Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ad redirects - cannot get rid of them [Solved]

malware

  • This topic is locked This topic is locked

#1
IndyBlue

IndyBlue

    Member

  • Member
  • PipPip
  • 55 posts
Dear Geeks-to-go:

I have a two-fold problem: (1) Web pages keep automatically redirecting to ad pages, and (2) little video ads pop up on many sites I visit, and they seem to prevent me from seeing legitimate videos, tweets, and photos. It's driving me crazy! I have a slightly aged Dell desktop and am using Windows 7. If you could help, I would be so grateful.

Before coming here, I followed all the instructions on this link: https://malwaretips....redirect-virus/I followed every single step but nothing worked.

Then I came here, and followed your instructions. Pasted in below are the two logs from FRST64:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016
Ran by Indre Melynis (administrator) on INDREMELYNIS-PC (21-02-2016 12:02:53)
Running from C:\Users\Indre Melynis\Desktop
Loaded Profiles: Indre Melynis (Available Profiles: Indre Melynis)
Platform: Windows 7 Home Premium Service Pack 1 0(X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Google Inc.) C:\Users\Indre Melynis\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Indre Melynis\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-05-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12831984 2016-02-18] (Zemana Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286992 2015-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\Run: [Google Update] => C:\Users\Indre Melynis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {2b98df7b-09ac-11e2-98d5-7845c41ade70} - G:\TL_Bootstrap.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {bd15e7f3-aaa2-11e3-94e4-7845c41ade70} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {f288214f-38c4-11e3-94f0-806e6f6e6963} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-12-31]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Indre Melynis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-09-23]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{36B0282A-A646-412F-A81A-B6C99379167F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{386DF54D-4431-494B-BBE6-EA10AE634B3D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MSN_WCP
SearchScopes: HKLM -> DefaultScope {7F0E4A79-5271-4012-A9F7-A1ABA7AD8C0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7F0E4A79-5271-4012-A9F7-A1ABA7AD8C0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {7F0E4A79-5271-4012-A9F7-A1ABA7AD8C0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-20] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-14] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-20] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Indre Melynis\AppData\Roaming\Mozilla\Firefox\Profiles\fvhxksqh.default-1456071445424
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-08-05] (Simon Bünzli)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-12-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-12-31] (RealPlayer)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2013-03-15] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-08-05] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Indre Melynis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @talk.google.com/O1DPlugin -> C:\Users\Indre Melynis\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Indre Melynis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Indre Melynis\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Indre Melynis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Indre Melynis\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-13]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-05-08] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [4333712 2015-05-12] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-21] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-31] (RealNetworks, Inc.)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2032344 2015-05-14] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-05-26] (VMware, Inc.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12831984 2016-02-18] (Zemana Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-30] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-12-30] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [404184 2015-12-30] (Realsil Semiconductor Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-02-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-02-21] (Zemana Ltd.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 12:02 - 2016-02-21 12:03 - 00030873 _____ C:\Users\Indre Melynis\Desktop\FRST.txt
2016-02-21 12:02 - 2016-02-21 12:02 - 02371072 _____ (Farbar) C:\Users\Indre Melynis\Desktop\FRST64 (1).exe
2016-02-21 11:58 - 2016-02-21 12:02 - 00000000 ____D C:\FRST
2016-02-21 11:58 - 2016-02-21 11:59 - 02371072 _____ (Farbar) C:\Users\Indre Melynis\Desktop\FRST64.exe
2016-02-21 11:57 - 2016-02-21 11:57 - 02371072 _____ (Farbar) C:\Users\Indre Melynis\Downloads\FRST64.exe
2016-02-21 11:20 - 2016-02-21 11:35 - 00000405 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-02-21 11:20 - 2016-02-21 11:30 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2016-02-21 11:20 - 2016-02-21 11:20 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-02-21 11:20 - 2016-02-21 11:20 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-02-21 11:20 - 2016-02-21 11:20 - 00001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-02-21 11:20 - 2016-02-21 11:20 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\Zemana
2016-02-21 11:20 - 2016-02-21 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-02-21 11:20 - 2016-02-21 11:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-02-21 11:19 - 2016-02-21 11:19 - 05293368 _____ ( ) C:\Users\Indre Melynis\Downloads\Zemana.AntiMalware.Setup.exe
2016-02-21 10:53 - 2016-02-21 11:05 - 00000000 ____D C:\EEK
2016-02-21 10:49 - 2016-02-21 10:51 - 219925176 _____ C:\Users\Indre Melynis\Downloads\EmsisoftEmergencyKit.exe
2016-02-21 10:39 - 2016-02-21 10:39 - 01609216 _____ (Malwarebytes) C:\Users\Indre Melynis\Downloads\JRT.exe
2016-02-21 10:31 - 2016-02-21 10:31 - 01511424 _____ C:\Users\Indre Melynis\Downloads\adwcleaner_5.035.exe
2016-02-21 10:12 - 2016-02-21 10:12 - 00009918 _____ C:\Windows\system32\.crusader
2016-02-21 09:59 - 2016-02-21 09:59 - 00001859 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-21 09:58 - 2016-02-21 09:58 - 11443792 _____ (SurfRight B.V.) C:\Users\Indre Melynis\Downloads\HitmanPro_x64 (1).exe
2016-02-21 09:29 - 2016-02-21 09:30 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Indre Melynis\Downloads\iExplore.exe
2016-02-21 09:26 - 2016-02-21 09:29 - 00223482 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_09.26.15_log.txt
2016-02-21 09:25 - 2016-02-21 09:26 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Indre Melynis\Downloads\tdsskiller.exe
2016-02-12 00:04 - 2016-02-13 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-09 22:50 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 22:50 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 22:50 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 22:50 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 22:50 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 22:50 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 22:50 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 22:50 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 22:50 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 22:50 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 22:50 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 22:50 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 22:50 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 22:50 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 22:50 - 2016-01-16 14:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 22:50 - 2016-01-16 13:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 22:50 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 22:50 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 22:50 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 22:49 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 22:49 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 22:49 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 22:49 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 22:49 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 22:49 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 22:49 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 22:49 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 22:49 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 22:49 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 22:49 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 22:49 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 22:49 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 22:49 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 22:49 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 22:49 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 22:49 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 22:49 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 22:49 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 22:49 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 22:49 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 22:49 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 22:49 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 22:49 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 22:49 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 22:49 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 22:49 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 22:49 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 22:49 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 22:49 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 22:49 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 22:49 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 22:49 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 22:49 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 22:49 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 22:49 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 22:49 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 22:49 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 22:49 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 22:49 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 22:49 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 22:49 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 22:49 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 22:49 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 22:49 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 22:49 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 22:49 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 22:49 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 22:49 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 22:49 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 22:49 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 22:49 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 22:47 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 22:47 - 2016-01-11 14:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 22:47 - 2016-01-11 14:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 22:47 - 2016-01-11 14:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 22:47 - 2016-01-11 13:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 22:47 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 22:47 - 2016-01-11 13:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 22:47 - 2016-01-11 13:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 22:47 - 2016-01-11 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 22:47 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 22:47 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 22:47 - 2016-01-11 13:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 22:47 - 2016-01-11 13:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 22:47 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 22:47 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 22:47 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 22:47 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 22:47 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 22:47 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 22:46 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 22:45 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 22:45 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 22:45 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 22:45 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 22:45 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 22:45 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 22:45 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 22:45 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 22:45 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 22:45 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 22:45 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 22:45 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 22:45 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 22:45 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 22:45 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 22:45 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 22:45 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 22:45 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 22:45 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 22:45 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 22:45 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 22:45 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 22:45 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 22:45 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 22:45 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 22:45 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 22:45 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 22:45 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 22:45 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 22:45 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 22:45 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 22:45 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 22:45 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 22:45 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 22:45 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 22:45 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 22:45 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 22:45 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 22:45 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 22:45 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 22:45 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 22:43 - 2016-01-22 01:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 22:43 - 2016-01-22 01:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 22:43 - 2016-01-22 01:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 22:43 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 22:43 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 22:43 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 22:43 - 2016-01-22 00:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 22:43 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-02 22:22 - 2016-02-21 10:45 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForIndre Melynis.job
2016-02-02 22:22 - 2016-02-16 22:45 - 00003234 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIndre Melynis
2016-02-01 21:02 - 2016-02-01 21:02 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-01 21:02 - 2016-02-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-30 00:38 - 2016-01-30 00:38 - 00002767 _____ C:\Users\Public\Desktop\SyncUP.lnk
2016-01-28 16:12 - 2016-01-28 16:12 - 01525807 _____ C:\Users\Indre Melynis\Downloads\11 x 14 FINAL high quality.pdf
2016-01-28 09:12 - 2016-01-28 09:42 - 00000000 ____D C:\Users\Indre Melynis\AppData\LocalLow\WebEx
2016-01-28 09:12 - 2016-01-28 09:37 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\webex
2016-01-28 09:12 - 2016-01-28 09:12 - 00712592 _____ (Cisco WebEx LLC) C:\Users\Indre Melynis\Downloads\Cisco_WebEx_Add-On.exe
2016-01-28 09:12 - 2016-01-28 09:12 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\WebEx
2016-01-28 09:12 - 2016-01-28 09:12 - 00000000 ____D C:\ProgramData\WebEx
2016-01-26 22:50 - 2016-01-26 22:50 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-01-24 19:22 - 2016-01-25 00:44 - 00011956 _____ C:\Users\Indre Melynis\Desktop\ella 4.xlsx
2016-01-24 19:20 - 2016-01-24 19:20 - 00014628 _____ C:\Users\Indre Melynis\Desktop\ella 4.txt
2016-01-24 19:17 - 2016-01-25 00:14 - 00012006 _____ C:\Users\Indre Melynis\Desktop\ella 3.xlsx
2016-01-24 19:15 - 2016-01-24 19:15 - 00014628 _____ C:\Users\Indre Melynis\Desktop\ella 3.txt
2016-01-24 19:13 - 2016-01-25 00:08 - 00011803 _____ C:\Users\Indre Melynis\Desktop\ella 2.xlsx
2016-01-24 19:11 - 2016-01-24 19:11 - 00013298 _____ C:\Users\Indre Melynis\Desktop\ella 2.txt
2016-01-24 19:08 - 2016-01-24 23:53 - 00011874 _____ C:\Users\Indre Melynis\Desktop\ella 1.xlsx
2016-01-24 19:05 - 2016-01-24 19:07 - 00002054 _____ C:\Users\Indre Melynis\Desktop\ella 1.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-21 11:46 - 2012-09-09 07:53 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\Nero
2016-02-21 11:40 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-21 11:40 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-21 11:34 - 2014-02-11 20:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-21 11:32 - 2012-07-16 15:49 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-02-21 11:32 - 2012-07-16 15:49 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-02-21 11:32 - 2012-07-16 15:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-02-21 11:31 - 2012-08-26 15:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 11:31 - 2012-08-26 15:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 11:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-21 11:10 - 2015-12-30 01:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-21 10:42 - 2015-12-30 01:13 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\IObit
2016-02-21 10:42 - 2015-12-30 01:13 - 00000000 ____D C:\ProgramData\IObit
2016-02-21 10:42 - 2015-12-30 01:13 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-21 10:33 - 2014-01-18 21:06 - 00000000 ____D C:\AdwCleaner
2016-02-21 10:12 - 2014-01-19 00:10 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-21 09:59 - 2015-04-14 16:02 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\CrashDumps
2016-02-21 09:33 - 2014-10-05 12:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 08:54 - 2012-08-26 15:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-20 18:23 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-02-19 22:45 - 2012-08-26 15:25 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 22:45 - 2012-08-26 15:25 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-16 22:46 - 2015-12-30 01:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 09:24 - 2012-08-26 15:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 07:35 - 2015-10-23 08:55 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\VMware
2016-02-10 22:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 07:54 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-10 07:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-10 07:48 - 2009-07-13 23:45 - 00440456 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 07:44 - 2014-12-11 22:32 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 07:44 - 2014-05-07 21:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 07:44 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 01:32 - 2013-08-14 21:08 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 01:26 - 2012-08-26 17:42 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 01:24 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
2016-02-09 23:10 - 2015-12-30 01:52 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 23:10 - 2015-12-30 01:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 23:10 - 2015-12-30 01:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-06 01:55 - 2015-12-31 21:26 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\Real
2016-02-05 22:53 - 2009-07-14 00:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-02 22:22 - 2015-12-28 14:11 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\Hewlett-Packard
2016-02-01 21:34 - 2012-08-26 22:57 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\ElevatedDiagnostics
2016-02-01 21:26 - 2012-08-26 15:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 21:26 - 2012-08-26 15:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 21:02 - 2014-04-03 21:57 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-02-01 21:02 - 2013-03-23 21:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-01 21:02 - 2013-01-06 23:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-30 00:38 - 2012-07-16 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-30 00:37 - 2012-07-16 15:49 - 00000000 ____D C:\ProgramData\Nero
2016-01-30 00:37 - 2012-07-16 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-01-28 23:14 - 2013-09-09 13:30 - 00000000 ____D C:\Users\Indre Melynis\Desktop\funny stuff
2016-01-28 18:27 - 2013-06-02 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-01-28 09:12 - 2013-08-13 16:52 - 00000000 ____D C:\Users\Indre Melynis\AppData\LocalLow\Temp
2016-01-26 22:50 - 2015-12-30 01:13 - 00000000 ____D C:\Users\Indre Melynis\AppData\LocalLow\IObit

==================== Files in the root of some directories =======

2014-10-12 23:57 - 2014-10-12 23:57 - 0000093 _____ () C:\Users\Indre Melynis\AppData\Roaming\ARCompanion.log
2012-09-05 21:41 - 2014-03-03 07:49 - 0001463 _____ () C:\Users\Indre Melynis\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-05 21:40 - 2014-03-03 07:45 - 0003361 _____ () C:\Users\Indre Melynis\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-05 21:41 - 2014-03-03 07:49 - 0001694 _____ () C:\Users\Indre Melynis\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-04 16:30 - 2012-09-04 16:30 - 0000318 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Indre Melynis\AppData\Local\Temp\bntgmsta.dll
C:\Users\Indre Melynis\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-20 20:00

==================== End of FRST.txt ============================

FRST Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by Indre Melynis (2016-02-21 12:03:28)
Running from C:\Users\Indre Melynis\Desktop
Windows 7 Home Premium Service Pack 1 0(X64) (2012-08-26 20:01:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3762274814-3010589716-3170184999-500 - Administrator - Disabled)
Guest (S-1-5-21-3762274814-3010589716-3170184999-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3762274814-3010589716-3170184999-1002 - Limited - Enabled)
Indre Melynis (S-1-5-21-3762274814-3010589716-3170184999-1000 - Administrator - Enabled) => C:\Users\Indre Melynis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Office 2013 tikrinimo įrankiai lietuvių k. (HKLM-x32\...\{90150000-001F-0427-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{2563E7CF-E58B-4069-BF3A-0828EEB1E361}) (Version: 4.3.1.18 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.256 - SurfRight B.V.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyodai Mahjongg 2006 v1.42 (HKLM-x32\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PDFlite 0.8 (HKLM-x32\...\PDFlite) (Version: 0.8 - Amnis Technology Ltd)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TextPad 7 (HKLM\...\{6A86F18E-5464-449D-A82D-667974747F38}) (Version: 7.2.0 - Helios)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Unity Web Player (HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VMware Horizon Client (HKLM\...\{AAC8DB2E-95D9-416D-BAF1-53395D81CBB3}) (Version: 3.4.0.27772 - VMware, Inc.)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.904 - Zemana Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D38705-7F65-420A-A782-A94BA95B10C4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {058BBA96-5526-41AD-8FD8-909F44B417E6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3762274814-3010589716-3170184999-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {146C2578-2DE5-48CA-AF95-00D4524859EA} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {14E037FD-6E67-4EF0-9D72-668CE84C772B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {27B7A3C8-A474-4B48-8FB8-5E1C815D986D} - System32\Tasks\{52DCD8A6-6A81-4063-A05E-59C8780F02FF} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {2C3A7660-CCBB-4A4E-B69F-9111B274E7BE} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3762274814-3010589716-3170184999-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)
Task: {39FB3C93-DC5A-44F1-AC40-3DC272E1F4BB} - System32\Tasks\{EF43C50F-8112-4141-AA50-483A5DC56E4A} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2013-03-07] (Research In Motion)
Task: {50D3EC8A-ACAE-4A99-9AFA-4BB76B7BA22D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {522075A2-FBBC-4850-8971-56507536B9B8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3762274814-3010589716-3170184999-1000
Task: {559BE27B-9260-4A96-B8C1-A94DC6F18BF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {58F84D60-D57C-4C98-A6E9-A1E31B8C321E} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {596B922E-FB4C-4B83-AC41-4A27CC408726} - System32\Tasks\{3A6B6625-B3B5-4B72-8618-52D5217B5D74} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2013-03-07] (Research In Motion)
Task: {65FC67C7-99A1-412B-84F5-A2A9773F29BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {6F3CD25E-64C3-423E-9F70-5ECD9FDA508A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {7D66CE19-A326-40E9-80FA-6143D3B9AB8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {7DBE480D-2EAE-4221-A072-C042F4A67FC8} - System32\Tasks\HPCeeScheduleForIndre Melynis => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8BA3FD7D-9F77-4C07-9E14-6BCECD676E50} - \VisualBeeRecovery -> No File <==== ATTENTION
Task: {9A82CD07-A6C9-4CF4-8628-AE1E5699A2C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A63C0C2A-8D6B-4529-8601-41A404AD367C} - System32\Tasks\avastBCLRestartS-1-5-21-3762274814-3010589716-3170184999-1000 => Firefox.exe
Task: {AE75C610-9CF2-4FC0-A0F2-972371984CC0} - System32\Tasks\{5952AA5E-DB9C-4587-B603-29DDEBF96664} => pcalua.exe -a "C:\Users\Indre Melynis\Downloads\B2CAppSetup.exe" -d "C:\Users\Indre Melynis\Downloads"
Task: {B1117E51-A9D4-4583-80AE-60F23DE6A3CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B506FCB2-33B7-4EB0-85AE-D0A54B342AD3} - System32\Tasks\{B0831E5E-3993-4A26-8666-C90359903CE5} => pcalua.exe -a "C:\Users\Indre Melynis\Downloads\AdobeAIRInstaller(1).exe" -d "C:\Users\Indre Melynis\Downloads"
Task: {C252083C-5360-4A17-89FD-3705CF03AF0C} - System32\Tasks\AdobeAAMUpdater-1.0-IndreMelynis-PC-Indre Melynis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {C48EB568-7C7E-4369-B9E4-1CCAC381D28B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {C69995E9-3891-462E-8384-7128C4D3E1F9} - System32\Tasks\{7C869429-E06F-437A-8442-0C8DD88FA6EA} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {CF7D40A7-77A3-41E8-8A17-7C0B3B2A4699} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {D51B1318-5B45-4918-AFE3-C8192DB98485} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {D83B48B8-96EB-4F3A-A904-F62FBF169F5D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-13] (AVAST Software)
Task: {D9408BB9-D2E9-445C-96AB-F0C3DFFE3FE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {E75E66B8-207C-4CE6-9EB2-E974D9F10554} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E9CFDE0C-27AB-4D72-A294-5C1F9DD5D397} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {F4FC5523-C2A2-4AEA-AB55-8106F66AD686} - \Digital Sites -> No File <==== ATTENTION
Task: {F78F1047-8A3A-49A1-B605-59574F34F7D6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3762274814-3010589716-3170184999-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {F90E831A-196F-45F1-9F59-8EB60C5B85F1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {FC431882-90C6-4794-B4FC-3DAC5D6927CF} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIndre Melynis.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-28 19:15 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-02-21 11:20 - 2016-02-21 11:20 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2012-09-30 08:40 - 2005-03-11 13:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-06-27 19:26 - 2011-06-27 19:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-29 08:52 - 2011-06-29 08:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2012-07-16 16:42 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-19 21:41 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-08 17:09 - 2015-05-08 17:09 - 00226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-05-12 11:07 - 2015-05-12 11:07 - 04333712 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-07-16 15:29 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-11-04 13:28 - 2015-11-04 13:28 - 00719632 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-12-13 01:35 - 2015-12-13 01:35 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-13 01:35 - 2015-12-13 01:35 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-21 08:55 - 2016-02-21 08:55 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022100\algo.dll
2015-12-13 01:35 - 2015-12-13 01:35 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2015-05-08 16:57 - 2015-05-08 16:57 - 00239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2015-10-28 19:15 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 00022312 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\mediautil.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 01520936 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avformat-55.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 04274984 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 00322856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avutil-52.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-12-13 01:35 - 2015-12-13 01:35 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-04 13:20 - 2015-11-04 13:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 00653608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2015-11-04 13:28 - 2015-11-04 13:28 - 00077584 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2012-07-16 15:21 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-02-10 21:28 - 2016-02-10 21:28 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b4aed9b5bac22d4e9008e99e935fe2de\IsdiInterop.ni.dll
2012-07-16 15:22 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-03-10 17:53 - 2012-03-10 17:53 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2012-03-10 17:53 - 2012-03-10 17:53 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2016-02-19 22:45 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 22:45 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Indre Melynis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48130E8E-44B7-4D8B-8EAD-01F1B7C57451}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A40A881-9E0E-4943-B872-5639EBCF061E}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{65A1D546-9220-4E10-A42E-3FCBEA4A08CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D38D8495-AB60-4A9B-8983-5964DFB5A385}] => (Allow) LPort=2869
FirewallRules: [{E039F6E9-1508-4900-9080-A72C7442CCF7}] => (Allow) LPort=1900
FirewallRules: [{1D2CD9B6-53F1-42F2-A971-AC1E19E8A909}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2074010B-F731-4FEA-9936-92C61AE0709C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{45C295C2-F9D0-4E8C-B23A-89A65CB99014}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1C6D3879-E6B1-428F-BA77-8BC7E5079BEC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{953473C2-9397-46D8-9EDA-B8943AB566BD}] => (Allow) LPort=9700
FirewallRules: [{C8DBC3D2-7CB4-4CCC-AAC5-22BD7DD18876}] => (Allow) LPort=9701
FirewallRules: [{C7016C70-9289-4455-86A3-D38626D02D94}] => (Allow) LPort=9702
FirewallRules: [{94C78CC5-0FC5-43D2-89FA-B81457710AB4}] => (Allow) LPort=9700
FirewallRules: [{92FFCD87-B9AC-4A71-A6B7-81733B44375F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{2E761979-07EA-4F02-8260-C691E35B9D3E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{86A5D722-3D1F-49C4-A2E7-E705BCCF5E2F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{3675941A-4D82-426A-8F42-054867995286}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{FB262330-7AB1-4688-8E4F-7B710CF62C14}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{F1EA3697-2E85-4F35-AC6A-5DBD5DDC1132}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{391E3A63-EF47-4591-8C3B-8C50F493ACBD}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{52F372E0-8A3F-4593-9733-EF215A026FD5}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{E76265E6-A03D-434C-B6F4-A01A0FD7388F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{241B5457-51A9-4D83-BD8C-12C79D307DC8}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{1FDADA4C-863C-497F-9E4C-0796BDAFAF1E}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{8A323F49-1637-4A63-80F1-FF2265E41EBF}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{AB90E791-36AB-4FA4-81E9-54D996857234}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{645D6106-6577-4F33-9296-F2559966939D}] => (Allow) C:\Windows\SysWOW64\dlbccoms.exe
FirewallRules: [{DF1C2E92-21CC-483B-8A67-432C56F859F5}] => (Allow) C:\Windows\SysWOW64\dlbccoms.exe
FirewallRules: [{FE513085-212E-4AB4-A113-EF4B4833F4E0}] => (Allow) C:\Windows\System32\dlbccoms.exe
FirewallRules: [{26468671-9C88-4441-B1E1-E71A0FA09BC4}] => (Allow) C:\Windows\System32\dlbccoms.exe
FirewallRules: [{DDD24AE1-75DD-4F80-A19A-8128EC351F6B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbcpswx.exe
FirewallRules: [{D1704739-5342-43CA-AF8F-0E5F6DC1CC98}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbcpswx.exe
FirewallRules: [{8584031D-192B-41F6-9715-6FB0A0CF826E}] => (Allow) LPort=4481
FirewallRules: [{86DE0825-CE28-482A-B101-7D6641238E8D}] => (Allow) LPort=4481
FirewallRules: [{71A800E0-FDC5-40C4-B962-286667B17BB7}] => (Allow) LPort=4482
FirewallRules: [{8C9B4D4E-60B7-4304-9DA4-611EF1E53EE5}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{2483C752-96EA-4FC9-BA00-F8728B3815FA}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{897BE97E-D13C-4CC9-A5CC-93E57A53CD02}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [TCP Query User{0DFF4F4C-1DB4-4CA0-A2A9-79753BFF1162}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{67C58D9A-34F3-47D8-ABCF-A3BF0766B1E4}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{45ECABE8-BB10-44EC-8D91-DED7609B3EA5}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{35C950B5-BD25-40C5-A625-0CB637A6140D}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{53BEE683-8514-44FE-99BD-5928E78C9571}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{424E1851-501A-4C24-9381-F126A9D92B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D52C5899-8BD3-4599-92B4-51C11315832B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F08B83A1-33A2-4948-8A63-2832175E78FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D0F3DD63-4624-4CFD-87C5-EF8517465FBD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9CCFAB43-5FB0-4471-A283-1337E5BB9524}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D457EF0-AF08-4631-BE69-74774236198B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65EAC391-C14D-47BD-BF5B-FB09BAADF401}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F18A966-331B-4273-A642-CE21A958C73E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCCD155B-01B8-433B-B309-0EA3C6CCE16C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{75F247C9-DCF5-4DB2-9479-73FAA73C3AC1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{E19B56E1-4973-49A5-96BD-B55E61A3B0CF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{C6F64A86-EB40-488E-BF56-5BFF1ED9618F}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{08F247D1-0E2C-40D0-9F87-DAD91ECC6B3D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{DB3FBD77-268C-4BAD-91B1-CB0E99F0D9F3}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{FACC73D4-EB96-49A9-B3DD-DD2B0388B15D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{55DDFE67-ACDB-46AE-9580-3F7754BBAE9E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1B0634FB-CE10-4E2C-B1EC-1C09B126F2F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B29FF5E0-82BE-47DC-96BE-033BFF161F6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD35828E-66AA-4570-B1CC-290AAA5C92C4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{84DAB07B-766E-4218-9ADF-3781D4692599}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{00A1DC17-A8D9-43ED-BD12-3379A91B2A17}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0140561A-14B9-4C97-9AC8-74DC00E40FE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7E0E9B4D-284D-44EE-AC9F-B082593BE905}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1114E484-302F-4BFA-B216-7B4D3B889BE5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6ED93E32-172A-4CBE-904A-3734CB4FF361}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{89E8A389-B05C-41E9-8C88-DBD54B076A5F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{74C1A8D5-E4EC-400E-95CB-FB101530B805}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F3F31F7D-90D5-45F7-92CC-FF8525C04106}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{DBE2A5D7-5193-4D93-B344-CFE34B217199}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{1DFFA027-D67E-4BA3-A44C-B6035B96E967}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{D4EF68D2-3F5A-4DCA-8E56-0A399787D445}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{A67F974B-3961-4058-A2D6-AF14B6A164F0}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B1ACFC43-40AF-4F18-9369-8CFAC944051C}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{4AB18234-C9A7-46A9-9FE5-CCAC14DF5153}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DEDFB4E9-B938-4863-87C5-ADBC7B96D664}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-01-2016 20:41:53 Windows Update
22-01-2016 22:37:40 Windows Update
26-01-2016 22:28:35 Windows Update
29-01-2016 23:33:28 Windows Update
01-02-2016 21:00:56 Garmin Express
02-02-2016 22:20:33 Windows Update
05-02-2016 23:06:55 Windows Update
09-02-2016 22:37:02 Windows Update
10-02-2016 01:15:45 Windows Update
16-02-2016 22:43:07 Windows Update
21-02-2016 10:11:45 Checkpoint by HitmanPro
21-02-2016 10:12:11 Checkpoint by HitmanPro
21-02-2016 10:39:56 JRT Pre-Junkware Removal
21-02-2016 11:28:32 Zemana AntiMalware 2/21/2016 11:28:32 AM

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2016 11:36:31 AM) (Source: HP Active Health) (EventID: 81) (User: )
Description: -- SECURITY WARNING -- Unable to serialize super secret file hashes
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at HP.ActiveHealth.Commons.Security.HashStore.Save()

Error: (02/21/2016 11:35:45 AM) (Source: HP Active Health) (EventID: 2701) (User: )
Description: Could not parse Service: System.OverflowException: Value was either too large or too small for an Int32.
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at HP.ActiveHealth.Agents.WindowsServices.WindowsServicesAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/21/2016 11:32:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2016 10:36:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2016 10:27:42 AM) (Source: HP Active Health) (EventID: 81) (User: )
Description: -- SECURITY WARNING -- Unable to serialize super secret file hashes
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at HP.ActiveHealth.Commons.Security.HashStore.Save()

Error: (02/21/2016 10:20:19 AM) (Source: HP Active Health) (EventID: 2701) (User: )
Description: Could not parse Service: System.OverflowException: Value was either too large or too small for an Int32.
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at HP.ActiveHealth.Agents.WindowsServices.WindowsServicesAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/21/2016 10:16:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/21/2016 10:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003d8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000293F260.72). hr = 0x80070005, Access is denied.
.

Error: (02/21/2016 10:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e7c,(null),0,REG_BINARY,000000000A49E090.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {255433ce-31b9-4625-b057-7eba28d7577b}

Error: (02/21/2016 10:13:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000e7c,(null),0,REG_BINARY,000000000A49E090.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {255433ce-31b9-4625-b057-7eba28d7577b}


System errors:
=============
Error: (02/21/2016 11:33:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (02/21/2016 11:33:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (02/21/2016 11:33:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (02/21/2016 11:33:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (02/21/2016 11:33:55 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (02/21/2016 11:33:55 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (02/21/2016 11:33:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (02/21/2016 11:33:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (02/21/2016 11:33:44 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (02/21/2016 11:33:09 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


CodeIntegrity:
===================================
Date: 2016-01-21 00:50:56.783
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.775
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.767
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.708
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.172
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.140
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.117
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.009
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:54.795
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:54.787
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 41%
Total physical RAM: 6022.15 MB
Available physical RAM: 3533.74 MB
Total Virtual: 12042.51 MB
Available Virtual: 9274.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:810.92 GB) NTFS
Drive e: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:373.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 8B95E4AA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 181C1835)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Thanks in advance for your kind and patient help. Note: I am not someone with a sophisticated knowledge of computers, so I apologize in advance!

Sincerely,
IndyBlue
  • 0

Advertisements


#2
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
P.S. This problem started with the new year. Never had a problem before that. As I write this, some ad is playing but I don't see it--it's just playing loudly and I don't know where it's coming from... :(
  • 0

#3
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi IndyBlue,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Please hang on for a bit while I analyze your log.


  • 0

#4
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi IndyBlue,
 

I have a two-fold problem: (1) Web pages keep automatically redirecting to ad pages, and (2) little video ads pop up on many sites I visit, and they seem to prevent me from seeing legitimate videos, tweets, and photos.

 
Thanks for describing your issue. Let's see if we can help you resolve your issue. 

 

Does the browser redirect and videos pop-up applies to all browser (IE, Firefox)? Or just a specific browser only?
 
I noticed that you have downloaded and ran a couple of tools (JRT, TDSSKiller, etc) as described on the link you posted. It is not recommended to run such tools unsupervised as it may cause more harm than good. Since you still have the log left behind by TDSSKiller, I would like to have a look located at C:\TDSSKiller.3.1.0.9_21.02.2016_09.26.15_log.txt

FRST.gifFix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {2b98df7b-09ac-11e2-98d5-7845c41ade70} - G:\TL_Bootstrap.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {bd15e7f3-aaa2-11e3-94e4-7845c41ade70} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {f288214f-38c4-11e3-94f0-806e6f6e6963} - F:\VerizonSWUpgradeAssistantLauncher.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {58F84D60-D57C-4C98-A6E9-A1E31B8C321E} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {8BA3FD7D-9F77-4C07-9E14-6BCECD676E50} - \VisualBeeRecovery -> No File <==== ATTENTION
Task: {F4FC5523-C2A2-4AEA-AB55-8106F66AD686} - \Digital Sites -> No File <==== ATTENTION
Task: {FC431882-90C6-4794-B4FC-3DAC5D6927CF} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION

Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.
 
Note: The machine will reboot automatically.

adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

In your next reply, please include the following:

  • FRST Fixlog
  • TDSSKiller log
  • AdwCleaner scan log

  • 0

#5
admin

admin

    Founder Geek

  • Administrator
  • 24,540 posts
Posting for OP as result of a server issue...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Dear JrOx--

Thank you so much for your reply! I really appreciate all your help! Apologies for not responding immediately--I tend to get home very late from work.

To answer your first question, the redirects happen in all the browsers I use (Firefox, Chrome, IE). Plus, I get those annoying videos (there's usually three playing at once) in almost every website I visit. Also, very strange: I was working in Firefox just now (my usual browser), and I followed all your instructions--after I did the Adware scan, the redirects got out of control. So much so, that I could not even respond to you. I had to go to Chrome to write this response. It's awful. There's another thing I noticed that I forgot to tell you: when I go to various websites, the computer completely slows down and often freezes for a bit--and then I just get so frustrated that I give up. The redirects don't happen when I'm in Google, Facebook, or Gmail.

Here are the three logs you requested:

FRST Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by Indre Melynis (2016-02-22 23:01:52) Run:1
Running from C:\Users\Indre Melynis\Desktop
Loaded Profiles: Indre Melynis (Available Profiles: Indre Melynis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {2b98df7b-09ac-11e2-98d5-7845c41ade70} - G:\TL_Bootstrap.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {bd15e7f3-aaa2-11e3-94e4-7845c41ade70} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\MountPoints2: {f288214f-38c4-11e3-94f0-806e6f6e6963} - F:\VerizonSWUpgradeAssistantLauncher.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {58F84D60-D57C-4C98-A6E9-A1E31B8C321E} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {8BA3FD7D-9F77-4C07-9E14-6BCECD676E50} - \VisualBeeRecovery -> No File <==== ATTENTION
Task: {F4FC5523-C2A2-4AEA-AB55-8106F66AD686} - \Digital Sites -> No File <==== ATTENTION
Task: {FC431882-90C6-4794-B4FC-3DAC5D6927CF} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION

Emptytemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b98df7b-09ac-11e2-98d5-7845c41ade70}" => key removed successfully
HKCR\CLSID\{2b98df7b-09ac-11e2-98d5-7845c41ade70} => key not found.
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd15e7f3-aaa2-11e3-94e4-7845c41ade70}" => key removed successfully
HKCR\CLSID\{bd15e7f3-aaa2-11e3-94e4-7845c41ade70} => key not found.
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f288214f-38c4-11e3-94f0-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{f288214f-38c4-11e3-94f0-806e6f6e6963} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
AvastVBoxSvc => service could not remove
VBoxAswDrv => service could not remove
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58F84D60-D57C-4C98-A6E9-A1E31B8C321E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F84D60-D57C-4C98-A6E9-A1E31B8C321E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BA3FD7D-9F77-4C07-9E14-6BCECD676E50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BA3FD7D-9F77-4C07-9E14-6BCECD676E50}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4FC5523-C2A2-4AEA-AB55-8106F66AD686}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4FC5523-C2A2-4AEA-AB55-8106F66AD686}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC431882-90C6-4794-B4FC-3DAC5D6927CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC431882-90C6-4794-B4FC-3DAC5D6927CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\FixMyPC\Start FixMyPC automatic scanning" => key removed successfully
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:03:18 ====

TDSSKiller log:

09:26:15.0829 0x17c0 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
09:26:40.0079 0x17c0 ============================================================
09:26:40.0079 0x17c0 Current date / time: 2016/02/21 09:26:40.0079
09:26:40.0079 0x17c0 SystemInfo:
09:26:40.0079 0x17c0
09:26:40.0079 0x17c0 OS Version: 6.1.7601 ServicePack: 1.0
09:26:40.0079 0x17c0 Product type: Workstation
09:26:40.0079 0x17c0 ComputerName: INDREMELYNIS-PC
09:26:40.0079 0x17c0 UserName: Indre Melynis
09:26:40.0079 0x17c0 Windows directory: C:\Windows
09:26:40.0079 0x17c0 System windows directory: C:\Windows
09:26:40.0079 0x17c0 Running under WOW64
09:26:40.0079 0x17c0 Processor architecture: Intel x64
09:26:40.0079 0x17c0 Number of processors: 4
09:26:40.0079 0x17c0 Page size: 0x1000
09:26:40.0079 0x17c0 Boot type: Normal boot
09:26:40.0079 0x17c0 ============================================================
09:26:40.0233 0x17c0 KLMD registered as C:\Windows\system32\drivers\80072476.sys
09:26:40.0562 0x17c0 System UUID: {7CB8B78B-B6FC-858E-B600-A97EED0B3B21}
09:26:41.0042 0x17c0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:26:41.0047 0x17c0 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05C00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:26:44.0478 0x17c0 ============================================================
09:26:44.0478 0x17c0 \Device\Harddisk0\DR0:
09:26:44.0478 0x17c0 MBR partitions:
09:26:44.0478 0x17c0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x279F000
09:26:44.0478 0x17c0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27B3000, BlocksNum 0x71F53000
09:26:44.0478 0x17c0 \Device\Harddisk1\DR1:
09:26:44.0480 0x17c0 MBR partitions:
09:26:44.0480 0x17c0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:26:44.0480 0x17c0 ============================================================
09:26:44.0500 0x17c0 C: <-> \Device\Harddisk0\DR0\Partition2
09:26:44.0526 0x17c0 E: <-> \Device\Harddisk1\DR1\Partition1
09:26:44.0526 0x17c0 ============================================================
09:26:44.0526 0x17c0 Initialize success
09:26:44.0527 0x17c0 ============================================================
09:27:55.0522 0x1764 ============================================================
09:27:55.0522 0x1764 Scan started
09:27:55.0522 0x1764 Mode: Manual; TDLFS;
09:27:55.0522 0x1764 ============================================================
09:27:55.0522 0x1764 KSN ping started
09:27:58.0683 0x1764 KSN ping finished: true
09:27:59.0773 0x1764 ================ Scan system memory ========================
09:27:59.0773 0x1764 System memory - ok
09:27:59.0773 0x1764 ================ Scan services =============================
09:27:59.0903 0x1764 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:27:59.0913 0x1764 1394ohci - ok
09:27:59.0944 0x1764 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:27:59.0954 0x1764 ACPI - ok
09:27:59.0964 0x1764 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:27:59.0964 0x1764 AcpiPmi - ok
09:28:00.0074 0x1764 [ 1474F121C3DF1232D3E7239C03691EE6, 26D0F55010CB7C51269D94ECB5C5AA94802607685B9E9791A78B643C6227214F ] AdobeActiveFileMonitor9.0 c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
09:28:00.0084 0x1764 AdobeActiveFileMonitor9.0 - ok
09:28:00.0184 0x1764 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:28:00.0184 0x1764 AdobeARMservice - ok
09:28:00.0314 0x1764 [ 785FD0E36CA75D90DD50042E2594BC63, 471A5ED43A3E18A5A69C28F7F351558E90F20416D9C532ADF50888808090AE89 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:28:00.0324 0x1764 AdobeFlashPlayerUpdateSvc - ok
09:28:00.0364 0x1764 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:28:00.0374 0x1764 adp94xx - ok
09:28:00.0394 0x1764 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:28:00.0404 0x1764 adpahci - ok
09:28:00.0424 0x1764 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:28:00.0424 0x1764 adpu320 - ok
09:28:00.0584 0x1764 [ 91C596BE98F65830352B466C19705533, 4FB4614839E405F127B7E9B801CF9E6166EBCBAB62506F2153CEAFB07CA6BB8D ] AdvancedSystemCareService9 C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
09:28:00.0594 0x1764 AdvancedSystemCareService9 - ok
09:28:00.0634 0x1764 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:28:00.0634 0x1764 AeLookupSvc - ok
09:28:00.0674 0x1764 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
09:28:00.0684 0x1764 AFD - ok
09:28:00.0704 0x1764 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:28:00.0714 0x1764 agp440 - ok
09:28:00.0744 0x1764 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:28:00.0744 0x1764 ALG - ok
09:28:00.0764 0x1764 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:28:00.0764 0x1764 aliide - ok
09:28:00.0794 0x1764 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:28:00.0794 0x1764 amdide - ok
09:28:00.0804 0x1764 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:28:00.0814 0x1764 AmdK8 - ok
09:28:00.0824 0x1764 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:28:00.0834 0x1764 AmdPPM - ok
09:28:00.0844 0x1764 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:28:00.0844 0x1764 amdsata - ok
09:28:00.0864 0x1764 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:28:00.0874 0x1764 amdsbs - ok
09:28:00.0874 0x1764 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:28:00.0874 0x1764 amdxata - ok
09:28:00.0914 0x1764 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
09:28:00.0924 0x1764 AppID - ok
09:28:00.0934 0x1764 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:28:00.0934 0x1764 AppIDSvc - ok
09:28:00.0974 0x1764 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
09:28:00.0984 0x1764 Appinfo - ok
09:28:01.0094 0x1764 [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:28:01.0094 0x1764 Apple Mobile Device Service - ok
09:28:01.0114 0x1764 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:28:01.0124 0x1764 arc - ok
09:28:01.0134 0x1764 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:28:01.0134 0x1764 arcsas - ok
09:28:01.0224 0x1764 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:28:01.0254 0x1764 aspnet_state - ok
09:28:01.0304 0x1764 [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
09:28:01.0304 0x1764 aswHwid - ok
09:28:01.0344 0x1764 [ 68E76C1675AC171A84F5B7230652E19D, A707A4E51110B15FF7D73C95D4D9C1E457FC9D93E1479BDB67EBDDDD6AC28D8E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:28:01.0344 0x1764 aswMonFlt - ok
09:28:01.0374 0x1764 [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
09:28:01.0374 0x1764 aswRdr - ok
09:28:01.0434 0x1764 [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
09:28:01.0444 0x1764 aswRvrt - ok
09:28:01.0494 0x1764 [ 0BCDF7DF06B4407A7EB0443AADB3DD27, 3D33FFBECFE4766FE66B1269B7B218D03D7ED9E58A9C27E8D8B84474F30DBB19 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:28:01.0534 0x1764 aswSnx - ok
09:28:01.0594 0x1764 [ 619CA9F210F0F36F8162E5B7BFDDA5CD, D0D87549BD32F575E518B510085F86D434C3B948733391A6F7959918D761F29B ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:28:01.0604 0x1764 aswSP - ok
09:28:01.0644 0x1764 [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm C:\Windows\system32\drivers\aswStm.sys
09:28:01.0654 0x1764 aswStm - ok
09:28:01.0664 0x1764 [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
09:28:01.0674 0x1764 aswVmm - ok
09:28:01.0684 0x1764 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:28:01.0684 0x1764 AsyncMac - ok
09:28:01.0714 0x1764 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:28:01.0714 0x1764 atapi - ok
09:28:01.0864 0x1764 [ 751125416D2236CF6D8A5816EB832365, E8D35C4D34E0CB7621262D99A6B31BD899B9A7DA2ACBDABC0ADA3807EC3C52CB ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:28:02.0005 0x1764 athr - ok
09:28:02.0095 0x1764 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:28:02.0105 0x1764 AudioEndpointBuilder - ok
09:28:02.0125 0x1764 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:28:02.0145 0x1764 AudioSrv - ok
09:28:02.0255 0x1764 [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:28:02.0285 0x1764 avast! Antivirus - ok
09:28:02.0305 0x1764 AvastVBoxSvc - ok
09:28:02.0335 0x1764 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:28:02.0335 0x1764 AxInstSV - ok
09:28:02.0385 0x1764 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:28:02.0395 0x1764 b06bdrv - ok
09:28:02.0435 0x1764 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:28:02.0435 0x1764 b57nd60a - ok
09:28:02.0455 0x1764 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:28:02.0455 0x1764 BDESVC - ok
09:28:02.0455 0x1764 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:28:02.0465 0x1764 Beep - ok
09:28:02.0505 0x1764 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:28:02.0525 0x1764 BFE - ok
09:28:02.0575 0x1764 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:28:02.0615 0x1764 BITS - ok
09:28:02.0755 0x1764 [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
09:28:02.0765 0x1764 Blackberry Device Manager - ok
09:28:02.0785 0x1764 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:28:02.0785 0x1764 blbdrive - ok
09:28:02.0845 0x1764 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:28:02.0855 0x1764 Bonjour Service - ok
09:28:02.0875 0x1764 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:28:02.0885 0x1764 bowser - ok
09:28:02.0895 0x1764 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:28:02.0905 0x1764 BrFiltLo - ok
09:28:02.0915 0x1764 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:28:02.0915 0x1764 BrFiltUp - ok
09:28:02.0945 0x1764 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:28:02.0945 0x1764 Browser - ok
09:28:02.0965 0x1764 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:28:02.0975 0x1764 Brserid - ok
09:28:02.0995 0x1764 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:28:02.0995 0x1764 BrSerWdm - ok
09:28:03.0005 0x1764 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:28:03.0015 0x1764 BrUsbMdm - ok
09:28:03.0025 0x1764 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:28:03.0025 0x1764 BrUsbSer - ok
09:28:03.0035 0x1764 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:28:03.0045 0x1764 BTHMODEM - ok
09:28:03.0065 0x1764 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:28:03.0075 0x1764 bthserv - ok
09:28:03.0085 0x1764 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:28:03.0095 0x1764 cdfs - ok
09:28:03.0115 0x1764 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:28:03.0125 0x1764 cdrom - ok
09:28:03.0135 0x1764 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:28:03.0135 0x1764 CertPropSvc - ok
09:28:03.0155 0x1764 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:28:03.0155 0x1764 circlass - ok
09:28:03.0205 0x1764 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
09:28:03.0215 0x1764 CLFS - ok
09:28:03.0405 0x1764 [ 39A1A170E8491EDC0F904FCAEB1AF4E9, 46D695A45500678D3D9B91BA73EE072DAAE517A2DF62051D17A30EFAABF529CF ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
09:28:03.0485 0x1764 ClickToRunSvc - ok
09:28:03.0565 0x1764 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:28:03.0575 0x1764 clr_optimization_v2.0.50727_32 - ok
09:28:03.0625 0x1764 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:28:03.0625 0x1764 clr_optimization_v2.0.50727_64 - ok
09:28:03.0665 0x1764 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:28:03.0705 0x1764 clr_optimization_v4.0.30319_32 - ok
09:28:03.0725 0x1764 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:28:03.0725 0x1764 clr_optimization_v4.0.30319_64 - ok
09:28:03.0755 0x1764 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:28:03.0765 0x1764 CmBatt - ok
09:28:03.0785 0x1764 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:28:03.0785 0x1764 cmdide - ok
09:28:03.0845 0x1764 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
09:28:03.0855 0x1764 CNG - ok
09:28:03.0925 0x1764 [ 1635CED9C1FB6182B11BD62AA4F744B6, E781DADC786E07731F15DA2C6701B1426CAFC45F28FFEB7CD4BB546E4CDE1869 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:28:03.0976 0x1764 CnxtHdAudService - ok
09:28:04.0026 0x1764 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:28:04.0026 0x1764 Compbatt - ok
09:28:04.0056 0x1764 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:28:04.0056 0x1764 CompositeBus - ok
09:28:04.0056 0x1764 COMSysApp - ok
09:28:04.0126 0x1764 [ 79D9B8D55C088D909B1A0F46797F852E, 0D233A40BF2459ADF32FF6A4D4E1706B9BE02E9EB38B8A712C7E762F10110B31 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:28:04.0136 0x1764 cphs - ok
09:28:04.0146 0x1764 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:28:04.0156 0x1764 crcdisk - ok
09:28:04.0196 0x1764 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:28:04.0196 0x1764 CryptSvc - ok
09:28:04.0266 0x1764 [ 3CA2D9D44B0D060E34517208AE458CA1, 4725FDED592D60FECF9E52282ADA0B694BD763C186A2FA98ADB170CD55799A2B ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
09:28:04.0266 0x1764 ctxusbm - ok
09:28:04.0296 0x1764 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:28:04.0306 0x1764 DcomLaunch - ok
09:28:04.0336 0x1764 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:28:04.0346 0x1764 defragsvc - ok
09:28:04.0356 0x1764 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:28:04.0366 0x1764 DfsC - ok
09:28:04.0406 0x1764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:28:04.0416 0x1764 Dhcp - ok
09:28:04.0606 0x1764 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
09:28:04.0646 0x1764 DiagTrack - ok
09:28:04.0696 0x1764 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:28:04.0696 0x1764 discache - ok
09:28:04.0716 0x1764 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
09:28:04.0716 0x1764 Disk - ok
09:28:04.0746 0x1764 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:28:04.0756 0x1764 Dnscache - ok
09:28:04.0766 0x1764 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:28:04.0776 0x1764 dot3svc - ok
09:28:04.0796 0x1764 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:28:04.0806 0x1764 DPS - ok
09:28:04.0846 0x1764 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:28:04.0846 0x1764 drmkaud - ok
09:28:04.0916 0x1764 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:28:04.0936 0x1764 DXGKrnl - ok
09:28:04.0966 0x1764 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:28:04.0966 0x1764 EapHost - ok
09:28:05.0066 0x1764 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:28:05.0176 0x1764 ebdrv - ok
09:28:05.0226 0x1764 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] EFS C:\Windows\System32\lsass.exe
09:28:05.0236 0x1764 EFS - ok
09:28:05.0286 0x1764 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:28:05.0306 0x1764 ehRecvr - ok
09:28:05.0326 0x1764 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:28:05.0326 0x1764 ehSched - ok
09:28:05.0366 0x1764 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:28:05.0376 0x1764 elxstor - ok
09:28:05.0406 0x1764 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:28:05.0416 0x1764 ErrDev - ok
09:28:05.0436 0x1764 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:28:05.0446 0x1764 EventSystem - ok
09:28:05.0476 0x1764 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:28:05.0476 0x1764 exfat - ok
09:28:05.0496 0x1764 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:28:05.0506 0x1764 fastfat - ok
09:28:05.0546 0x1764 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:28:05.0556 0x1764 Fax - ok
09:28:05.0596 0x1764 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:28:05.0596 0x1764 fdc - ok
09:28:05.0616 0x1764 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:28:05.0616 0x1764 fdPHost - ok
09:28:05.0626 0x1764 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:28:05.0636 0x1764 FDResPub - ok
09:28:05.0646 0x1764 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:28:05.0646 0x1764 FileInfo - ok
09:28:05.0666 0x1764 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:28:05.0666 0x1764 Filetrace - ok
09:28:05.0686 0x1764 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:28:05.0686 0x1764 flpydisk - ok
09:28:05.0706 0x1764 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:28:05.0706 0x1764 FltMgr - ok
09:28:05.0786 0x1764 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
09:28:05.0846 0x1764 FontCache - ok
09:28:05.0896 0x1764 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:28:05.0896 0x1764 FontCache3.0.0.0 - ok
09:28:05.0906 0x1764 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:28:05.0916 0x1764 FsDepends - ok
09:28:05.0957 0x1764 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:28:05.0967 0x1764 Fs_Rec - ok
09:28:06.0037 0x1764 [ CBCFA78F0C95E3DE0813BD7A65B533AC, E019EE6A4D2E7D4D3975B109A72C3AD28035C55F8079799E2A51D9F421569829 ] ftnlsv3hv C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
09:28:06.0037 0x1764 ftnlsv3hv - ok
09:28:06.0197 0x1764 [ AD97C6CDB99AADD35650EC5993949C0A, 46427295A19DF38ABDFD08FA718F0DFBCDA2AC70FD213472609B4A8B24F0DCC6 ] ftscanmgr C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
09:28:06.0357 0x1764 ftscanmgr - ok
09:28:06.0417 0x1764 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:28:06.0427 0x1764 fvevol - ok
09:28:06.0437 0x1764 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:28:06.0437 0x1764 gagp30kx - ok
09:28:06.0487 0x1764 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:28:06.0497 0x1764 GamesAppService - ok
09:28:06.0607 0x1764 [ 8C0A6229A1256930DEF4D79B2C0BA25C, 2C4EA836494F148E7C83FC81593305E986C8E2D801A35903CF603FC86D925DCE ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
09:28:06.0617 0x1764 Garmin Device Interaction Service - ok
09:28:06.0677 0x1764 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:28:06.0677 0x1764 GEARAspiWDM - ok
09:28:06.0717 0x1764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:28:06.0737 0x1764 gpsvc - ok
09:28:06.0777 0x1764 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
09:28:06.0777 0x1764 grmnusb - ok
09:28:06.0827 0x1764 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:28:06.0827 0x1764 gupdate - ok
09:28:06.0837 0x1764 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:28:06.0837 0x1764 gupdatem - ok
09:28:06.0887 0x1764 [ D3EB11875E0681E657C76740695525F6, D3DF84BB9773870AF6D2B86F019D06B413EA547060284CC5AF7C3E1668D1F1DE ] hcmon C:\Windows\system32\drivers\hcmon.sys
09:28:06.0887 0x1764 hcmon - ok
09:28:06.0897 0x1764 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:28:06.0907 0x1764 hcw85cir - ok
09:28:06.0917 0x1764 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:28:06.0917 0x1764 HDAudBus - ok
09:28:06.0937 0x1764 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:28:06.0937 0x1764 HidBatt - ok
09:28:06.0947 0x1764 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:28:06.0957 0x1764 HidBth - ok
09:28:06.0967 0x1764 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:28:06.0967 0x1764 HidIr - ok
09:28:06.0987 0x1764 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:28:06.0987 0x1764 hidserv - ok
09:28:07.0017 0x1764 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:28:07.0017 0x1764 HidUsb - ok
09:28:07.0027 0x1764 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:28:07.0037 0x1764 hkmsvc - ok
09:28:07.0047 0x1764 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:28:07.0057 0x1764 HomeGroupListener - ok
09:28:07.0077 0x1764 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:28:07.0087 0x1764 HomeGroupProvider - ok
09:28:07.0097 0x1764 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:28:07.0107 0x1764 HpSAMD - ok
09:28:07.0157 0x1764 [ CB5A8B34FA37AE53053F2D3DF05AC1E6, 2C7357079A66AE609F49900181B013E735B4A01C45DA316CD1E8698F93DE6EA8 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
09:28:07.0157 0x1764 HPSupportSolutionsFrameworkService - ok
09:28:07.0217 0x1764 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:28:07.0237 0x1764 HTTP - ok
09:28:07.0307 0x1764 [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32 C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
09:28:07.0307 0x1764 HWiNFO32 - ok
09:28:07.0317 0x1764 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:28:07.0317 0x1764 hwpolicy - ok
09:28:07.0337 0x1764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:28:07.0347 0x1764 i8042prt - ok
09:28:07.0377 0x1764 [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys
09:28:07.0387 0x1764 iaStor - ok
09:28:07.0467 0x1764 [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:28:07.0467 0x1764 IAStorDataMgrSvc - ok
09:28:07.0497 0x1764 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:28:07.0507 0x1764 iaStorV - ok
09:28:07.0567 0x1764 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:28:07.0587 0x1764 idsvc - ok
09:28:07.0607 0x1764 IEEtwCollectorService - ok
09:28:07.0777 0x1764 [ 536B77DB736D848C41616E861940807B, B1C46BB55AC7EDC0CFE1179A9FCC21FD199CB4BD6A786C58965A1CE9C43BCF51 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:28:07.0968 0x1764 igfx - ok
09:28:07.0998 0x1764 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:28:07.0998 0x1764 iirsp - ok
09:28:08.0058 0x1764 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:28:08.0068 0x1764 IKEEXT - ok
09:28:08.0118 0x1764 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:28:08.0128 0x1764 IntcDAud - ok
09:28:08.0168 0x1764 [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
09:28:08.0178 0x1764 Intel® Capability Licensing Service Interface - ok
09:28:08.0208 0x1764 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:28:08.0208 0x1764 intelide - ok
09:28:08.0228 0x1764 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:28:08.0228 0x1764 intelppm - ok
09:28:08.0248 0x1764 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:28:08.0258 0x1764 IPBusEnum - ok
09:28:08.0268 0x1764 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:28:08.0268 0x1764 IpFilterDriver - ok
09:28:08.0318 0x1764 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:28:08.0338 0x1764 iphlpsvc - ok
09:28:08.0348 0x1764 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:28:08.0348 0x1764 IPMIDRV - ok
09:28:08.0358 0x1764 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:28:08.0358 0x1764 IPNAT - ok
09:28:08.0428 0x1764 [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:28:08.0448 0x1764 iPod Service - ok
09:28:08.0448 0x1764 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:28:08.0458 0x1764 IRENUM - ok
09:28:08.0468 0x1764 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:28:08.0468 0x1764 isapnp - ok
09:28:08.0508 0x1764 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:28:08.0518 0x1764 iScsiPrt - ok
09:28:08.0538 0x1764 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:28:08.0538 0x1764 iusb3hcs - ok
09:28:08.0558 0x1764 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
09:28:08.0568 0x1764 iusb3hub - ok
09:28:08.0598 0x1764 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:28:08.0618 0x1764 iusb3xhc - ok
09:28:08.0638 0x1764 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:28:08.0638 0x1764 kbdclass - ok
09:28:08.0658 0x1764 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:28:08.0668 0x1764 kbdhid - ok
09:28:08.0678 0x1764 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] KeyIso C:\Windows\system32\lsass.exe
09:28:08.0678 0x1764 KeyIso - ok
09:28:08.0738 0x1764 [ 7BDDD24C5A148534D3737DBFA96B3E69, 06130316A21B1D67B5885AB7030603097EC96F7104F3766D67793ECFC1143158 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:28:08.0738 0x1764 KSecDD - ok
09:28:08.0778 0x1764 [ BA500732D160C61E889E8180EE53C86F, 2E9B9FEF4E2F86DBF6778AD0A581CE2F1CA0AC777440BA05AB36B031CE1E8781 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:28:08.0788 0x1764 KSecPkg - ok
09:28:08.0798 0x1764 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:28:08.0798 0x1764 ksthunk - ok
09:28:08.0828 0x1764 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:28:08.0838 0x1764 KtmRm - ok
09:28:08.0858 0x1764 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:28:08.0868 0x1764 LanmanServer - ok
09:28:08.0898 0x1764 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:28:08.0898 0x1764 LanmanWorkstation - ok
09:28:09.0078 0x1764 [ 2D2DE301547146A79F6412075A66D731, 3F9F6F3D150C607DBDC16E6053E1DCF6D26E0141987DD6E4D826FA2A259113C2 ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
09:28:09.0138 0x1764 LiveUpdateSvc - ok
09:28:09.0178 0x1764 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:28:09.0178 0x1764 lltdio - ok
09:28:09.0198 0x1764 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:28:09.0208 0x1764 lltdsvc - ok
09:28:09.0228 0x1764 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:28:09.0228 0x1764 lmhosts - ok
09:28:09.0288 0x1764 [ 8D82CBBF5A8532D9A21A64BBCB774EE7, 30D6477EA4B47D50F05E3435A68113B3676CA24EF51CC2693353C2224D28D2BB ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:28:09.0288 0x1764 LMS - ok
09:28:09.0315 0x1764 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:28:09.0319 0x1764 LSI_FC - ok
09:28:09.0330 0x1764 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:28:09.0330 0x1764 LSI_SAS - ok
09:28:09.0340 0x1764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:28:09.0350 0x1764 LSI_SAS2 - ok
09:28:09.0360 0x1764 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:28:09.0370 0x1764 LSI_SCSI - ok
09:28:09.0380 0x1764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:28:09.0390 0x1764 luafv - ok
09:28:09.0440 0x1764 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:28:09.0440 0x1764 MBAMProtector - ok
09:28:09.0510 0x1764 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
09:28:09.0550 0x1764 MBAMService - ok
09:28:09.0590 0x1764 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:28:09.0600 0x1764 MBAMWebAccessControl - ok
09:28:09.0620 0x1764 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:28:09.0620 0x1764 Mcx2Svc - ok
09:28:09.0630 0x1764 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:28:09.0640 0x1764 megasas - ok
09:28:09.0680 0x1764 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:28:09.0690 0x1764 MegaSR - ok
09:28:09.0760 0x1764 [ F59C2E19189BEB21A57CB2CE32AE1618, 881E221B3FF4C65F89B215840CB16DE5A42BE2ED992344CC2C90FE7850CAE430 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
09:28:09.0760 0x1764 MEIx64 - ok
09:28:09.0780 0x1764 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:28:09.0780 0x1764 MMCSS - ok
09:28:09.0790 0x1764 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:28:09.0800 0x1764 Modem - ok
09:28:09.0810 0x1764 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:28:09.0810 0x1764 monitor - ok
09:28:09.0820 0x1764 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:28:09.0820 0x1764 mouclass - ok
09:28:09.0830 0x1764 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:28:09.0830 0x1764 mouhid - ok
09:28:09.0870 0x1764 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:28:09.0870 0x1764 mountmgr - ok
09:28:09.0900 0x1764 [ 5961C5D8EDD2E2A3B99F1782AE1AC21F, C383A4724A335737C4C7C3211AFCFB82D373267EC634BC47EE078A1C66E1F62A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:28:09.0910 0x1764 MozillaMaintenance - ok
09:28:09.0930 0x1764 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:28:09.0930 0x1764 mpio - ok
09:28:09.0960 0x1764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:28:09.0961 0x1764 mpsdrv - ok
09:28:10.0011 0x1764 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:28:10.0031 0x1764 MpsSvc - ok
09:28:10.0071 0x1764 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:28:10.0081 0x1764 MRxDAV - ok
09:28:10.0121 0x1764 [ 355DF71D1DD1999E8AEDF986534B233C, 4F5B07A3E9F4C5EE259A72353835364BFEAEC792090C178C4EF91B517B1C49D0 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:28:10.0131 0x1764 mrxsmb - ok
09:28:10.0141 0x1764 [ A16FC9323A85CAEA5804D04646A91CF9, ABC9F1BE4B871EBB5FDED9FC248DABEC4004EBCCF53E6C4D1E54AF69653B00E0 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:28:10.0141 0x1764 mrxsmb10 - ok
09:28:10.0161 0x1764 [ 2539BE615440BA1EA4CF84A66B6C0AF9, 3369DE38EE49E5507A73036CDF3982AEF2331D61C7EC4F159004EAD14309A933 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:28:10.0161 0x1764 mrxsmb20 - ok
09:28:10.0201 0x1764 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:28:10.0211 0x1764 msahci - ok
09:28:10.0231 0x1764 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:28:10.0231 0x1764 msdsm - ok
09:28:10.0241 0x1764 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:28:10.0251 0x1764 MSDTC - ok
09:28:10.0261 0x1764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:28:10.0271 0x1764 Msfs - ok
09:28:10.0281 0x1764 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:28:10.0281 0x1764 mshidkmdf - ok
09:28:10.0301 0x1764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:28:10.0301 0x1764 msisadrv - ok
09:28:10.0321 0x1764 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:28:10.0321 0x1764 MSiSCSI - ok
09:28:10.0331 0x1764 msiserver - ok
09:28:10.0341 0x1764 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:28:10.0351 0x1764 MSKSSRV - ok
09:28:10.0371 0x1764 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:28:10.0381 0x1764 MSPCLOCK - ok
09:28:10.0391 0x1764 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:28:10.0391 0x1764 MSPQM - ok
09:28:10.0411 0x1764 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:28:10.0421 0x1764 MsRPC - ok
09:28:10.0431 0x1764 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:28:10.0441 0x1764 mssmbios - ok
09:28:10.0451 0x1764 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:28:10.0451 0x1764 MSTEE - ok
09:28:10.0461 0x1764 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:28:10.0461 0x1764 MTConfig - ok
09:28:10.0481 0x1764 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:28:10.0481 0x1764 Mup - ok
09:28:10.0511 0x1764 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:28:10.0521 0x1764 napagent - ok
09:28:10.0561 0x1764 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:28:10.0571 0x1764 NativeWifiP - ok
09:28:10.0661 0x1764 [ 4DF6F43F761A600208F90A55D05F9B7E, AC93B4497FB428F7EC42DCF5956A2A61B951394E555BF6C89E55943E0B681586 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
09:28:10.0671 0x1764 NAUpdate - ok
09:28:10.0731 0x1764 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:28:10.0751 0x1764 NDIS - ok
09:28:10.0771 0x1764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:28:10.0771 0x1764 NdisCap - ok
09:28:10.0791 0x1764 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:28:10.0791 0x1764 NdisTapi - ok
09:28:10.0801 0x1764 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:28:10.0801 0x1764 Ndisuio - ok
09:28:10.0821 0x1764 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:28:10.0821 0x1764 NdisWan - ok
09:28:10.0831 0x1764 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:28:10.0831 0x1764 NDProxy - ok
09:28:10.0851 0x1764 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:28:10.0851 0x1764 NetBIOS - ok
09:28:10.0871 0x1764 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:28:10.0871 0x1764 NetBT - ok
09:28:10.0902 0x1764 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] Netlogon C:\Windows\system32\lsass.exe
09:28:10.0904 0x1764 Netlogon - ok
09:28:10.0934 0x1764 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:28:10.0944 0x1764 Netman - ok
09:28:10.0984 0x1764 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:10.0984 0x1764 NetMsmqActivator - ok
09:28:10.0994 0x1764 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:10.0994 0x1764 NetPipeActivator - ok
09:28:11.0024 0x1764 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:28:11.0034 0x1764 netprofm - ok
09:28:11.0034 0x1764 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:11.0044 0x1764 NetTcpActivator - ok
09:28:11.0044 0x1764 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:28:11.0054 0x1764 NetTcpPortSharing - ok
09:28:11.0074 0x1764 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:28:11.0074 0x1764 nfrd960 - ok
09:28:11.0124 0x1764 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:28:11.0134 0x1764 NlaSvc - ok
09:28:11.0304 0x1764 [ F389A22EE9077C8B6F27E01D8B5CDA1B, 9955234219AB8DEE536A06C058E67CEC45607551E8D8EE95B57FB5761457B595 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
09:28:11.0384 0x1764 NOBU - ok
09:28:11.0414 0x1764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:28:11.0414 0x1764 Npfs - ok
09:28:11.0424 0x1764 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:28:11.0424 0x1764 nsi - ok
09:28:11.0434 0x1764 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:28:11.0444 0x1764 nsiproxy - ok
09:28:11.0524 0x1764 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:28:11.0574 0x1764 Ntfs - ok
09:28:11.0584 0x1764 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:28:11.0584 0x1764 Null - ok
09:28:11.0604 0x1764 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:28:11.0604 0x1764 nvraid - ok
09:28:11.0614 0x1764 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:28:11.0624 0x1764 nvstor - ok
09:28:11.0634 0x1764 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:28:11.0644 0x1764 nv_agp - ok
09:28:11.0654 0x1764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:28:11.0664 0x1764 ohci1394 - ok
09:28:11.0714 0x1764 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:28:11.0724 0x1764 ose - ok
09:28:11.0934 0x1764 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:28:12.0085 0x1764 osppsvc - ok
09:28:12.0115 0x1764 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:28:12.0125 0x1764 p2pimsvc - ok
09:28:12.0145 0x1764 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:28:12.0165 0x1764 p2psvc - ok
09:28:12.0175 0x1764 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
09:28:12.0185 0x1764 Parport - ok
09:28:12.0205 0x1764 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:28:12.0205 0x1764 partmgr - ok
09:28:12.0245 0x1764 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:28:12.0255 0x1764 PcaSvc - ok
09:28:12.0275 0x1764 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:28:12.0285 0x1764 pci - ok
09:28:12.0305 0x1764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:28:12.0305 0x1764 pciide - ok
09:28:12.0315 0x1764 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:28:12.0325 0x1764 pcmcia - ok
09:28:12.0345 0x1764 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:28:12.0345 0x1764 pcw - ok
09:28:12.0395 0x1764 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:28:12.0405 0x1764 PEAUTH - ok
09:28:12.0455 0x1764 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:28:12.0465 0x1764 PerfHost - ok
09:28:12.0515 0x1764 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:28:12.0555 0x1764 pla - ok
09:28:12.0595 0x1764 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:28:12.0605 0x1764 PlugPlay - ok
09:28:12.0615 0x1764 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:28:12.0625 0x1764 PNRPAutoReg - ok
09:28:12.0635 0x1764 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:28:12.0645 0x1764 PNRPsvc - ok
09:28:12.0675 0x1764 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:28:12.0685 0x1764 PolicyAgent - ok
09:28:12.0705 0x1764 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
09:28:12.0715 0x1764 Power - ok
09:28:12.0735 0x1764 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:28:12.0735 0x1764 PptpMiniport - ok
09:28:12.0755 0x1764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:28:12.0755 0x1764 Processor - ok
09:28:12.0805 0x1764 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
09:28:12.0815 0x1764 ProfSvc - ok
09:28:12.0825 0x1764 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] ProtectedStorage C:\Windows\system32\lsass.exe
09:28:12.0825 0x1764 ProtectedStorage - ok
09:28:12.0835 0x1764 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:28:12.0835 0x1764 Psched - ok
09:28:12.0855 0x1764 [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:28:12.0865 0x1764 PxHlpa64 - ok
09:28:12.0915 0x1764 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:28:12.0955 0x1764 ql2300 - ok
09:28:12.0965 0x1764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:28:12.0975 0x1764 ql40xx - ok
09:28:12.0995 0x1764 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:28:13.0005 0x1764 QWAVE - ok
09:28:13.0015 0x1764 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:28:13.0015 0x1764 QWAVEdrv - ok
09:28:13.0025 0x1764 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:28:13.0035 0x1764 RasAcd - ok
09:28:13.0055 0x1764 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:28:13.0065 0x1764 RasAgileVpn - ok
09:28:13.0075 0x1764 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:28:13.0085 0x1764 RasAuto - ok
09:28:13.0095 0x1764 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:28:13.0105 0x1764 Rasl2tp - ok
09:28:13.0125 0x1764 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:28:13.0135 0x1764 RasMan - ok
09:28:13.0145 0x1764 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:28:13.0155 0x1764 RasPppoe - ok
09:28:13.0165 0x1764 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:28:13.0165 0x1764 RasSstp - ok
09:28:13.0185 0x1764 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:28:13.0195 0x1764 rdbss - ok
09:28:13.0215 0x1764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:28:13.0215 0x1764 rdpbus - ok
09:28:13.0255 0x1764 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:28:13.0255 0x1764 RDPCDD - ok
09:28:13.0255 0x1764 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:28:13.0255 0x1764 RDPENCDD - ok
09:28:13.0265 0x1764 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:28:13.0265 0x1764 RDPREFMP - ok
09:28:13.0305 0x1764 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:28:13.0305 0x1764 RDPWD - ok
09:28:13.0325 0x1764 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:28:13.0325 0x1764 rdyboost - ok
09:28:13.0425 0x1764 [ 3394FAEF5FE401B076FD5DEC295C7919, 7674E6A36ADE653195BD240D7613C5E711940DF65A947ABA4D2546AF410A07C7 ] RealPlayerUpdateSvc C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
09:28:13.0435 0x1764 RealPlayerUpdateSvc - ok
09:28:13.0765 0x1764 [ 435685429F72AC4D43BF3A2658F13104, DBED552FE555C0E0BFDE046BDE5ED87C194CD84EBBF69A95C5B0E706941946E8 ] RealTimes Desktop Service C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
09:28:13.0795 0x1764 RealTimes Desktop Service - ok
09:28:13.0825 0x1764 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:28:13.0825 0x1764 RemoteAccess - ok
09:28:13.0855 0x1764 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:28:13.0855 0x1764 RemoteRegistry - ok
09:28:13.0905 0x1764 [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:28:13.0905 0x1764 RimUsb - ok
09:28:13.0945 0x1764 [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:28:13.0945 0x1764 RimVSerPort - ok
09:28:13.0976 0x1764 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:28:13.0986 0x1764 ROOTMODEM - ok
09:28:14.0016 0x1764 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:28:14.0026 0x1764 RpcEptMapper - ok
09:28:14.0046 0x1764 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:28:14.0046 0x1764 RpcLocator - ok
09:28:14.0066 0x1764 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:28:14.0086 0x1764 RpcSs - ok
09:28:14.0096 0x1764 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:28:14.0096 0x1764 rspndr - ok
09:28:14.0146 0x1764 [ 9AAB5A7AE8EDBDFC41390272DD08A054, AE2407C1150CD220310B2F4685557F315EEF5417DB1FB1132A94106FFDD5C6EE ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:28:14.0176 0x1764 RTL8167 - ok
09:28:14.0236 0x1764 [ 4B6C6EE55BA4C517B4DB6C287972018A, 13DCBC2FD7329B59899E0FD8B7B7A6CDD038905409CA6DF72D70123699FF9BAE ] RTSUER C:\Windows\system32\Drivers\RtsUer.sys
09:28:14.0246 0x1764 RTSUER - ok
09:28:14.0256 0x1764 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] SamSs C:\Windows\system32\lsass.exe
09:28:14.0256 0x1764 SamSs - ok
09:28:14.0276 0x1764 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:28:14.0276 0x1764 sbp2port - ok
09:28:14.0296 0x1764 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:28:14.0306 0x1764 SCardSvr - ok
09:28:14.0316 0x1764 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:28:14.0316 0x1764 scfilter - ok
09:28:14.0406 0x1764 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
09:28:14.0446 0x1764 Schedule - ok
09:28:14.0486 0x1764 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:28:14.0486 0x1764 SCPolicySvc - ok
09:28:14.0496 0x1764 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:28:14.0506 0x1764 SDRSVC - ok
09:28:14.0516 0x1764 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:28:14.0516 0x1764 secdrv - ok
09:28:14.0536 0x1764 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:28:14.0536 0x1764 seclogon - ok
09:28:14.0546 0x1764 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:28:14.0556 0x1764 SENS - ok
09:28:14.0566 0x1764 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:28:14.0566 0x1764 SensrSvc - ok
09:28:14.0596 0x1764 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:28:14.0596 0x1764 Serenum - ok
09:28:14.0626 0x1764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
09:28:14.0626 0x1764 Serial - ok
09:28:14.0636 0x1764 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:28:14.0646 0x1764 sermouse - ok
09:28:14.0666 0x1764 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:28:14.0676 0x1764 SessionEnv - ok
09:28:14.0696 0x1764 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:28:14.0696 0x1764 sffdisk - ok
09:28:14.0706 0x1764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:28:14.0706 0x1764 sffp_mmc - ok
09:28:14.0716 0x1764 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:28:14.0726 0x1764 sffp_sd - ok
09:28:14.0736 0x1764 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:28:14.0736 0x1764 sfloppy - ok
09:28:14.0816 0x1764 [ 4215C271D6E6898C3F4DABAB4F387DC9, 10D845466AC239E18A381FA3BCF1DA1CDCF7CC4363D3A6B4695D6562B3EF7541 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
09:28:14.0876 0x1764 SftService - ok
09:28:14.0916 0x1764 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:28:14.0926 0x1764 SharedAccess - ok
09:28:14.0946 0x1764 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:28:14.0956 0x1764 ShellHWDetection - ok
09:28:14.0976 0x1764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:28:14.0976 0x1764 SiSRaid2 - ok
09:28:14.0996 0x1764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:28:14.0996 0x1764 SiSRaid4 - ok
09:28:15.0046 0x1764 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:28:15.0056 0x1764 SkypeUpdate - ok
09:28:15.0066 0x1764 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:28:15.0076 0x1764 Smb - ok
09:28:15.0096 0x1764 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:28:15.0106 0x1764 SNMPTRAP - ok
09:28:15.0116 0x1764 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:28:15.0116 0x1764 spldr - ok
09:28:15.0146 0x1764 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:28:15.0166 0x1764 Spooler - ok
09:28:15.0296 0x1764 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:28:15.0406 0x1764 sppsvc - ok
09:28:15.0416 0x1764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:28:15.0426 0x1764 sppuinotify - ok
09:28:15.0456 0x1764 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:28:15.0466 0x1764 srv - ok
09:28:15.0486 0x1764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:28:15.0496 0x1764 srv2 - ok
09:28:15.0506 0x1764 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:28:15.0516 0x1764 srvnet - ok
09:28:15.0536 0x1764 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:28:15.0546 0x1764 SSDPSRV - ok
09:28:15.0556 0x1764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:28:15.0556 0x1764 SstpSvc - ok
09:28:15.0576 0x1764 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:28:15.0576 0x1764 stexstor - ok
09:28:15.0606 0x1764 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:28:15.0616 0x1764 stisvc - ok
09:28:15.0646 0x1764 [ 6F715D00024CB60C2B60278425AD6EC2, 563F52BEE08ABF45E605A026BDDC6D453DC96E3B99F3FC78AC8BF57AE86A9A0C ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
09:28:15.0646 0x1764 SWDUMon - ok
09:28:15.0656 0x1764 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:28:15.0656 0x1764 swenum - ok
09:28:15.0686 0x1764 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:28:15.0696 0x1764 swprv - ok
09:28:15.0786 0x1764 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
09:28:15.0846 0x1764 SysMain - ok
09:28:15.0876 0x1764 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:28:15.0876 0x1764 TabletInputService - ok
09:28:15.0896 0x1764 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:28:15.0906 0x1764 TapiSrv - ok
09:28:15.0916 0x1764 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:28:15.0926 0x1764 TBS - ok
09:28:16.0017 0x1764 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:28:16.0097 0x1764 Tcpip - ok
09:28:16.0167 0x1764 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:28:16.0197 0x1764 TCPIP6 - ok
09:28:16.0247 0x1764 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:28:16.0247 0x1764 tcpipreg - ok
09:28:16.0267 0x1764 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:28:16.0267 0x1764 TDPIPE - ok
09:28:16.0287 0x1764 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:28:16.0287 0x1764 TDTCP - ok
09:28:16.0337 0x1764 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:28:16.0347 0x1764 tdx - ok
09:28:16.0359 0x1764 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:28:16.0362 0x1764 TermDD - ok
09:28:16.0421 0x1764 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
09:28:16.0441 0x1764 TermService - ok
09:28:16.0451 0x1764 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:28:16.0461 0x1764 Themes - ok
09:28:16.0471 0x1764 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:28:16.0481 0x1764 THREADORDER - ok
09:28:16.0491 0x1764 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:28:16.0501 0x1764 TrkWks - ok
09:28:16.0531 0x1764 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:28:16.0541 0x1764 TrustedInstaller - ok
09:28:16.0581 0x1764 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:28:16.0581 0x1764 tssecsrv - ok
09:28:16.0601 0x1764 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:28:16.0601 0x1764 TsUsbFlt - ok
09:28:16.0611 0x1764 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:28:16.0611 0x1764 TsUsbGD - ok
09:28:16.0641 0x1764 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:28:16.0651 0x1764 tunnel - ok
09:28:16.0661 0x1764 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:28:16.0661 0x1764 uagp35 - ok
09:28:16.0681 0x1764 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:28:16.0691 0x1764 udfs - ok
09:28:16.0711 0x1764 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:28:16.0721 0x1764 UI0Detect - ok
09:28:16.0731 0x1764 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:28:16.0731 0x1764 uliagpkx - ok
09:28:16.0751 0x1764 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:28:16.0761 0x1764 umbus - ok
09:28:16.0771 0x1764 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
09:28:16.0781 0x1764 UmPass - ok
09:28:16.0841 0x1764 [ 875A3B86D821151C84A4DFD40309C72D, FB251A3180F829B086C007807B68D7918276FEDB33618BB22C28A3DCEAFB751E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:28:16.0851 0x1764 UNS - ok
09:28:16.0881 0x1764 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:28:16.0891 0x1764 upnphost - ok
09:28:16.0941 0x1764 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:28:16.0941 0x1764 USBAAPL64 - ok
09:28:16.0961 0x1764 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:28:16.0961 0x1764 usbccgp - ok
09:28:16.0991 0x1764 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:28:17.0001 0x1764 usbcir - ok
09:28:17.0021 0x1764 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:28:17.0021 0x1764 usbehci - ok
09:28:17.0061 0x1764 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:28:17.0061 0x1764 usbhub - ok
09:28:17.0081 0x1764 [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:28:17.0081 0x1764 usbohci - ok
09:28:17.0101 0x1764 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:28:17.0101 0x1764 usbprint - ok
09:28:17.0111 0x1764 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:28:17.0121 0x1764 USBSTOR - ok
09:28:17.0131 0x1764 [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:28:17.0131 0x1764 usbuhci - ok
09:28:17.0141 0x1764 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:28:17.0141 0x1764 UxSms - ok
09:28:17.0161 0x1764 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] VaultSvc C:\Windows\system32\lsass.exe
09:28:17.0161 0x1764 VaultSvc - ok
09:28:17.0191 0x1764 VBoxAswDrv - ok
09:28:17.0201 0x1764 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:28:17.0201 0x1764 vdrvroot - ok
09:28:17.0231 0x1764 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:28:17.0241 0x1764 vds - ok
09:28:17.0261 0x1764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:28:17.0261 0x1764 vga - ok
09:28:17.0271 0x1764 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:28:17.0271 0x1764 VgaSave - ok
09:28:17.0291 0x1764 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:28:17.0301 0x1764 vhdmp - ok
09:28:17.0321 0x1764 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:28:17.0321 0x1764 viaide - ok
09:28:17.0421 0x1764 [ E39DE1A0D9407418CCDEBF182A967269, 59AC76F6944F7EC6F8CDF0B2B9E69A294C52F88158D0E669D6EEB87AB0BAA362 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
09:28:17.0451 0x1764 VMUSBArbService - ok
09:28:17.0551 0x1764 [ A8C2BB24BE355DE258F8A6F78E9038C2, 149AB6D45B11A9A75D1D574D8A271901ECABC4B3D335BA81F8781F6FDBA56459 ] vmware-view-usbd C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
09:28:17.0621 0x1764 vmware-view-usbd - ok
09:28:17.0641 0x1764 [ 771D3F512B2738338E321556D9D4690F, 7A6C37729B6FFEF38FEFA7082F89F2B071FF44D7C86254DA20C23999CADBDD23 ] vmwsprrdpwks C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
09:28:17.0641 0x1764 vmwsprrdpwks - ok
09:28:17.0661 0x1764 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:28:17.0661 0x1764 volmgr - ok
09:28:17.0681 0x1764 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:28:17.0691 0x1764 volmgrx - ok
09:28:17.0711 0x1764 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:28:17.0721 0x1764 volsnap - ok
09:28:17.0731 0x1764 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:28:17.0731 0x1764 vsmraid - ok
09:28:17.0791 0x1764 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:28:17.0841 0x1764 VSS - ok
09:28:17.0871 0x1764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:28:17.0871 0x1764 vwifibus - ok
09:28:17.0881 0x1764 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:28:17.0891 0x1764 vwififlt - ok
09:28:17.0921 0x1764 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:28:17.0931 0x1764 W32Time - ok
09:28:17.0951 0x1764 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:28:17.0951 0x1764 WacomPen - ok
09:28:17.0971 0x1764 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:28:17.0981 0x1764 WANARP - ok
09:28:17.0981 0x1764 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:28:17.0981 0x1764 Wanarpv6 - ok
09:28:18.0062 0x1764 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:28:18.0102 0x1764 WatAdminSvc - ok
09:28:18.0182 0x1764 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:28:18.0242 0x1764 wbengine - ok
09:28:18.0262 0x1764 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:28:18.0272 0x1764 WbioSrvc - ok
09:28:18.0292 0x1764 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:28:18.0302 0x1764 wcncsvc - ok
09:28:18.0342 0x1764 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:28:18.0342 0x1764 WcsPlugInService - ok
09:28:18.0362 0x1764 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:28:18.0362 0x1764 Wd - ok
09:28:18.0422 0x1764 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:28:18.0442 0x1764 Wdf01000 - ok
09:28:18.0482 0x1764 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:28:18.0492 0x1764 WdiServiceHost - ok
09:28:18.0492 0x1764 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:28:18.0502 0x1764 WdiSystemHost - ok
09:28:18.0562 0x1764 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
09:28:18.0572 0x1764 WebClient - ok
09:28:18.0592 0x1764 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:28:18.0602 0x1764 Wecsvc - ok
09:28:18.0612 0x1764 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:28:18.0622 0x1764 wercplsupport - ok
09:28:18.0652 0x1764 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:28:18.0652 0x1764 WerSvc - ok
09:28:18.0662 0x1764 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:28:18.0672 0x1764 WfpLwf - ok
09:28:18.0702 0x1764 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:28:18.0702 0x1764 WimFltr - ok
09:28:18.0712 0x1764 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:28:18.0722 0x1764 WIMMount - ok
09:28:18.0742 0x1764 WinDefend - ok
09:28:18.0752 0x1764 WinHttpAutoProxySvc - ok
09:28:18.0792 0x1764 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:28:18.0802 0x1764 Winmgmt - ok
09:28:18.0872 0x1764 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
09:28:18.0932 0x1764 WinRM - ok
09:28:19.0012 0x1764 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
09:28:19.0012 0x1764 WinUsb - ok
09:28:19.0042 0x1764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:28:19.0072 0x1764 Wlansvc - ok
09:28:19.0102 0x1764 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:28:19.0112 0x1764 wlcrasvc - ok
09:28:19.0222 0x1764 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:28:19.0282 0x1764 wlidsvc - ok
09:28:19.0302 0x1764 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:28:19.0302 0x1764 WmiAcpi - ok
09:28:19.0322 0x1764 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:28:19.0322 0x1764 wmiApSrv - ok
09:28:19.0332 0x1764 WMPNetworkSvc - ok
09:28:19.0342 0x1764 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:28:19.0352 0x1764 WPCSvc - ok
09:28:19.0362 0x1764 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:28:19.0372 0x1764 WPDBusEnum - ok
09:28:19.0392 0x1764 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:28:19.0392 0x1764 ws2ifsl - ok
09:28:19.0402 0x1764 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:28:19.0412 0x1764 wscsvc - ok
09:28:19.0412 0x1764 WSearch - ok
09:28:19.0462 0x1764 [ 796283DD18846005B4BA51C819537866, 26AC5FDD5EA8AA9798D67A368EDD68F6311FCEF72A67F43D7B8FC43212155AC3 ] wsnm C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
09:28:19.0472 0x1764 wsnm - ok
09:28:19.0582 0x1764 [ 3D4032E6A5885C007AEF4BA816AB4032, 21EB2B5B5A64EED44B5B7743820842205175F52A6F5525BD0F95DCB2733F449C ] wuauserv C:\Windows\system32\wuaueng.dll
09:28:19.0662 0x1764 wuauserv - ok
09:28:19.0702 0x1764 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:28:19.0712 0x1764 WudfPf - ok
09:28:19.0742 0x1764 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:28:19.0752 0x1764 WUDFRd - ok
09:28:19.0762 0x1764 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:28:19.0772 0x1764 wudfsvc - ok
09:28:19.0812 0x1764 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:28:19.0822 0x1764 WwanSvc - ok
09:28:19.0842 0x1764 [ 2E76E5E2CDF34D9BA30A0C463459D2B0, BC30345B884BB8FCD6BCE5659101FF3C2E795626DE81C64AD359FDF99489BBE7 ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
09:28:19.0852 0x1764 ZAtheros Wlan Agent - ok
09:28:19.0862 0x1764 ================ Scan global ===============================
09:28:19.0902 0x1764 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
09:28:19.0952 0x1764 [ 96AEEE466EA56AF34AE4AD5E55DAD164, 467DA5C29E04E02520974163AEBF7FAA3DED8212A765616C0D877E4F36AD173C ] C:\Windows\system32\winsrv.dll
09:28:19.0962 0x1764 [ 96AEEE466EA56AF34AE4AD5E55DAD164, 467DA5C29E04E02520974163AEBF7FAA3DED8212A765616C0D877E4F36AD173C ] C:\Windows\system32\winsrv.dll
09:28:20.0003 0x1764 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:28:20.0043 0x1764 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:28:20.0053 0x1764 [ Global ] - ok
09:28:20.0063 0x1764 ================ Scan MBR ==================================
09:28:20.0073 0x1764 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:28:20.0263 0x1c2c Object required for P2P: [ 435685429F72AC4D43BF3A2658F13104 ] RealTimes Desktop Service
09:28:20.0323 0x1764 \Device\Harddisk0\DR0 - ok
09:28:20.0323 0x1764 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:28:20.0393 0x1764 \Device\Harddisk1\DR1 - ok
09:28:20.0393 0x1764 ================ Scan VBR ==================================
09:28:20.0403 0x1764 [ 56214D841AED1AF14B7693BB84B1962B ] \Device\Harddisk0\DR0\Partition1
09:28:20.0463 0x1764 \Device\Harddisk0\DR0\Partition1 - ok
09:28:20.0473 0x1764 [ 5A1A6F0282A36211CD85E270A49F7D6C ] \Device\Harddisk0\DR0\Partition2
09:28:20.0483 0x1764 \Device\Harddisk0\DR0\Partition2 - ok
09:28:20.0483 0x1764 [ 2D1B1A2512A15200C7911A9FA36C5483 ] \Device\Harddisk1\DR1\Partition1
09:28:20.0543 0x1764 \Device\Harddisk1\DR1\Partition1 - ok
09:28:20.0543 0x1764 ================ Scan generic autorun ======================
09:28:20.0653 0x1764 [ 1136B11FB4B6A598051BD9648A798F7C, 9019F8479325959F8DC7415E5607AE7B90B6755F435D4E3D0E90D44CD25C2BCD ] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
09:28:20.0703 0x1764 Stage Remote - ok
09:28:20.0773 0x1764 [ BB7481A1306823D1B6592263F1AB8DD7, 2D48A5DD217D81E99D134580721A1BC65EEFFB22FE9D2C03EAA3D9879F86A5D5 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
09:28:20.0783 0x1764 AdobeAAMUpdater-1.0 - ok
09:28:20.0863 0x1764 [ 812DD9FBA5EF2136AEF738CAA499D47C, 239BF6A71916512FD3979DB334491C4FF399F5E95BE02F25A1DF81C171D17C42 ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
09:28:20.0933 0x1764 DellStage - ok
09:28:20.0943 0x1764 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:28:20.0953 0x1764 Logitech Download Assistant - ok
09:28:20.0973 0x1764 [ B953DFFE17B19EF7A0465E5CF611152C, 4337E75C3F8C095A13B0F9AC89293EC67481692F149B90883F35E2ED8F5F1F5B ] C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe
09:28:20.0973 0x1764 VMware Netlink 3 HV Install Utility - ok
09:28:21.0043 0x1764 [ ADFCC68B42627055979B26FC00759D17, 5C1C8395A7846E5DDEB6FFE2B37B537DDA4712D62CE05D7EA8B1773C75D46DE6 ] C:\Program Files\iTunes\iTunesHelper.exe
09:28:21.0043 0x1764 iTunesHelper - ok
09:28:21.0093 0x1764 [ C5D79C8D3C010A083C21A9612B4D906E, 141AB809E440F883258DEED979BEEE5B2C18E79BA9128F4C8BECE1FE79928937 ] C:\Windows\system32\igfxtray.exe
09:28:21.0093 0x1764 IgfxTray - ok
09:28:21.0113 0x1764 [ A0B03897D4A8DA274467C4B9FC292ACE, 077D3E4E7373D6165B0A7B0E168384BD397ED60A63D85341CEC6CCE72DF41507 ] C:\Windows\system32\hkcmd.exe
09:28:21.0123 0x1764 HotKeysCmds - ok
09:28:21.0143 0x1764 [ 1F963E569AD9764CACB397452F72608C, F97560022D07D433BA38CB4E9260346D6106493172CA994D864D0F63159F70BB ] C:\Windows\system32\igfxpers.exe
09:28:21.0153 0x1764 Persistence - ok
09:28:21.0183 0x1764 [ 89177C9749776F1949F2E81F8F24211D, 813AF89B3ACD7A581B8562D26C2A9547A9B110A499D7C1FDD0AA5DDB03FFB930 ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
09:28:21.0183 0x1764 IMSS - ok
09:28:21.0233 0x1764 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:28:21.0243 0x1764 USB3MON - ok
09:28:21.0283 0x1764 [ 5514B64F7F2D25E09E2FDAF5D62B688C, 43263715ADC49250762A01E41DB2832C6A8B63CE4F66CDD8FC0B51DCA031DF27 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
09:28:21.0293 0x1764 IAStorIcon - ok
09:28:21.0303 0x1764 Adobe Reader Speed Launcher - ok
09:28:21.0343 0x1764 [ 918850CDD168605454665D160B034837, 1D2E61C72DD8854837281A618A7DD7F47054EFF912DF4736690304B3794918A3 ] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
09:28:21.0353 0x1764 NeroLauncher - ok
09:28:21.0383 0x1764 [ 53EDBE9C1D6B0CEC11A573852B5B6DAD, E4A6B00AA93F2E8BBA7149601A37D7388E0A5EC48CD95A0BD94939FD96726811 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
09:28:21.0403 0x1764 AccuWeatherWidget - ok
09:28:21.0463 0x1764 [ 7AA219D7AEAA8BADCAC7853AE6AE3BD5, 018F85DCD9EB33DC775CCCB58B999A640B6F8FEF37898EA45600B433E77CF9AE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:28:21.0463 0x1764 APSDaemon - ok
09:28:21.0593 0x1764 [ BED38B0ADFF5F5CC6E988A6491017E83, B2C0EFDEC9320D7EB5882F244E5ACF11A61C1A0AFED83D080C8BB8F7F1AC7E79 ] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
09:28:21.0603 0x1764 RIMBBLaunchAgent.exe - ok
09:28:21.0603 0x1764 Wondershare Helper Compact.exe - ok
09:28:21.0613 0x1764 BrowserPlugInHelper - ok
09:28:21.0823 0x1764 [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
09:28:22.0013 0x1764 AvastUI.exe - ok
09:28:22.0063 0x1764 CitrixReceiver - ok
09:28:22.0083 0x1764 [ C17FC2B8D522562B7A098345CC8851C3, D1AB9197775ECE8E4D7B4568994608BF7A6D771E0936D81D93C31C10469F9EFA ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
09:28:22.0093 0x1764 ConnectionCenter - ok
09:28:22.0123 0x1764 [ A72FB8DCD04639175AC4C59847BE8DA2, 23D972CA6AE5DA997D6C4F79A2F94C4C18A3EED23785F87E239620F3D1E9EA60 ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
09:28:22.0133 0x1764 Redirector - ok
09:28:22.0223 0x1764 [ 4D7A3EEDA99036A273A7A81634FEE960, 278BA73E75482956C31BF1B2EFDAED21BC9D43F3240E14396DB44A7495103454 ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
09:28:22.0233 0x1764 TkBellExe - ok
09:28:22.0293 0x1764 [ AA4B7C499673D6465F6F14186B4711BF, F6FC00403BA3B40FBB2255CF06F0CA7BA35C9CC45426EE53F908233F82CF1913 ] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
09:28:22.0303 0x1764 RealDownloader - ok
09:28:22.0373 0x1764 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:28:22.0413 0x1764 Sidebar - ok
09:28:22.0453 0x1764 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:28:22.0463 0x1764 mctadmin - ok
09:28:22.0503 0x1764 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:28:22.0523 0x1764 Sidebar - ok
09:28:22.0533 0x1764 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:28:22.0533 0x1764 mctadmin - ok
09:28:22.0593 0x1764 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Indre Melynis\AppData\Local\Google\Update\GoogleUpdate.exe
09:28:22.0593 0x1764 Google Update - ok
09:28:22.0714 0x1764 [ DC36DEA4261E179B7AB63160AD000AD1, EB5071B81E0076D67A7A71E64BED8F3300363832EA39282CD396A0FAB3D3CE84 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
09:28:22.0754 0x1764 GarminExpressTrayApp - ok
09:28:22.0994 0x1764 [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
09:28:23.0174 0x1c2c Object send P2P result: true
09:28:23.0224 0x1764 CCleaner Monitoring - ok
09:28:23.0384 0x1764 [ 88B052F686DA7B7E1423F0879E68CF41, 97FDFEF5A2E393642BC0136C64C0570668E58A49CA2EAD8ACFF61EF25383B3CB ] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
09:28:23.0444 0x1764 Advanced SystemCare 9 - ok
09:28:23.0454 0x1764 Waiting for KSN requests completion. In queue: 77
09:28:24.0455 0x1764 Waiting for KSN requests completion. In queue: 77
09:28:25.0461 0x1764 Waiting for KSN requests completion. In queue: 77
09:28:26.0152 0x0ca4 Object required for P2P: [ 8A312D5764B4FC4C55CEDDEED4652CF1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
09:28:26.0462 0x1764 Waiting for KSN requests completion. In queue: 12
09:28:27.0462 0x1764 Waiting for KSN requests completion. In queue: 12
09:28:28.0463 0x1764 Waiting for KSN requests completion. In queue: 12
09:28:29.0062 0x0ca4 Object send P2P result: true
09:28:29.0062 0x0ca4 Object required for P2P: [ 4D7A3EEDA99036A273A7A81634FEE960 ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
09:28:29.0463 0x1764 Waiting for KSN requests completion. In queue: 9
09:28:30.0463 0x1764 Waiting for KSN requests completion. In queue: 9
09:28:31.0463 0x1764 Waiting for KSN requests completion. In queue: 9
09:28:31.0951 0x0ca4 Object send P2P result: true
09:28:31.0951 0x0ca4 Object required for P2P: [ AA4B7C499673D6465F6F14186B4711BF ] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
09:28:32.0463 0x1764 Waiting for KSN requests completion. In queue: 8
09:28:33.0463 0x1764 Waiting for KSN requests completion. In queue: 8
09:28:34.0463 0x1764 Waiting for KSN requests completion. In queue: 8
09:28:34.0841 0x0ca4 Object send P2P result: true
09:28:35.0495 0x1764 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated )
09:28:35.0513 0x1764 Win FW state via NFP2: enabled ( trusted )
09:28:38.0306 0x1764 ============================================================
09:28:38.0306 0x1764 Scan finished
09:28:38.0306 0x1764 ============================================================
09:28:38.0314 0x1fec Detected object count: 0
09:28:38.0314 0x1fec Actual detected object count: 0
09:29:13.0083 0x1ed0 Deinitialize success

AdwCleaner scan log:

# AdwCleaner v5.036 - Logfile created 22/02/2016 at 23:26:33
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Indre Melynis - INDREMELYNIS-PC
# Running from : C:\Users\Indre Melynis\Desktop\adwcleaner_5.036.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1688 bytes] - [21/02/2016 10:33:57]
C:\AdwCleaner\AdwCleaner[R0].txt - [4933 bytes] - [18/01/2014 21:06:19]
C:\AdwCleaner\AdwCleaner[R1].txt - [1123 bytes] - [11/02/2014 20:51:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [4460 bytes] - [18/01/2014 21:07:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [2707 bytes] - [11/02/2014 20:52:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [1237 bytes] - [22/02/2016 23:26:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1310 bytes] ##########

Please let me know if you need anything else. Have a good night and thanks again so much for your help!

IndyBlue

P.S. My computer got really slow after running these things. When I type, there's a big lag on the screen...
  • 0

#6
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hello IndyBlue,
 

Apologies for not responding immediately--I tend to get home very late from work.

 
That's fine. :D
 

when I go to various websites, the computer completely slows down and often freezes for a bit--and then I just get so frustrated that I give up. The redirects don't happen when I'm in Google, Facebook, or Gmail

 
Is it possible for me to you to list a few examples of the website that you visit and you faces those issue? If it is not convenient for you to list it down publicly, you may choose to PM me instead.
 
Let's try with another few scans and see if that helps.

JHlUMFt.png Re-scan with Malwarebytes Anti-Malware
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • MalwareBytes log
  • ESET online scan log
  • FRST log
  • FRST Addition log

  • 0

#7
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hiya--

Please forgive me for not answering yet. Have been getting home from work around midnight, and have had no time. I hope to get to your instructions tomorrow. Once again, sorry for the delay in my response.

Thanks so much for your help! I'll be in touch tomorrow!

IndyBlue
  • 0

#8
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

That's alright. :D


  • 0

#9
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hiya!

Your instructions are really clear and thorough--thank you for that! Here are the logs you requested:

Malware bytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/25/2016
Scan Time: 9:32 PM
Logfile: Malwarebytes log 022516.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.26.01
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Indre Melynis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369193
Time Elapsed: 18 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

******

ESET:

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c41f01f292d4544d894980c52858a32b
# end=init
# utc_time=2016-02-26 03:29:44
# local_time=2016-02-25 10:29:44 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 28308
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c41f01f292d4544d894980c52858a32b
# end=updated
# utc_time=2016-02-26 03:45:30
# local_time=2016-02-25 10:45:30 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c41f01f292d4544d894980c52858a32b
# engine=28308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-26 05:42:40
# local_time=2016-02-26 12:42:40 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=788 16777213 100 100 1561047 219967850 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 208008810 0 0
# scanned=401308
# found=26
# cleaned=0
# scan_time=7029
sh=1CCAE06B50CCC7E7C6301FCD7DC8F3CC7F2DD911 ft=1 fh=a0f52feadde1c237 vn="a variant of Win32/Toolbar.Conduit.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3287802\plugins\TBVerifier.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3287802\UninstallerUI.exe.vir"
sh=0ED4BD4CCB9C96786DC1203CFC8A9FB72E58EEBB ft=1 fh=0d404ec1fdb2f145 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Indre Melynis\AppData\Local\Conduit\Chrome\CT3287802\CHUninstaller.exe.vir"
sh=7A7A53735F25060338ACEA8F04A4A2A21C7D628F ft=1 fh=a9bbc2b895dbcf94 vn="a variant of Win32/Toolbar.Conduit.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Indre Melynis\AppData\Local\Conduit\Chrome\CT3287802\UninstallerUI.exe.vir"
sh=D261C604F6F37D1CE433787DEE98DB62D35DDFD7 ft=1 fh=59dcf0cee308545e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Indre Melynis\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir"
sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=24C285E4A280C2E7A217907C5E9EDE4207753C44 ft=1 fh=911ad30aca1b2451 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll"
sh=24C285E4A280C2E7A217907C5E9EDE4207753C44 ft=1 fh=911ad30aca1b2451 vn="a variant of Win32/Adware.Coupons.AA application" ac=I fn="C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll"
sh=CD2C3DA8A6351A0F33672222224C47F563129D7D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Indre Melynis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAK8Q2LV\askrt_en[1].cab"
sh=CD2C3DA8A6351A0F33672222224C47F563129D7D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Indre Melynis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\stub_data\askrt_en.cab"
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Indre Melynis\Downloads\ccsetup513.exe"
sh=9590088AB47BAADF5F41EA26635236E8521271E8 ft=1 fh=000320d40bc4cf3e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\avira_free_antivirus_en.exe"
sh=CAD7F5E8DA192D390EDA596ED2D5C4E0CB38E41C ft=1 fh=bb1f3b8ffd9a710e vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\cnet2_revosetup_exe.exe"
sh=5D875052662D9FDAD4D4E17C8F82BDE2124AEE82 ft=1 fh=8b0bf2daf5afaeb4 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\cnet_DVDAuthorPlus_exe.exe"
sh=1B7595F0604A40CAE8171F12F7D7AADC7A989259 ft=1 fh=8b0bf2da813686c5 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\cnet_EASYDVD2_EXE.exe"
sh=8AA7BFFAC0CEACF2FDC73EABBED91732A88727EA ft=1 fh=8b0bf2dac7e4af89 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\cnet_setup_magicdisc106_exe.exe"
sh=CF0FC6E6B1E514C6CE019419009B48385492B460 ft=1 fh=74636d3cdf41d12e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\gusetup.exe"
sh=29218698D0E8AED59C33EB46AEF8C078AB460928 ft=1 fh=595f89bd4d2ae48f vn="Win32/DownloadAdmin.A.Gen potentially unwanted application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\uplayermediaplayer-setup.exe"
sh=294AB91288412DECB27232655ADD82FAF0B1C55D ft=1 fh=dabaed1395cd1d06 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="E:\Seagate Backup\HOME\C\Documents and Settings\Administrator\My Documents\Downloads\VeohWebPlayerSetup_eng.exe"
sh=9590088AB47BAADF5F41EA26635236E8521271E8 ft=1 fh=000320d40bc4cf3e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\Seagate Sync\VOL\My Documents\Downloads\avira_free_antivirus_en.exe"
sh=CAD7F5E8DA192D390EDA596ED2D5C4E0CB38E41C ft=1 fh=bb1f3b8ffd9a710e vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Sync\VOL\My Documents\Downloads\cnet2_revosetup_exe.exe"
sh=5D875052662D9FDAD4D4E17C8F82BDE2124AEE82 ft=1 fh=8b0bf2daf5afaeb4 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Sync\VOL\My Documents\Downloads\cnet_DVDAuthorPlus_exe.exe"
sh=1B7595F0604A40CAE8171F12F7D7AADC7A989259 ft=1 fh=8b0bf2da813686c5 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Sync\VOL\My Documents\Downloads\cnet_EASYDVD2_EXE.exe"
sh=8AA7BFFAC0CEACF2FDC73EABBED91732A88727EA ft=1 fh=8b0bf2dac7e4af89 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="E:\Seagate Sync\VOL\My Documents\Downloads\cnet_setup_magicdisc106_exe.exe"
sh=CF0FC6E6B1E514C6CE019419009B48385492B460 ft=1 fh=74636d3cdf41d12e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="E:\Seagate Sync\VOL\My Documents\Downloads\gusetup.exe"

******

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016
Ran by Indre Melynis (administrator) on INDREMELYNIS-PC (26-02-2016 00:47:42)
Running from C:\Users\Indre Melynis\Desktop
Loaded Profiles: Indre Melynis (Available Profiles: Indre Melynis)
Platform: Windows 7 Home Premium Service Pack 1 0(X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Users\Indre Melynis\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Indre Melynis\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-05-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12831984 2016-02-18] (Zemana Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286992 2015-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\Run: [Google Update] => C:\Users\Indre Melynis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-12-31]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Indre Melynis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-09-23]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{36B0282A-A646-412F-A81A-B6C99379167F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{386DF54D-4431-494B-BBE6-EA10AE634B3D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MSN_WCP
SearchScopes: HKLM -> DefaultScope {7F0E4A79-5271-4012-A9F7-A1ABA7AD8C0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {7F0E4A79-5271-4012-A9F7-A1ABA7AD8C0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7F0E4A79-5271-4012-A9F7-A1ABA7AD8C0E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-24] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-24] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-24] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-24] (Microsoft Corporation)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Indre Melynis\AppData\Roaming\Mozilla\Firefox\Profiles\fvhxksqh.default-1456071445424
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-08-05] (Simon Bünzli)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-12-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-12-31] (RealPlayer)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2013-03-15] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-08-05] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Indre Melynis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @talk.google.com/O1DPlugin -> C:\Users\Indre Melynis\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Indre Melynis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3762274814-3010589716-3170184999-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Indre Melynis\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Indre Melynis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Indre Melynis\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Gmail Notifier (restartless) - C:\Users\Indre Melynis\AppData\Roaming\Mozilla\Firefox\Profiles\fvhxksqh.default-1456071445424\Extensions\[email protected] [2016-02-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-13]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Indre Melynis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-05-08] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [4333712 2015-05-12] ()
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-25] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-31] (RealNetworks, Inc.)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2032344 2015-05-14] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-05-26] (VMware, Inc.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12831984 2016-02-18] (Zemana Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-30] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-12-30] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [404184 2015-12-30] (Realsil Semiconductor Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-02-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-02-21] (Zemana Ltd.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 00:47 - 2016-02-26 00:48 - 00030276 _____ C:\Users\Indre Melynis\Desktop\FRST.txt
2016-02-26 00:46 - 2016-02-26 00:46 - 00007740 _____ C:\Users\Indre Melynis\Desktop\ESETlog022516.txt
2016-02-25 22:29 - 2016-02-25 22:29 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-25 22:28 - 2016-02-25 22:29 - 02870984 _____ (ESET) C:\Users\Indre Melynis\Downloads\esetsmartinstaller_enu.exe
2016-02-25 21:59 - 2016-02-25 21:59 - 00001078 _____ C:\Users\Indre Melynis\Desktop\Malwarebytes log 022516.txt
2016-02-24 22:25 - 2016-02-25 22:25 - 00003534 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Indre Melynis
2016-02-24 22:25 - 2016-02-24 22:25 - 00003658 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Indre Melynis
2016-02-24 22:25 - 2016-02-24 22:25 - 00003540 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Indre Melynis
2016-02-24 22:25 - 2016-02-24 22:25 - 00003274 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Indre Melynis
2016-02-22 23:25 - 2016-02-22 23:25 - 01511936 _____ C:\Users\Indre Melynis\Desktop\adwcleaner_5.036.exe
2016-02-21 12:02 - 2016-02-21 12:02 - 02371072 _____ (Farbar) C:\Users\Indre Melynis\Desktop\FRST64 (1).exe
2016-02-21 11:58 - 2016-02-26 00:47 - 00000000 ____D C:\FRST
2016-02-21 11:58 - 2016-02-21 11:59 - 02371072 _____ (Farbar) C:\Users\Indre Melynis\Desktop\FRST64.exe
2016-02-21 11:57 - 2016-02-21 11:57 - 02371072 _____ (Farbar) C:\Users\Indre Melynis\Downloads\FRST64.exe
2016-02-21 11:20 - 2016-02-25 21:32 - 00000983 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-02-21 11:20 - 2016-02-25 21:04 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2016-02-21 11:20 - 2016-02-21 11:20 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-02-21 11:20 - 2016-02-21 11:20 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-02-21 11:20 - 2016-02-21 11:20 - 00001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-02-21 11:20 - 2016-02-21 11:20 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\Zemana
2016-02-21 11:20 - 2016-02-21 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-02-21 11:20 - 2016-02-21 11:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-02-21 11:19 - 2016-02-21 11:19 - 05293368 _____ ( ) C:\Users\Indre Melynis\Downloads\Zemana.AntiMalware.Setup.exe
2016-02-21 10:53 - 2016-02-21 11:05 - 00000000 ____D C:\EEK
2016-02-21 10:49 - 2016-02-21 10:51 - 219925176 _____ C:\Users\Indre Melynis\Downloads\EmsisoftEmergencyKit.exe
2016-02-21 10:39 - 2016-02-21 10:39 - 01609216 _____ (Malwarebytes) C:\Users\Indre Melynis\Downloads\JRT.exe
2016-02-21 10:12 - 2016-02-21 10:12 - 00009918 _____ C:\Windows\system32\.crusader
2016-02-21 09:59 - 2016-02-21 09:59 - 00001859 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-21 09:59 - 2016-02-21 09:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-21 09:58 - 2016-02-21 09:58 - 11443792 _____ (SurfRight B.V.) C:\Users\Indre Melynis\Downloads\HitmanPro_x64 (1).exe
2016-02-21 09:29 - 2016-02-21 09:30 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Indre Melynis\Downloads\iExplore.exe
2016-02-21 09:25 - 2016-02-21 09:26 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Indre Melynis\Downloads\tdsskiller.exe
2016-02-12 00:04 - 2016-02-13 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-09 22:50 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 22:50 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 22:50 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 22:50 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 22:50 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 22:50 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 22:50 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 22:50 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 22:50 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 22:50 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 22:50 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 22:50 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 22:50 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 22:50 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 22:50 - 2016-01-16 14:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 22:50 - 2016-01-16 13:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 22:50 - 2016-01-11 09:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 22:50 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 22:50 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 22:50 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 22:49 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 22:49 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 22:49 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 22:49 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 22:49 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 22:49 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 22:49 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 22:49 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 22:49 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 22:49 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 22:49 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 22:49 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 22:49 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 22:49 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 22:49 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 22:49 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 22:49 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 22:49 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 22:49 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 22:49 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 22:49 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 22:49 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 22:49 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 22:49 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 22:49 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 22:49 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 22:49 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 22:49 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 22:49 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 22:49 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 22:49 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 22:49 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 22:49 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 22:49 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 22:49 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 22:49 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 22:49 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 22:49 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 22:49 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 22:49 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 22:49 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 22:49 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 22:49 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 22:49 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 22:49 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 22:49 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 22:49 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 22:49 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 22:49 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 22:49 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 22:49 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 22:49 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 22:47 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 22:47 - 2016-01-11 14:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 22:47 - 2016-01-11 14:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 22:47 - 2016-01-11 14:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 22:47 - 2016-01-11 13:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 22:47 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 22:47 - 2016-01-11 13:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 22:47 - 2016-01-11 13:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 22:47 - 2016-01-11 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 22:47 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 22:47 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 22:47 - 2016-01-11 13:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 22:47 - 2016-01-11 13:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 22:47 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 22:47 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 22:47 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 22:47 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 22:47 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 22:47 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 22:46 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 22:45 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 22:45 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 22:45 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 22:45 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 22:45 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 22:45 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 22:45 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 22:45 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 22:45 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 22:45 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 22:45 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 22:45 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 22:45 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 22:45 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 22:45 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 22:45 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 22:45 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 22:45 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 22:45 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 22:45 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 22:45 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 22:45 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 22:45 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 22:45 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 22:45 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 22:45 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 22:45 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 22:45 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 22:45 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 22:45 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 22:45 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 22:45 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 22:45 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 22:45 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 22:45 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 22:45 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 22:45 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 22:45 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 22:45 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 22:45 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 22:45 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 22:45 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 22:45 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 22:45 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 22:45 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 22:45 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 22:43 - 2016-01-22 01:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 22:43 - 2016-01-22 01:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 22:43 - 2016-01-22 01:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 22:43 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 22:43 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 22:43 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 22:43 - 2016-01-22 00:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 22:43 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-02 22:22 - 2016-02-25 22:45 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForIndre Melynis.job
2016-02-02 22:22 - 2016-02-16 22:45 - 00003234 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIndre Melynis
2016-02-01 21:02 - 2016-02-01 21:02 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-01 21:02 - 2016-02-01 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-30 00:38 - 2016-01-30 00:38 - 00002767 _____ C:\Users\Public\Desktop\SyncUP.lnk
2016-01-28 16:12 - 2016-01-28 16:12 - 01525807 _____ C:\Users\Indre Melynis\Downloads\11 x 14 FINAL high quality.pdf
2016-01-28 09:12 - 2016-01-28 09:42 - 00000000 ____D C:\Users\Indre Melynis\AppData\LocalLow\WebEx
2016-01-28 09:12 - 2016-01-28 09:37 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\webex
2016-01-28 09:12 - 2016-01-28 09:12 - 00712592 _____ (Cisco WebEx LLC) C:\Users\Indre Melynis\Downloads\Cisco_WebEx_Add-On.exe
2016-01-28 09:12 - 2016-01-28 09:12 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\WebEx
2016-01-28 09:12 - 2016-01-28 09:12 - 00000000 ____D C:\ProgramData\WebEx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 00:31 - 2012-08-26 15:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-26 00:10 - 2015-12-30 01:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-25 21:32 - 2014-10-05 12:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 21:31 - 2012-08-26 15:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-25 21:21 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-25 21:21 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-25 21:20 - 2012-09-09 07:53 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\Nero
2016-02-25 21:08 - 2014-02-11 20:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-25 21:06 - 2012-07-16 15:49 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-02-25 21:06 - 2012-07-16 15:49 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-02-25 21:06 - 2012-07-16 15:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-02-25 21:05 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-24 22:27 - 2012-08-26 15:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-24 01:44 - 2013-04-10 11:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-24 01:42 - 2013-04-10 11:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-24 01:25 - 2015-12-31 21:26 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\Real
2016-02-24 01:25 - 2015-12-31 21:24 - 00000000 ____D C:\ProgramData\Real
2016-02-22 23:26 - 2014-01-18 21:06 - 00000000 ____D C:\AdwCleaner
2016-02-22 23:02 - 2015-04-14 16:02 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\CrashDumps
2016-02-22 23:02 - 2013-08-13 16:52 - 00000000 ____D C:\Users\Indre Melynis\AppData\LocalLow\Temp
2016-02-21 12:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-21 10:42 - 2015-12-30 01:13 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\IObit
2016-02-21 10:42 - 2015-12-30 01:13 - 00000000 ____D C:\ProgramData\IObit
2016-02-21 10:42 - 2015-12-30 01:13 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-21 10:12 - 2014-01-19 00:10 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-20 18:23 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-02-19 22:45 - 2012-08-26 15:25 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 22:45 - 2012-08-26 15:25 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-16 22:46 - 2015-12-30 01:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 09:24 - 2012-08-26 15:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 07:35 - 2015-10-23 08:55 - 00000000 ____D C:\Users\Indre Melynis\AppData\Roaming\VMware
2016-02-10 22:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 07:54 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-10 07:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-10 07:48 - 2009-07-13 23:45 - 00440456 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 07:44 - 2014-12-11 22:32 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 07:44 - 2014-05-07 21:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 07:44 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 01:32 - 2013-08-14 21:08 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 01:26 - 2012-08-26 17:42 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 01:24 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
2016-02-09 23:10 - 2015-12-30 01:52 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 23:10 - 2015-12-30 01:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 23:10 - 2015-12-30 01:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-05 22:53 - 2009-07-14 00:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-02 22:22 - 2015-12-28 14:11 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\Hewlett-Packard
2016-02-01 21:34 - 2012-08-26 22:57 - 00000000 ____D C:\Users\Indre Melynis\AppData\Local\ElevatedDiagnostics
2016-02-01 21:26 - 2012-08-26 15:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 21:26 - 2012-08-26 15:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 21:02 - 2014-04-03 21:57 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-02-01 21:02 - 2013-03-23 21:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-01 21:02 - 2013-01-06 23:08 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-30 00:38 - 2012-07-16 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-30 00:37 - 2012-07-16 15:49 - 00000000 ____D C:\ProgramData\Nero
2016-01-30 00:37 - 2012-07-16 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-01-28 23:14 - 2013-09-09 13:30 - 00000000 ____D C:\Users\Indre Melynis\Desktop\funny stuff
2016-01-28 18:27 - 2013-06-02 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-10-12 23:57 - 2014-10-12 23:57 - 0000093 _____ () C:\Users\Indre Melynis\AppData\Roaming\ARCompanion.log
2012-09-05 21:41 - 2014-03-03 07:49 - 0001463 _____ () C:\Users\Indre Melynis\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-05 21:40 - 2014-03-03 07:45 - 0003361 _____ () C:\Users\Indre Melynis\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-05 21:41 - 2014-03-03 07:49 - 0001694 _____ () C:\Users\Indre Melynis\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-04 16:30 - 2012-09-04 16:30 - 0000318 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-20 20:00

==================== End of FRST.txt ============================

******

FRST Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by Indre Melynis (2016-02-26 00:48:27)
Running from C:\Users\Indre Melynis\Desktop
Windows 7 Home Premium Service Pack 1 0(X64) (2012-08-26 20:01:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3762274814-3010589716-3170184999-500 - Administrator - Disabled)
Guest (S-1-5-21-3762274814-3010589716-3170184999-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3762274814-3010589716-3170184999-1002 - Limited - Enabled)
Indre Melynis (S-1-5-21-3762274814-3010589716-3170184999-1000 - Administrator - Enabled) => C:\Users\Indre Melynis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Office 2013 tikrinimo įrankiai lietuvių k. (HKLM-x32\...\{90150000-001F-0427-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{2563E7CF-E58B-4069-BF3A-0828EEB1E361}) (Version: 4.3.1.18 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Escape Whisper Valley ™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyodai Mahjongg 2006 v1.42 (HKLM-x32\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PDFlite 0.8 (HKLM-x32\...\PDFlite) (Version: 0.8 - Amnis Technology Ltd)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16500 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TextPad 7 (HKLM\...\{6A86F18E-5464-449D-A82D-667974747F38}) (Version: 7.2.0 - Helios)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
Unity Web Player (HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VMware Horizon Client (HKLM\...\{AAC8DB2E-95D9-416D-BAF1-53395D81CBB3}) (Version: 3.4.0.27772 - VMware, Inc.)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.904 - Zemana Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3762274814-3010589716-3170184999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Indre Melynis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D38705-7F65-420A-A782-A94BA95B10C4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {058BBA96-5526-41AD-8FD8-909F44B417E6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3762274814-3010589716-3170184999-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {146C2578-2DE5-48CA-AF95-00D4524859EA} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {1A39B01E-3935-4182-A0F3-468015AC7B53} - System32\Tasks\RNUpgradeHelperResumePrompt_Indre Melynis => C:\Users\Indre Melynis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-24] (RealNetworks, Inc.)
Task: {27B7A3C8-A474-4B48-8FB8-5E1C815D986D} - System32\Tasks\{52DCD8A6-6A81-4063-A05E-59C8780F02FF} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX
Task: {2A843039-E5E4-4832-858F-7A50FB2C4658} - System32\Tasks\ReclaimerUpdateXML_Indre Melynis => C:\Users\Indre Melynis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-24] (RealNetworks, Inc.)
Task: {2C3A7660-CCBB-4A4E-B69F-9111B274E7BE} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3762274814-3010589716-3170184999-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-11-04] (RealNetworks, Inc.)
Task: {39FB3C93-DC5A-44F1-AC40-3DC272E1F4BB} - System32\Tasks\{EF43C50F-8112-4141-AA50-483A5DC56E4A} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2013-03-07] (Research In Motion)
Task: {50D3EC8A-ACAE-4A99-9AFA-4BB76B7BA22D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {522075A2-FBBC-4850-8971-56507536B9B8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3762274814-3010589716-3170184999-1000
Task: {540AA7BA-2F77-42C1-B7EE-BDA7B12C9879} - System32\Tasks\ReclaimerUpdateFiles_Indre Melynis => C:\Users\Indre Melynis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-24] (RealNetworks, Inc.)
Task: {559BE27B-9260-4A96-B8C1-A94DC6F18BF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {596B922E-FB4C-4B83-AC41-4A27CC408726} - System32\Tasks\{3A6B6625-B3B5-4B72-8618-52D5217B5D74} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe [2013-03-07] (Research In Motion)
Task: {6F3CD25E-64C3-423E-9F70-5ECD9FDA508A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {78A6B89B-6858-4A5E-B4E4-A9EE86155138} - System32\Tasks\RNUpgradeHelperLogonPrompt_Indre Melynis => C:\Users\Indre Melynis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-24] (RealNetworks, Inc.)
Task: {7DBE480D-2EAE-4221-A072-C042F4A67FC8} - System32\Tasks\HPCeeScheduleForIndre Melynis => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9A82CD07-A6C9-4CF4-8628-AE1E5699A2C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A43A226B-DFA5-4755-9580-E7F132ACB558} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {A63C0C2A-8D6B-4529-8601-41A404AD367C} - System32\Tasks\avastBCLRestartS-1-5-21-3762274814-3010589716-3170184999-1000 => Firefox.exe
Task: {AE75C610-9CF2-4FC0-A0F2-972371984CC0} - System32\Tasks\{5952AA5E-DB9C-4587-B603-29DDEBF96664} => pcalua.exe -a "C:\Users\Indre Melynis\Downloads\B2CAppSetup.exe" -d "C:\Users\Indre Melynis\Downloads"
Task: {B1117E51-A9D4-4583-80AE-60F23DE6A3CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B506FCB2-33B7-4EB0-85AE-D0A54B342AD3} - System32\Tasks\{B0831E5E-3993-4A26-8666-C90359903CE5} => pcalua.exe -a "C:\Users\Indre Melynis\Downloads\AdobeAIRInstaller(1).exe" -d "C:\Users\Indre Melynis\Downloads"
Task: {BD1A898E-AE89-4D8F-A7B3-32ECFDEAAFC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {C252083C-5360-4A17-89FD-3705CF03AF0C} - System32\Tasks\AdobeAAMUpdater-1.0-IndreMelynis-PC-Indre Melynis => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {C3E92C91-635C-4B81-AF12-67EB1CD1A11B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {C69995E9-3891-462E-8384-7128C4D3E1F9} - System32\Tasks\{7C869429-E06F-437A-8442-0C8DD88FA6EA} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {CF7D40A7-77A3-41E8-8A17-7C0B3B2A4699} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {D51B1318-5B45-4918-AFE3-C8192DB98485} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {D83B48B8-96EB-4F3A-A904-F62FBF169F5D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-13] (AVAST Software)
Task: {DFF830F5-EE12-46B2-B528-66DC3B493B49} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {E5B84E54-9191-4B18-83FA-6835AF02856E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {E75E66B8-207C-4CE6-9EB2-E974D9F10554} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E9CFDE0C-27AB-4D72-A294-5C1F9DD5D397} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {F78F1047-8A3A-49A1-B605-59574F34F7D6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3762274814-3010589716-3170184999-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {F90E831A-196F-45F1-9F59-8EB60C5B85F1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIndre Melynis.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-28 19:15 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 05:02 - 2015-10-16 05:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-02-21 11:20 - 2016-02-21 11:20 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2012-09-30 08:40 - 2005-03-11 13:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-06-27 19:26 - 2011-06-27 19:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-29 08:52 - 2011-06-29 08:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2012-07-16 16:42 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-19 21:41 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-08 17:09 - 2015-05-08 17:09 - 00226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-05-12 11:07 - 2015-05-12 11:07 - 04333712 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-07-16 15:29 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-11-04 13:28 - 2015-11-04 13:28 - 00719632 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-12-13 01:35 - 2015-12-13 01:35 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-13 01:35 - 2015-12-13 01:35 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-24 22:28 - 2016-02-24 22:28 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022401\algo.dll
2015-12-13 01:35 - 2015-12-13 01:35 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-25 21:08 - 2016-02-25 21:08 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022502\algo.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2015-05-08 16:57 - 2015-05-08 16:57 - 00239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 00022312 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\mediautil.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 01520936 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avformat-55.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 04274984 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 00322856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avutil-52.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2015-10-28 19:15 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-12-13 01:35 - 2015-12-13 01:35 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-04 13:20 - 2015-11-04 13:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-12-31 21:26 - 2015-12-31 21:26 - 00653608 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2015-11-04 13:28 - 2015-11-04 13:28 - 00077584 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2012-07-16 15:21 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-02-10 21:28 - 2016-02-10 21:28 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b4aed9b5bac22d4e9008e99e935fe2de\IsdiInterop.ni.dll
2012-07-16 15:22 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-03-10 17:53 - 2012-03-10 17:53 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2012-03-10 17:53 - 2012-03-10 17:53 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3762274814-3010589716-3170184999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Indre Melynis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48130E8E-44B7-4D8B-8EAD-01F1B7C57451}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A40A881-9E0E-4943-B872-5639EBCF061E}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{65A1D546-9220-4E10-A42E-3FCBEA4A08CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D38D8495-AB60-4A9B-8983-5964DFB5A385}] => (Allow) LPort=2869
FirewallRules: [{E039F6E9-1508-4900-9080-A72C7442CCF7}] => (Allow) LPort=1900
FirewallRules: [{1D2CD9B6-53F1-42F2-A971-AC1E19E8A909}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2074010B-F731-4FEA-9936-92C61AE0709C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{45C295C2-F9D0-4E8C-B23A-89A65CB99014}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1C6D3879-E6B1-428F-BA77-8BC7E5079BEC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{953473C2-9397-46D8-9EDA-B8943AB566BD}] => (Allow) LPort=9700
FirewallRules: [{C8DBC3D2-7CB4-4CCC-AAC5-22BD7DD18876}] => (Allow) LPort=9701
FirewallRules: [{C7016C70-9289-4455-86A3-D38626D02D94}] => (Allow) LPort=9702
FirewallRules: [{94C78CC5-0FC5-43D2-89FA-B81457710AB4}] => (Allow) LPort=9700
FirewallRules: [{92FFCD87-B9AC-4A71-A6B7-81733B44375F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{2E761979-07EA-4F02-8260-C691E35B9D3E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{86A5D722-3D1F-49C4-A2E7-E705BCCF5E2F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{3675941A-4D82-426A-8F42-054867995286}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{FB262330-7AB1-4688-8E4F-7B710CF62C14}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{F1EA3697-2E85-4F35-AC6A-5DBD5DDC1132}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{391E3A63-EF47-4591-8C3B-8C50F493ACBD}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{52F372E0-8A3F-4593-9733-EF215A026FD5}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{E76265E6-A03D-434C-B6F4-A01A0FD7388F}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{241B5457-51A9-4D83-BD8C-12C79D307DC8}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{1FDADA4C-863C-497F-9E4C-0796BDAFAF1E}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{8A323F49-1637-4A63-80F1-FF2265E41EBF}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{AB90E791-36AB-4FA4-81E9-54D996857234}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{645D6106-6577-4F33-9296-F2559966939D}] => (Allow) C:\Windows\SysWOW64\dlbccoms.exe
FirewallRules: [{DF1C2E92-21CC-483B-8A67-432C56F859F5}] => (Allow) C:\Windows\SysWOW64\dlbccoms.exe
FirewallRules: [{FE513085-212E-4AB4-A113-EF4B4833F4E0}] => (Allow) C:\Windows\System32\dlbccoms.exe
FirewallRules: [{26468671-9C88-4441-B1E1-E71A0FA09BC4}] => (Allow) C:\Windows\System32\dlbccoms.exe
FirewallRules: [{DDD24AE1-75DD-4F80-A19A-8128EC351F6B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbcpswx.exe
FirewallRules: [{D1704739-5342-43CA-AF8F-0E5F6DC1CC98}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbcpswx.exe
FirewallRules: [{8584031D-192B-41F6-9715-6FB0A0CF826E}] => (Allow) LPort=4481
FirewallRules: [{86DE0825-CE28-482A-B101-7D6641238E8D}] => (Allow) LPort=4481
FirewallRules: [{71A800E0-FDC5-40C4-B962-286667B17BB7}] => (Allow) LPort=4482
FirewallRules: [{8C9B4D4E-60B7-4304-9DA4-611EF1E53EE5}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{2483C752-96EA-4FC9-BA00-F8728B3815FA}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{897BE97E-D13C-4CC9-A5CC-93E57A53CD02}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [TCP Query User{0DFF4F4C-1DB4-4CA0-A2A9-79753BFF1162}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{67C58D9A-34F3-47D8-ABCF-A3BF0766B1E4}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{45ECABE8-BB10-44EC-8D91-DED7609B3EA5}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{35C950B5-BD25-40C5-A625-0CB637A6140D}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{53BEE683-8514-44FE-99BD-5928E78C9571}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{424E1851-501A-4C24-9381-F126A9D92B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D52C5899-8BD3-4599-92B4-51C11315832B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F08B83A1-33A2-4948-8A63-2832175E78FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D0F3DD63-4624-4CFD-87C5-EF8517465FBD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9CCFAB43-5FB0-4471-A283-1337E5BB9524}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D457EF0-AF08-4631-BE69-74774236198B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65EAC391-C14D-47BD-BF5B-FB09BAADF401}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F18A966-331B-4273-A642-CE21A958C73E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCCD155B-01B8-433B-B309-0EA3C6CCE16C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{75F247C9-DCF5-4DB2-9479-73FAA73C3AC1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{E19B56E1-4973-49A5-96BD-B55E61A3B0CF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{C6F64A86-EB40-488E-BF56-5BFF1ED9618F}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{08F247D1-0E2C-40D0-9F87-DAD91ECC6B3D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{DB3FBD77-268C-4BAD-91B1-CB0E99F0D9F3}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{FACC73D4-EB96-49A9-B3DD-DD2B0388B15D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{55DDFE67-ACDB-46AE-9580-3F7754BBAE9E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1B0634FB-CE10-4E2C-B1EC-1C09B126F2F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B29FF5E0-82BE-47DC-96BE-033BFF161F6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD35828E-66AA-4570-B1CC-290AAA5C92C4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{84DAB07B-766E-4218-9ADF-3781D4692599}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{00A1DC17-A8D9-43ED-BD12-3379A91B2A17}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0140561A-14B9-4C97-9AC8-74DC00E40FE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7E0E9B4D-284D-44EE-AC9F-B082593BE905}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1114E484-302F-4BFA-B216-7B4D3B889BE5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6ED93E32-172A-4CBE-904A-3734CB4FF361}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{89E8A389-B05C-41E9-8C88-DBD54B076A5F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{74C1A8D5-E4EC-400E-95CB-FB101530B805}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F3F31F7D-90D5-45F7-92CC-FF8525C04106}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{DBE2A5D7-5193-4D93-B344-CFE34B217199}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{1DFFA027-D67E-4BA3-A44C-B6035B96E967}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{D4EF68D2-3F5A-4DCA-8E56-0A399787D445}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{A67F974B-3961-4058-A2D6-AF14B6A164F0}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B1ACFC43-40AF-4F18-9369-8CFAC944051C}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{4AB18234-C9A7-46A9-9FE5-CCAC14DF5153}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DEDFB4E9-B938-4863-87C5-ADBC7B96D664}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-01-2016 22:37:40 Windows Update
26-01-2016 22:28:35 Windows Update
29-01-2016 23:33:28 Windows Update
01-02-2016 21:00:56 Garmin Express
02-02-2016 22:20:33 Windows Update
05-02-2016 23:06:55 Windows Update
09-02-2016 22:37:02 Windows Update
10-02-2016 01:15:45 Windows Update
16-02-2016 22:43:07 Windows Update
21-02-2016 10:11:45 Checkpoint by HitmanPro
21-02-2016 10:12:11 Checkpoint by HitmanPro
21-02-2016 10:39:56 JRT Pre-Junkware Removal
21-02-2016 11:28:32 Zemana AntiMalware 2/21/2016 11:28:32 AM
22-02-2016 23:02:04 Restore Point Created by FRST
24-02-2016 01:34:16 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2016 12:46:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/25/2016 10:29:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/25/2016 10:29:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/25/2016 09:16:11 PM) (Source: HP Active Health) (EventID: 81) (User: )
Description: -- SECURITY WARNING -- Unable to serialize super secret file hashes
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at HP.ActiveHealth.Commons.Security.HashStore.Save()

Error: (02/25/2016 09:15:54 PM) (Source: HP Active Health) (EventID: 2701) (User: )
Description: Could not parse Service: System.OverflowException: Value was either too large or too small for an Int32.
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at HP.ActiveHealth.Agents.WindowsServices.WindowsServicesAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/25/2016 09:11:56 PM) (Source: HP Active Health) (EventID: 81) (User: )
Description: -- SECURITY WARNING -- Unable to serialize super secret file hashes
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at HP.ActiveHealth.Commons.Security.HashStore.Save()

Error: (02/25/2016 09:09:52 PM) (Source: HP Active Health) (EventID: 2701) (User: )
Description: Could not parse Service: System.OverflowException: Value was either too large or too small for an Int32.
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at HP.ActiveHealth.Agents.WindowsServices.WindowsServicesAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/25/2016 09:06:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2016 10:37:04 PM) (Source: HP Active Health) (EventID: 81) (User: )
Description: -- SECURITY WARNING -- Unable to serialize super secret file hashes
at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)
at HP.ActiveHealth.Commons.Security.HashStore.Save()

Error: (02/24/2016 10:29:57 PM) (Source: HP Active Health) (EventID: 2701) (User: )
Description: Could not parse Service: System.OverflowException: Value was either too large or too small for an Int32.
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at HP.ActiveHealth.Agents.WindowsServices.WindowsServicesAgent.GetNewDataClasses(FileInfo agentStateFile)


System errors:
=============
Error: (02/25/2016 10:45:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (02/25/2016 10:45:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\INDREM~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/25/2016 10:45:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (02/25/2016 10:45:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\INDREM~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/25/2016 10:45:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (02/25/2016 10:45:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\INDREM~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/25/2016 10:30:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (02/25/2016 10:30:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\INDREM~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/25/2016 10:30:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (02/25/2016 10:30:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\INDREM~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
Date: 2016-01-21 00:50:56.783
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.775
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.767
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.708
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.172
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.140
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.117
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:56.009
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:54.795
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2016-01-21 00:50:54.787
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 51%
Total physical RAM: 6022.15 MB
Available physical RAM: 2909.89 MB
Total Virtual: 12042.51 MB
Available Virtual: 8890.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:807.91 GB) NTFS
Drive e: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:373.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 8B95E4AA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 181C1835)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

******

THANK YOU AGAIN FOR ALL YOUR HARD WORK ON MY BEHALF!!!

IndyBlue
  • 0

#10
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi IndyBlue,

 

I am currently analyzing the logs, will get back to you as soon as possible.

 

Do note that I will be out of town for a day, so I might be a tad late in my reply. 


  • 0

Advertisements


#11
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Please take your time--no rush!

And thank you again for everything! :)
  • 0

#12
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi IndyBlue,
 
You are doing great at the moment. I missed out a application previously that might be the cause of ads you're seeing.
 
Are you aware of "Coupon Printer for Windows" application that is installed on your machine? Did you install it knowingly, if you are not aware of it, then please follow the instruction below to remove the application.

Remove unwanted programs

Please uninstall the following unwanted programs:

Note: If any of the programs are not listed, proceed to the next one and work through the list.

  • Coupon Printer for Windows

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.
Reboot your machine.

FRST.gifFix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CMD: netsh winsock reset
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ip reset c:\resetlog.txt
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: The system will reboot.
 
In your next reply, please include the following:

  • Whether uninstallation of "Coupon Printer" is successful
  • FRST fixlog
  • How is your system running now

 

P.S: Apologies for the delay.


  • 0

#13
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hiya!

Thanks for your reply! And please: no apologies for any delays--I appreciate all your help!

So, I went to remove the Coupon Printer, and I got an error prompt, which said that it had already been removed. And then it asked me if I wanted to remove "Coupon Printer" from the list, and I said yes.

Here's the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016
Ran by Indre Melynis (2016-02-28 17:34:39) Run:2
Running from C:\Users\Indre Melynis\Desktop
Loaded Profiles: Indre Melynis (Available Profiles: Indre Melynis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CMD: netsh winsock reset
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ip reset c:\resetlog.txt
Emptytemp:
End
*****************

Restore point was successfully created.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::29f5:f43:6748:4f43%13
Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::94d9:4e76:e8c4:1dcd%11
Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.domain.actdsltmp:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Link-local IPv6 Address . . . . . : fe80::29f5:f43:6748:4f43%13
IPv4 Address. . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Link-local IPv6 Address . . . . . : fe80::94d9:4e76:e8c4:1dcd%11
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter isatap.domain.actdsltmp:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.actdsltmp

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => 786.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:41:29 ====

The computer is running okay. I tried going to the NY Times page (note: I am not a subscriber), and the page did not wildly redirect.

However, I have a few questions (if it's okay):

I get these same video ads in almost every site I visit--they seem to slow things down. I attached two examples. They're really annoying. And I can see these annoying ad videos (and they're always the same), but I can't see other videos or tweets or some photos (the legitimate ones that I wish to see). Those ads seem to "take over" page.

Also, I watch a lot of streaming TV shows and movies on 'independent' free sites (not Hulu etc.) Some of those sites work for me, but others no longer do. All of these weird computer issues happened in the new year, and I have no idea why.

Finally, I got a Windows Firewall prompt (attached here) that I wasn't sure how to answer because I had never seen it before (I just clicked X because I didn't know what to do).

Anyway, THANKS AGAIN SO MUCH FOR ALL YOUR HELP!!!

IndyBlue

Attached Thumbnails

  • example1.JPG
  • example2.JPG
  • firewall prompt.JPG

  • 0

#14
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi IndyBlue,
 

I get these same video ads in almost every site I visit--they seem to slow things down. I attached two examples. They're really annoying. And I can see these annoying ad videos (and they're always the same), but I can't see other videos or tweets or some photos (the legitimate ones that I wish to see). Those ads seem to "take over" page.

 
These are ads put up by the website that you visit which you and I have no control over. Usually they are well-placed on the website to let people view the ads without much interference. There is nothing much you can do about that. However, there are some extension (for Chrome) you can get to prevent ads from displaying on the website such as Adblock Plus.
 

Also, I watch a lot of streaming TV shows and movies on 'independent' free sites (not Hulu etc.) Some of those sites work for me, but others no longer do. All of these weird computer issues happened in the new year, and I have no idea why.

 
It depends on what site you are in. For those site that offer "free" steaming are usually pack with malware, or ads, or redirection that often cause you issue. If you would like to view online streaming, then you can choose Netflix, or Hulu or similar reputable website.
 

Finally, I got a Windows Firewall prompt (attached here) that I wasn't sure how to answer because I had never seen it before (I just clicked X because I didn't know what to do).

 
Your firefox is asking for your permission to allow Stage Remote Service by Dell on the network. If you don't use the application, then you can just ignore it (or cancel it).
 
By looking at your screenshot, and based on your logs, I would say that you are likely to face with ads that are placed on the website by the website provider rather than having malware that causes ads on the website that you're in. We can try to clear the cache and see if things improve on your end but the ads would likely to appear again even after clearing the cache.

Clear Chrome Cache and Browsing History

  • Click the Chrome menu iporu.png on the browser toolbar.
  • Select More Tools.
  • Select Clear browsing data.
  • In the drop-down at the top of the dialog box, select until the beginning of time
  • Make sure there is a check mark in the boxes beside the following:
    • Browsing history
    • Download history
    • Cookies and other site and plug-in data
    • Cached images and files
  • Click Clear browsing data.

Clear Firefox Cache and Browsing History

  • Open the Firefox browser
  • Click on Firefox menu iporu.png on the browser toolbar.
  • Select History on the pop up menu and click Clear Recent History.... A clear All History page will open.
  • Click on the Down arrow to expand the details.
  • In the Time range to clear: box, click the down arrow and click Everything
  • Make Sure there is a check mark in the boxes beside the following:
    • Browsing & Download History
    • Form & Search History
    • Cookies
    • Cache
  • Click the Clear now button.

Clear IE Cache and Browsing History

  • Open the IE browser.
  • Click the down arrow next to Safety on the right side of the Menu bar and click Delete browsing history...

    OR, If your IE has the cog icon on the Menu bar, click it then highlight Safety and click Delete browsing history...

    The Delete Browsing History page will open.
  • Make sure the boxes beside the following are checked:
    • Temporary Internet Files and website files
    • Cookies and website data
    • History
    • Download History
  • Remove the check marks from any other boxes unless you want them cleared also.
  • Click the Delete button.

I would like to take a final look at your log to ensure that nothing is left behind.

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

  • FRST log
  • FRST Addition log
  • How is your system running now

  • 0

#15
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Dear Jr0x,

Please forgive me for not responding immediately! I've been working very late hours this week and haven't had a chance to follow your latest set of instructions. I promise to get to them either tomorrow evening or definitely by Saturday.

Thank you for your patience and extremely generous help. I will be in touch soon! :)

Sincerely,

IndyBlue
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP