exe
2015-08-08 13:53 - 2015-08-08 13:54 - 05634368 ____R (Swearware) C:\Users\Dave\Desktop\ComboFix.exe
2015-08-08 13:53 - 2015-08-08 13:54 - 05200384 _____ (AVAST Software) C:\Users\Dave\Desktop\aswmbr.exe
2015-08-08 13:52 - 2015-08-08 13:52 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Dave\Desktop\JRT.exe
2015-08-08 13:49 - 2015-08-08 13:50 - 02248704 _____ C:\Users\Dave\Desktop\adwcleaner_4.208.exe
2015-08-08 13:28 - 2015-08-08 13:29 - 00000112 _____ C:\ProgramData\fJMqmDsP.dat
2015-08-07 19:17 - 2015-08-08 13:27 - 00000000 ____D C:\Users\Dave\Desktop\FRST-OlderVersion
2015-08-07 19:17 - 2015-08-07 19:18 - 00050311 _____ C:\Users\Dave\Downloads\download
2015-08-06 20:47 - 2015-08-07 05:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-06 11:17 - 2015-08-06 11:19 - 05534539 _____ C:\Users\Dave\Downloads\filmon-hdi-3.1.3657.dmg.crdownload
2015-08-06 04:01 - 2015-08-06 04:02 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup (1).zip
2015-08-06 04:01 - 2015-08-06 04:01 - 00779203 _____ C:\Users\Dave\Downloads\VideoPlayerSetup.zip
2015-08-05 21:31 - 2015-08-05 21:31 - 00266288 _____ C:\Windows\Minidump\080515-35739-01.dmp
2015-08-05 10:49 - 2015-08-05 10:49 - 00266288 _____ C:\Windows\Minidump\080515-36847-01.dmp
2015-08-04 22:13 - 2015-08-07 20:04 - 00044508 _____ C:\Users\Dave\Desktop\Addition(1).txt
2015-08-04 22:11 - 2015-08-07 20:04 - 00053382 _____ C:\Users\Dave\Desktop\FRST(1).txt
2015-08-04 22:09 - 2015-08-08 18:32 - 00000000 ____D C:\FRST
2015-08-04 22:04 - 2015-08-08 13:27 - 02169856 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2015-07-28 17:18 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 17:18 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 17:18 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 17:18 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 17:18 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 14:47 - 2015-07-23 14:47 - 00124822 _____ C:\Users\Dave\Downloads\delta_faq
2015-07-21 03:21 - 2015-08-08 12:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-20 17:20 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 17:20 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 17:20 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 17:20 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 17:20 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 17:20 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 10:21 - 2015-07-20 10:21 - 00000247 _____ C:\Windows\system32\2015-07-20-14-21-26.059-aswFe.exe-37060.log
2015-07-20 10:21 - 2015-07-20 10:21 - 00000197 _____ C:\Windows\system32\2015-07-20-14-21-20.079-AvastVBoxSVC.exe-36904.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000247 _____ C:\Windows\system32\2015-07-20-14-14-21.071-aswFe.exe-38112.log
2015-07-20 10:14 - 2015-07-20 10:14 - 00000197 _____ C:\Windows\system32\2015-07-20-14-14-15.077-AvastVBoxSVC.exe-37756.log
2015-07-20 10:05 - 2015-07-20 10:05 - 00000247 _____ C:\Windows\system32\2015-07-20-14-05-22.091-aswFe.exe-38036.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000247 _____ C:\Windows\system32\2015-07-20-14-03-41.073-aswFe.exe-1596.log
2015-07-20 10:03 - 2015-07-20 10:03 - 00000197 _____ C:\Windows\system32\2015-07-20-14-03-32.098-AvastVBoxSVC.exe-3720.log
2015-07-20 09:53 - 2015-07-20 09:53 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 09:53 - 2015-07-20 09:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-17 03:45 - 2015-07-17 03:45 - 00000197 _____ C:\Windows\system32\2015-07-17-07-45-22.088-AvastVBoxSVC.exe-3828.log
2015-07-15 20:06 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 20:06 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 20:06 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 20:06 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 20:06 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 20:06 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 20:06 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 20:06 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 20:06 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 20:06 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 20:06 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 20:06 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 20:06 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 20:05 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 20:05 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 20:05 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 20:05 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 20:05 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 20:05 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 20:05 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 20:05 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 20:05 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 20:05 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 20:03 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 20:03 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 20:03 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 20:03 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 20:03 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 20:03 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 20:03 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 20:03 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 20:03 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 20:03 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 20:03 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 20:03 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 20:03 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 20:03 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 20:03 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 20:03 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 20:03 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 20:03 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 20:03 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 20:03 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 20:03 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 20:03 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 20:03 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 20:03 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 20:03 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 20:03 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 20:03 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 20:03 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 20:03 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 20:03 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 20:03 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 20:03 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 20:03 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 20:03 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 20:03 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:59 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:59 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 19:59 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:59 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:59 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:59 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:59 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:59 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:59 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:59 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:59 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 19:59 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 19:59 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:58 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:58 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:58 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:58 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:58 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:58 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:58 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 19:58 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 19:58 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 19:58 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 19:58 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 19:58 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 19:58 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 19:58 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(2)
2015-07-14 15:04 - 2015-07-14 15:04 - 00073723 _____ C:\Users\Dave\Downloads\getpaymentcouponpdf(1)
2015-07-11 11:41 - 2015-07-11 11:41 - 00000197 _____ C:\Windows\system32\2015-07-11-15-41-02.074-AvastVBoxSVC.exe-2208.log
2015-07-11 10:49 - 2015-07-11 10:49 - 00000197 _____ C:\Windows\system32\2015-07-11-14-49-35.017-AvastVBoxSVC.exe-1916.log
2015-07-10 09:39 - 2015-08-02 12:58 - 00000000 ____D C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 18:32 - 2012-03-30 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 18:20 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-08-08 18:17 - 2009-07-13 22:34 - 00000242 _____ C:\Windows\system.ini
2015-08-08 18:05 - 2011-11-18 21:47 - 02082397 _____ C:\Windows\WindowsUpdate.log
2015-08-08 15:52 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-08 15:52 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-08 13:33 - 2011-11-18 21:46 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-08 13:32 - 2012-03-19 22:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-08 13:32 - 2010-11-20 23:47 - 00956360 _____ C:\Windows\PFRO.log
2015-08-08 13:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-08 13:32 - 2009-07-14 00:51 - 00079040 _____ C:\Windows\setupact.log
2015-08-08 13:27 - 2013-04-08 19:56 - 00000000 ____D C:\Windows\Minidump
2015-08-08 12:39 - 2012-08-17 14:09 - 00000005 _____ C:\END
2015-08-08 12:37 - 2012-04-03 21:18 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2015-08-07 05:42 - 2012-04-25 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-06 02:33 - 2012-03-23 23:13 - 00002152 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 21:31 - 2015-03-21 20:22 - 319895965 _____ C:\Windows\MEMORY.DMP
2015-08-04 23:52 - 2013-10-31 14:59 - 00000000 ____D C:\Users\Dave\Documents\Outlook Files
2015-08-04 21:54 - 2014-11-17 20:32 - 00000000 ____D C:\SUPERDelete
2015-08-02 23:32 - 2012-03-15 21:02 - 00001422 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 13:05 - 2007-07-11 21:49 - 00000000 ____D C:\Windows\Panther
2015-07-29 03:01 - 2014-04-30 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 10:31 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 09:40 - 2013-08-02 21:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-23 07:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-21 03:19 - 2009-07-14 00:45 - 00431936 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 09:53 - 2014-09-11 05:07 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-20 09:53 - 2014-09-11 05:07 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 09:53 - 2014-09-11 04:59 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-20 09:53 - 2012-03-23 23:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 09:52 - 2012-03-23 23:08 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-17 03:44 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-17 03:37 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 03:37 - 2014-12-11 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-17 03:10 - 2013-07-30 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 19:38 - 2012-12-29 12:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 19:34 - 2014-12-25 20:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:35 - 2012-03-30 23:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:34 - 2012-03-30 23:09 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:34 - 2012-03-15 22:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 23:00 - 2014-06-02 12:57 - 00000000 ____D C:\Users\Dave\Desktop\[bleep] i dont give a hit about

==================== Files in the root of some directories =======

2013-11-03 18:20 - 2014-06-26 17:47 - 0000035 _____ () C:\Users\Dave\AppData\Roaming\WB.CFG
2013-12-31 14:01 - 2014-01-03 13:38 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 18:20 - 2014-02-01 01:41 - 0000005 _____ () C:\Users\Dave\AppData\Roaming\WBPU-TTL.DAT
2015-08-08 13:28 - 2015-08-08 13:29 - 0000112 _____ () C:\ProgramData\fJMqmDsP.dat
2012-05-08 16:46 - 2012-12-27 22:17 - 0001906 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\fJMqmDsP.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-08 14:40

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by Dave (2015-08-08 18:32:48)
Running from C:\Users\Dave\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3386438342-948231862-3273088082-500 - Administrator - Disabled)
Dave (S-1-5-21-3386438342-948231862-3273088082-1001 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-3386438342-948231862-3273088082-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3386438342-948231862-3273088082-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3386438342-948231862-3273088082-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C6200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C6200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Cradle of Rome (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}) (Version:  - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DraftSight (HKLM-x32\...\{8EBF1B19-7756-42E5-A663-93ACB1D1FEA8}) (Version: 9.1.173 - Dassault Systemes)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.2.4 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
Free Text Pad (HKLM-x32\...\Free Text Pad) (Version: 1.0 - Zenith Technology Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Games Bot (HKLM-x32\...\Games Bot) (Version: 186.0.0.621 - CLICK YES BELOW LP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3386438342-948231862-3273088082-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.9.8 - WildTangent) Hidden
Windows Codec Pack (HKLM-x32\...\Windows Codec Pack11.041.44) (Version: 11.041.44 - Media Codecs Interactive)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-01-2015 13:08:54 Windows Update
15-01-2015 04:00:28 Windows Update
16-01-2015 04:00:45 Windows Update
20-01-2015 14:08:16 Windows Update
23-01-2015 20:49:31 Windows Update
27-01-2015 08:08:28 Windows Update
30-01-2015 13:31:44 Windows Update
03-02-2015 06:07:28 Windows Update
10-02-2015 18:27:09 Windows Update
11-02-2015 04:00:47 Windows Update
12-02-2015 04:00:47 Windows Update
13-02-2015 04:00:44 Windows Update
17-02-2015 06:07:16 Windows Update
20-02-2015 07:03:41 Windows Update
23-02-2015 15:39:43 Installed Fitbit Connect
24-02-2015 08:53:04 Windows Update
26-02-2015 04:00:50 Windows Update
03-03-2015 07:38:06 Windows Update
04-03-2015 04:00:28 Windows Update
10-03-2015 14:23:09 Windows Update
11-03-2015 03:00:49 Windows Update
18-03-2015 20:08:40 Windows Update
24-03-2015 13:31:16 Windows Update
25-03-2015 03:00:54 Windows Update
31-03-2015 18:37:31 Windows Update
05-04-2015 03:00:51 Windows Update
10-04-2015 06:30:08 Windows Update
14-04-2015 11:21:57 Windows Update
16-04-2015 03:00:25 Windows Update
21-04-2015 05:54:46 Windows Update
24-04-2015 18:55:24 Windows Update
28-04-2015 13:42:29 Windows Update
01-05-2015 17:18:19 Windows Update
05-05-2015 06:05:44 Windows Update
08-05-2015 07:08:05 Windows Update
12-05-2015 11:09:37 Windows Update
14-05-2015 03:00:39 Windows Update
19-05-2015 06:26:42 Windows Update
20-05-2015 03:00:48 Windows Update
27-05-2015 05:45:22 Windows Update
02-06-2015 05:31:46 Windows Update
06-06-2015 03:00:43 Windows Update
09-06-2015 14:44:40 Windows Update
10-06-2015 03:00:44 Windows Update
16-06-2015 06:41:56 Windows Update
23-06-2015 05:06:04 Windows Update
26-06-2015 06:21:25 Windows Update
30-06-2015 13:56:19 Windows Update
04-07-2015 09:31:58 Windows Update
07-07-2015 11:26:33 Windows Update
14-07-2015 09:49:49 Windows Update
17-07-2015 03:00:50 Windows Update
20-07-2015 09:49:55 avast! antivirus system restore point
21-07-2015 03:00:22 Windows Update
24-07-2015 17:19:24 Windows Update
28-07-2015 17:18:06 Windows Update
29-07-2015 03:00:23 Windows Update
02-08-2015 11:52:55 Windows Update
02-08-2015 23:30:46 Windows Defender Checkpoint
04-08-2015 11:12:20 Windows Defender Checkpoint
05-08-2015 21:06:12 Windows Defender Checkpoint
07-08-2015 19:20:06 Windows Defender Checkpoint
08-08-2015 12:43:54 Windows Update
08-08-2015 17:23:30 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-08-08 18:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B50005-A389-4D58-AB99-DA7D922BB61C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {0AF5188E-7490-4502-9C61-60EF2D4CD389} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {41F9F46E-C9FE-47E5-8A68-94D247B2E648} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5ED060DD-53F4-43FF-A6BA-6CF400B391A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {65351377-23AD-4C8D-A05F-58049B660D5E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB3AB753-1A0E-44AA-8253-A76497FABCE7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {DAE79FB3-FFF4-4788-B9D2-57902A1C9BEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-22 16:09 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-14 03:03 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-15 09:24 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-20 09:53 - 2015-07-20 09:53 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 09:52 - 2015-07-20 09:52 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-08 12:38 - 2015-08-08 12:38 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080801\algo.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2015-07-20 09:53 - 2015-07-20 09:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4BB9495E

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3386438342-948231862-3273088082-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.163.143.151 - 82.163.142.153
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8739928A-BE5C-446C-B0E0-4291BB78FAA6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{944F18B4-2348-462B-A994-C69B20A15319}] => (Allow) LPort=2869
FirewallRules: [{3A686F86-81C7-4476-AD0A-B76C59948B24}] => (Allow) LPort=1900
FirewallRules: [{8ED5BDF2-34CD-49E0-A5AF-3DCB31E17385}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{70D0560B-B11B-41EE-824F-50BCCD82E82E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{10E7BBEA-48AE-4062-967D-B4724A95D50C}] => (Allow) C:\Users\Dave\AppData\Local\Temp\7zS7B98\setup\hpznui40.exe
FirewallRules: [{460FB2F0-7C44-42B8-905E-A73E4A177E0E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{209C159F-6500-4288-A31C-0D41277EACEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B6D024A5-3E7D-4E3C-9A71-166E9ACA641D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FE9178A9-0B5D-4950-83C4-328DF58FE6DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{059A8E39-AF51-460D-910B-275CA11D7DEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E4FB83D0-9104-4F55-B6CD-536DE8D14762}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A7DDCAC9-E9C4-46F1-AB2D-39010E1DC066}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{F6804E05-4415-4E7B-9E4E-EEE128791AB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4E0B0301-AED7-4449-B958-12E05DEED4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6B50C10F-4892-49A1-8810-FC55392BE24D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{ED3656DB-3BF0-457C-91DE-89F919017AE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{3534C275-82B8-4DB5-AF20-42AA94BA0E3E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{5EB8C8FC-2953-4B5E-B636-EA33E5A2E5E9}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{059E02F3-80B1-484B-9352-E99E87288501}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{56D85588-A90A-47EA-927E-F77099A5D48E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{392AAC56-9EB6-40CE-B53E-D3353D19871E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{0928A0D9-BC84-4D3A-B135-937E3D4C8DF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7EF279E3-B97F-4320-9109-632D00264BFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{13F52B63-340E-4424-8D31-8F1E9960B42C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CDDFF6C8-D9BD-44FB-84A0-CCA6330A63C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F842959B-A79D-4695-BA53-168967077D1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3A44F714-BBFC-42E5-998F-397B1828664B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{230F1142-A337-47B6-9622-08F8C4910C80}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{663AADDC-1E16-41F2-AEEC-34D9264798AD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D910256B-6A2C-4329-A0FA-52B916D5F3D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0E43D8AF-D74E-4294-A87F-42E94CABA106}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EEFD98DA-5517-491C-BC5F-1DD07812D513}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E8A88342-AE09-4C92-95E6-3F2B5D62818F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6D36BCA2-660E-44F2-B3CA-38D00E59136F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E346008-EBF8-496B-AF1C-0EFE9E71426A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB51D002-14C9-41F7-9014-2510E75D43E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{255EBE98-81F6-4F9F-A1A6-2EE79A8FA63B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40C455D0-7C34-4C70-AD92-F0C173A3B21D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DAA705F5-51CE-4405-A583-8DF9FA92D550}] => (Allow) C:\Users\Dave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{11C0E1CD-8821-42FF-B031-1D4317E788C7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{50409FFA-507A-460B-BCCD-A8462C2BEF4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{083E2423-25F5-4003-97DA-DA2A5528C919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1735A76-BFE0-4122-ACE9-C4595695A6FD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{31C05C89-25E6-4A65-9296-21708FEB8EA7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EB5A2761-E31F-416D-A45E-7228AD25FDB2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DB52F59D-16CA-497A-99BD-0F4886004CA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F7DCA3CF-2367-4A46-847A-01CD62D6B54B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7F5DC64D-4B9A-4DF9-937D-FC866F0B784C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DDFFBC22-8F37-42C0-AB46-70072364E210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C6200 series
Description: Photosmart C6200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2015 01:33:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 12:36:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vc.exe, version: 0.0.0.0, time stamp: 0x51fbd51e
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000005
Fault offset: 0x00039e33
Faulting process id: 0x147c
Faulting application start time: 0xvc.exe0
Faulting application path: vc.exe1
Faulting module path: vc.exe2
Report Id: vc.exe3

Error: (08/08/2015 12:35:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 10:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vc.exe, version: 0.0.0.0, time stamp: 0x51fbd51e
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000005
Fault offset: 0x00039e33
Faulting process id: 0x1264
Faulting application start time: 0xvc.exe0
Faulting application path: vc.exe1
Faulting module path: vc.exe2
Report Id: vc.exe3

Error: (08/07/2015 10:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (08/07/2015 07:38:13 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows (3512) Windows: An attempt to delete the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2015 07:38:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3512) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2015 07:36:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/08/2015 06:17:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/08/2015 06:16:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/08/2015 06:12:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/08/2015 06:03:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/08/2015 06:03:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/08/2015 05:35:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/08/2015 05:25:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/08/2015 05:25:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/08/2015 05:25:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/08/2015 05:25:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (08/08/2015 01:33:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 12:36:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vc.exe0.0.0.051fbd51entdll.dll6.1.7601.1886955636317c000000500039e33147c01d0d1f867e3eeb0c:\windows\temp\vc.exeC:\Windows\SysWOW64\ntdll.dlla8cf1260-3deb-11e5-83bc-f80f413db0f9

Error: (08/08/2015 12:35:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 10:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vc.exe0.0.0.051fbd51entdll.dll6.1.7601.1886955636317c000000500039e33126401d0d17ef05846d0c:\windows\temp\vc.exeC:\Windows\SysWOW64\ntdll.dll2ee492f0-3d72-11e5-84a3-f80f413db0f9

Error: (08/07/2015 10:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (08/07/2015 07:38:14 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (08/07/2015 07:38:13 PM) (Source: ESENT) (EventID: 485) (User: )
Description: Windows3512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2015 07:38:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows3512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2015 07:36:05 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


CodeIntegrity:
===================================
  Date: 2015-08-08 18:16:22.119
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-08 18:16:22.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 220 Processor
Percentage of memory in use: 53%
Total physical RAM: 2815.37 MB
Available physical RAM: 1321.54 MB
Total Virtual: 5628.94 MB
Available Virtual: 3839.29 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:743.56 GB) NTFS
Drive e: (EOS_DIGITAL) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 952.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Looking a lot better.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

Let's see if anything is broken:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply (or rename it as the next run will overwrite it) then repeat but select Application.


Let's see if it's running slow:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 

 

 

 

Could you let Avast do a boot-time scan tonight while you sleep?

 

 How to do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button

If you can't find it then take a screen shot of the Detailed Report


  • 0

#14
psu88

psu88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Not good right now!  I ran the fixlist.txt that youattached and now my computer is barely responding.  I cannot get on the internet even though I was just on before running the fixlist.  I get a message from Avast sayin that "The online content is unavailable.  Please check your internet connection and try again"  My interent connection is OK, I am on my wifes laptop at the moment and it is connected.


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Can you do a System Restore?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP