Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Sluggish System Performance

Started by moose35 , May 06 2016 10:57 PM

Please log in to reply

#1
moose35

Posted 06 May 2016 - 10:57 PM

Member

Member
27 posts

Hi guys,

I've started using my old laptop,a Dell M1330, after giving back my work computer. It's been idle for about 6 months now, nobody has been using it. While the battery is dead (and I've bought a new one), I am a bit surprised by the sluggish system performance of this computer.

Opening and closing programs takes a very long time, as does start up. Chrome is almost unuseable, and having many things open at the same time causes a lot of temporary "not responding" issues.

Here are both FRST logs, and many thanks in advance.

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-05-2016 03
Ran by Stevo (2016-05-07 06:51:26)
Running from C:\Users\Stevo.Agnes\Desktop\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-08-04 10:10:07)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3227243064-1642654041-612091633-500 - Administrator - Disabled)
Guest (S-1-5-21-3227243064-1642654041-612091633-501 - Limited - Enabled)
Stevo (S-1-5-21-3227243064-1642654041-612091633-1000 - Administrator - Enabled) => C:\Users\Stevo.Agnes
Stevo.old (S-1-5-21-3227243064-1642654041-612091633-1001 - Administrator - Enabled) => C:\Users\Stevo.old

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

/BCool (HKLM\...\{0E931A51-A183-4E66-8562-D82896E74C67}) (Version: 1.0 - WebPick)
µTorrent (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_8bb24e071e5922899698c2105557bd2) (Version: 1.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5 (HKLM\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Muse (HKLM\...\AdobeMuse) (Version: 5.0.704 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
akustyk (HKLM\...\akustyk) (Version: - )
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
calibre (HKLM\...\{DA9E9010-058B-4159-8CC5-28298D90AE7B}) (Version: 0.7.49 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Desktop-Reminder 2 (HKLM\...\Desktop-Reminder 2) (Version: 2.56 - Polenter - Software Solutions)
Desktop-Reminder 2 (Version: 2.56 - Polenter - Software Solutions) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Diablo II) (Version: - )
DMDX (HKLM\...\{D64B6C54-1BBF-4E72-B535-6FE3E0AFFEDF}) (Version: 1.0.0.0 - University of Arizona Psychology Dept.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
eM Client (HKLM\...\{B1E24C9A-ADF2-491A-AE71-12F4C66218E7}) (Version: 5.0.18025.0 - eM Client Inc.)
Email Verifier (HKLM\...\Email Verifier) (Version: - Live Software Inc)
Email Verifier (Version: 6.2 - Live Software Inc) Hidden
Emu Patch version 2.2.4_2 (HKLM\...\Emu Patch_is1) (Version: 2.2.4_2 - University Munich)
Emu Speech Tools (HKLM\...\Emu_is1) (Version: 2.2.4 - University Munich)
E-MU USB Audio (HKLM\...\{1C99893D-BC98-4456-AA3E-B67AB42301A6}) (Version: 1.0 - )
English Pronouncing Dictionary (HKLM\...\English Pronouncing Dictionary) (Version: - )
E-Prime 2.0 (2.0.8.22) (HKLM\...\{ADF3275B-23D9-4714-B357-4DED9D6EE705}) (Version: 2.0.08022 - Psychology Software Tools, Inc.)
Epson Easy Photo Print 2 (HKLM\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Manual (HKLM\...\EPSON SX125 Series Manual) (Version: - )
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fingerprint Reader Suite 5.6 (HKLM\...\{A2289997-10A3-48F2-AA03-99180D761661}) (Version: 5.6.2.3476 - UPEK Inc.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
IPA/SAM Phonetics Fonts (HKLM\...\IPA/SAM Phonetic Fonts_is1) (Version: - University College London)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
jEdit 4.5.0 (HKLM\...\jEdit_is1) (Version: 4.5.0 - Contributors)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
MATLAB R2007a (HKLM\...\MatlabR2007a) (Version: 7.4 - The MathWorks, Inc.)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 en-US) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 en-US)) (Version: 17.0.7 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Micro 8.1.1.4 (HKLM\...\Nero8Lite_is1) (Version: 8.1.1.4 - Updatepack.nl)
Nitro Pro 8 (HKLM\...\{F70D8C2A-9320-4DDC-8693-6E7DEAA5B096}) (Version: 8.0.9.8 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.7 - )
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV) <==== ATTENTION
PCFriendly (HKLM\...\PCFriendly) (Version: - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
PowerISO (HKLM\...\PowerISO) (Version: - )
pzizz (HKLM\...\pzizz) (Version: 2.7.3.0 - Brainwave)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
R for Windows 2.10.0 (HKLM\...\R for Windows 2.10.0_is1) (Version: 2.10.0 - R Development Core Team)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
SecureW2 EAP Suite 1.1.1 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Simple Sticky Notes 2.1 (HKLM\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Noise Reduction Plug-In 2.0e (HKLM\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)
Sony Sound Forge 9.0 (HKLM\...\{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}) (Version: 9.0.297 - Sony)
SPSS 16.0 (HKLM\...\{9A657E90-E2B7-44DE-8929-055948162595}) (Version: 16.0.0 - SPSS Inc.)
Sublime Text 2.0.1 (HKLM\...\Sublime Text 2_is1) (Version: - )
Subversion (HKLM\...\{522C39C5-F781-49E5-AE1D-FE8A16B1A61A}) (Version: 1.6.6 - CollabNet)
The Bridge (HKLM\...\The Bridge_is1) (Version: - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.55 - KMP Media co., Ltd)
TortoiseSVN 1.6.6.17493 (32 bit) (HKLM\...\{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}) (Version: 1.6.17493 - TortoiseSVN)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
Transcriber 1.5.1 (HKLM\...\Transcriber_is1) (Version: - DGA)
TVAnts 1.0 (HKLM\...\TVAnts 1.0) (Version: - )
Unity Web Player (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Veetle TV 0.9.14 (HKLM\...\Veetle TV) (Version: 0.9.14 - Veetle, Inc)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Photo Gallery (HKLM\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1329.0201 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{9176251A-4CC1-4DDB-B343-B487195EB397}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 4.1.6 (HKLM\...\winscp3_is1) (Version: 4.1.6 - Martin Prikryl)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.63 - dnSoft Research Group)
Yandex (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\YandexBrowser) (Version: 37.0.2062.12521 - ООО «ЯНДЕКС»)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3227243064-1642654041-612091633-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3227243064-1642654041-612091633-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Stevo.Agnes\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0090489B-E1D5-4736-99C6-AA7B25EF255B} - System32\Tasks\{1C71A993-704C-489F-BFA0-F75B6BDDE21A} => pcalua.exe -a "C:\Downloads\Nero 7 Premium\Nero_7_Premium.exe" -d "C:\Downloads\Nero 7 Premium"
Task: {03734FDB-CC5C-479B-A36E-FC7F47A9D56F} - System32\Tasks\AdobeAAMUpdater-1.0-Agnes-Stevo => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0CB9BF4C-D160-4244-973F-46620F8EBD28} - System32\Tasks\{147ED7DF-D319-4976-B64E-3CF7E2C4A18E} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
Task: {1699F5AF-65A3-428D-81C9-D7C219B29F28} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {1A259437-183F-49DE-AFBB-2221A41D9596} - System32\Tasks\schedule!1143840799 => C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe <==== ATTENTION
Task: {2B53710A-5AA0-4BDE-B162-04E771C4A787} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {36E83CD5-08ED-4159-94FA-4B5040A12616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3A14D099-9E0C-4C65-8568-57BE42B7E39B} - System32\Tasks\{58F050AE-3EA9-4F50-84BF-66FD009CF0EE} => pcalua.exe -a "C:\Program Files\Sony Setup\Vegas Pro 8.0\Setup.exe" -d "C:\Program Files\Sony Setup\Vegas Pro 8.0"
Task: {488733A4-D06E-4AE3-A5A2-1EAEBE6964E3} - System32\Tasks\{D3D566E7-3204-4E2E-AC4D-E7B05105FEE6} => pcalua.exe -a C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program\setup.exe -d C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program
Task: {6E378AB6-BDDE-421D-8341-CF61A36FA4E7} - System32\Tasks\RunAsStdUser Task => c:\program files\matlab\r2010a\MATLAB R2010a.lnk [2011-08-04] ()
Task: {83C972DA-1518-46A7-B1B4-7942845AA8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-17] (Adobe Systems Incorporated)
Task: {ABABE7CA-2DCB-48F6-B9F6-DD781E8CA566} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BDB75099-86A8-4E8A-A972-972E8C012163} - System32\Tasks\{79EA071B-1428-4609-BBB2-37F9523B154B} => pcalua.exe -a F:\setup\rsrc\Autorun.exe -d F:\
Task: {FD25EE92-C12C-421A-B96F-92EA97BC0C8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FE930BAA-C912-4B10-A747-B909BEF06C79} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-04-11] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800
ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800

==================== Loaded Modules (Whitelisted) ==============

2008-08-04 17:29 - 2008-05-19 08:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-08-04 17:29 - 2008-05-19 08:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2016-05-06 21:02 - 2016-05-06 19:08 - 02909184 _____ () C:\Program Files\Alwil Software\Avast5\defs\16050601\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-11 17:24 - 2001-08-10 15:23 - 00388608 _____ () C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll
2009-10-20 01:11 - 2009-10-20 01:11 - 00101128 _____ () C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
2008-01-21 04:24 - 2008-01-21 04:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-06-03 14:44 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files\Simnet\Simple Sticky Notes\sqlite3.dll
2013-03-09 22:39 - 2012-10-22 12:15 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2013-03-09 22:39 - 2012-07-09 18:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2013-03-09 22:39 - 2011-12-06 17:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2013-03-09 22:39 - 2012-03-23 11:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\regfile\shell\open\command: "regedit.exe" "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2016-04-15 14:27 - 00000087 ____A C:\Windows\system32\Drivers\etc\hosts

㈱⸷⸰⸰‱†††潬慣桬獯൴㨊ㄺ†††氠捯污潨瑳਍਍਍਍਍഍《〮〮ㄮ洉獳汰獵洮慣敦⹥潣

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-08-2015 10:42:43 Windows Update
01-09-2015 20:22:25 Windows Update
01-09-2015 21:02:46 Windows Update
05-09-2015 12:29:41 Windows Update
11-10-2015 17:41:43 Windows Update
17-11-2015 14:02:29 Windows Update
17-11-2015 15:29:31 Windows Update
17-11-2015 16:00:18 Windows Defender Checkpoint
11-04-2016 19:23:08 Windows Update
06-05-2016 15:15:37 Windows Update
06-05-2016 21:48:04 Windows Update
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2016 06:56:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:09 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:06 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:06 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:56:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:55:53 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2016 06:55:53 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (05/07/2016 06:16:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/07/2016 06:16:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/07/2016 06:15:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/07/2016 06:15:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/07/2016 06:15:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/07/2016 06:15:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IPsec Policy AgentBase Filtering Engine%%1058

Error: (05/07/2016 06:15:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%1058

Error: (05/07/2016 06:15:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows FirewallBase Filtering Engine%%1058

Error: (05/07/2016 06:13:11 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/06/2016 10:14:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

CodeIntegrity:
===================================
Date: 2016-05-07 06:50:01.607
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:50:00.910
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:50:00.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:49:59.573
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:49:58.730
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:49:58.076
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:49:57.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-07 06:49:56.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-04 14:20:58.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-04 14:20:58.670
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 3573.12 MB
Available physical RAM: 1318.46 MB
Total Virtual: 7351.22 MB
Available Virtual: 5316.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:23.51 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.86 GB) NTFS
Drive f: (20100501_2217) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive i: (My Passport) (Fixed) (Total:372.52 GB) (Free:20.56 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 372.6 GB) (Disk ID: 5C74AE42)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-05-2016 03
Ran by Stevo (administrator) on AGNES (07-05-2016 06:48:21)
Running from C:\Users\Stevo.Agnes\Desktop\Desktop
Loaded Profiles: Stevo (Available Profiles: Stevo & Stevo.old)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(E-MU Systems) C:\Windows\System32\emaudsv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Polenter - Software Solutions) C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Simnet Ltd. ) C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\psqltray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe [36864 2007-12-03] (Creative Technology Ltd.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-03-29] (Adobe Systems Inc.)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [jEdit Server] => C:\Program Files\jEdit\jedit.exe [42496 2012-01-31] (Contributors)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-11-02] (PowerISO Computing, Inc.)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Fingerprint Reader Suite\launcher.exe [49168 2007-04-17] (UPEK Inc.)
HKLM\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-04-17] (UPEK Inc.)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2008-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe [2743344 2013-01-06] (Polenter - Software Solutions)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [Simple Sticky Notes] => C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe [552096 2013-05-25] (Simnet Ltd. )
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\photoscreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2012-10-31] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-06-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-06-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2008-08-13]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-02-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stevo.old_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3285DDC1-13E3-4070-90A8-7D76060AA417}: [DhcpNameServer] 192.108.131.11 194.160.44.11
Tcpip\..\Interfaces\{C50C14DC-FFFF-4833-96AA-E3AA1792C207}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.com/?win=160&clid=1989595
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080804
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.joinred.com/
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.joinred.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> DefaultScope E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
DPF: {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

FireFox:
========
FF ProfilePath: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Yandex
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.yandex.com/?win=160&clid=1989595
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2012-11-29] (Nitro PDF)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-11] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.14 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2009-02-05] (Veetle, Inc.)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.14 -> C:\Program Files\Veetle\Player\npvlc.dll [2009-02-13] (VideoLAN Team)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stevo.Agnes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-08-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2008-11-11] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-09-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\WebSearch.xml [2013-06-30]
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\yandex.com-161732.xml [2015-01-24]
FF Extension: Performance Cache - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\extensions\[email protected] [2008-01-21] [not signed]
FF Extension: SSEyaarch-NNewTaab - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2016-05-06] [not signed]
FF Extension: Browyse2Saave - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2016-05-06] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-31] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-03-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-02-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yandex.com/?__PARAM__from=chromehp
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://websearch.simplespeedy.info/","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071613","hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (VideoLAN Team)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Stevo.Agnes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-06]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-05-06]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-07-07]
CHR Extension: (avast! WebRep) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-31]
CHR Extension: (YousableTubeFix for Chrome) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe [2013-03-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2012-10-31]
CHR HKLM\...\Chrome\Extension: [kbeegpjhjdgdnpeebagdkolopmkchhbe] - C:\ProgramData\Bcool\kbeegpjhjdgdnpeebagdkolopmkchhbe.crx [2012-07-05]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Stevo\AppData\Local\Temp\ccex.crx <not found>

Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=160&clid=1989595"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
R2 emaudsv; C:\Windows\system32\emaudsv.exe [20992 2007-11-26] (E-MU Systems)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-01-13] (Macrovision Europe Ltd.) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-11-29] (Nitro PDF Software)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [35928 2012-10-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [625152 2008-08-02] (Microsoft Corporation) [File not signed]
S3 emusba10; C:\Windows\System32\DRIVERS\emusba10.sys [163352 2007-11-26] (E-MU Systems)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-12] (Duplex Secure Ltd.)
R3 SRBoxDRv; C:\Windows\System32\Drivers\SRBoxDRv.sys [11776 2006-04-12] (Psychology Software Tools) [File not signed]
U3 ag2yi2p2; C:\Windows\system32\Drivers\ag2yi2p2.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 anew86sb; C:\Windows\system32\Drivers\anew86sb.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MADFUFTU; system32\DRIVERS\MAudioFastTrackUltra_DFU.sys [X]
S3 MAUSBFASTTRACKULTRA; system32\DRIVERS\MAudioFastTrackUltra.sys [X]
S3 MAUSBMOBILEPRE; system32\DRIVERS\MAudioMobilePre.sys [X]
S3 MAUSBRI; system32\DRIVERS\mausbftu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 06:48 - 2016-05-07 06:48 - 00000000 ____D C:\FRST
2016-05-07 06:45 - 2016-05-07 06:46 - 01730048 _____ (Farbar) C:\Users\Stevo.Agnes\Downloads\FRST.exe.part
2016-05-07 06:31 - 2016-05-07 06:38 - 00380240 _____ C:\Users\Stevo.Agnes\Desktop\cc_20160507_063101.reg
2016-05-06 21:37 - 2016-05-06 21:37 - 00000675 _____ C:\Users\Stevo.Agnes\Desktop\zdroje_MO.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-07 06:45 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-07 06:45 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-07 06:28 - 2010-03-31 12:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-07 06:25 - 2014-07-30 21:29 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\uTorrent
2016-05-07 06:23 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-05-07 06:19 - 2013-04-17 17:13 - 00000000 ____D C:\Users\Stevo.Agnes\Documents\DesktopReminder
2016-05-07 06:18 - 2012-06-01 14:19 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox
2016-05-07 06:18 - 2012-06-01 09:42 - 00000000 ____D C:\Users\Stevo.Agnes\.jedit
2016-05-07 06:16 - 2012-06-01 09:40 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\TSVNCache
2016-05-07 06:16 - 2010-03-31 12:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-07 06:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2016-05-07 06:13 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-06 22:17 - 2006-11-02 15:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-06 22:05 - 2013-07-15 18:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-15 14:26 - 2015-11-17 14:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-04-15 14:24 - 2012-06-01 09:46 - 00084992 ____H C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2012-06-01 14:05 - 2012-06-01 14:05 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Roaming\winscp.rnd
2012-06-01 11:37 - 2015-02-21 18:24 - 0006648 _____ () C:\Users\Stevo.Agnes\AppData\Local\d3d9caps.dat
2012-06-01 09:46 - 2016-04-15 14:24 - 0084992 ____H () C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 14:06 - 2012-06-01 14:19 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Local\PUTTY.RND
2013-05-17 02:42 - 2013-05-17 02:42 - 0001360 _____ () C:\Users\Stevo.Agnes\AppData\Local\recently-used.xbel
2009-02-03 19:54 - 2009-02-03 19:54 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-09-20 12:39 - 2010-09-20 16:12 - 0004465 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Stevo.old\AppData\Local\Temp\install_flashplayer10_mssd_aih.exe
C:\Users\Stevo.old\AppData\Local\Temp\ose00000.exe
C:\Users\Stevo.old\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Stevo.old\AppData\Local\Temp\utt59B3.tmp.exe
C:\Users\Stevo.old\AppData\Local\Temp\uttF23A.tmp.exe
C:\Users\Stevo.old\AppData\Local\Temp\_isE095.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-07 06:21

==================== End of FRST.txt ============================

#2
RKinner

Posted 13 May 2016 - 10:17 AM

Malware Expert

Expert
24,625 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that.

Download ESET's Service Repair http://www.wintips.org/wp-content/uploads/files/ServicesRepair.zip andSave it then right click on it Extract All.

Find ServicesRepair.exe and Run As Admin.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:

http://download.blee...Bs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:

http://support.kaspe...iruses/utility#

Use the EXE button

Save it to your desktop then run it.

Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Run FRST again. Click on Addition.txt and then SCAN. Post both logs.

#3
moose35

Posted 21 May 2016 - 12:25 AM

Member

Topic Starter
Member
27 posts

Hi!

Thank for your reply. I did everything except the Event Viewer Tool (said it hadn't been coded in my language, Slovak, and that it can't run). Otherwise, I did everything you listed and am attaching the logs below. The computer is running much, much better now, although startup is taking a lot longer - not that I'm complaining, just wanted to bring it up in case it's an issue.

Combofix ran for quite a long time (about 40 minutes), even though the program said 10.

Here are the logs:

Fixlog (from FRST):

Fix result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Stevo (2016-05-20 18:29:19) Run:1
Running from C:\Users\Stevo.Agnes\Downloads
Loaded Profiles: Stevo (Available Profiles: Stevo & Stevo.old)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-06-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\..\Interfaces\{3285DDC1-13E3-4070-90A8-7D76060AA417}: [DhcpNameServer] 192.108.131.11 194.160.44.11
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2008-11-11] (BitComet)
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\WebSearch.xml [2013-06-30]
FF Extension: SSEyaarch-NNewTaab - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2016-05-06] [not signed]
FF Extension: Browyse2Saave - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2016-05-06] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-31] [not signed]
CHR Plugin: (Shockwave Flash) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-05-06]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-07-07]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Stevo\AppData\Local\Temp\ccex.crx <not found>
U3 ag2yi2p2; C:\Windows\system32\Drivers\ag2yi2p2.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 anew86sb; C:\Windows\system32\Drivers\anew86sb.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MADFUFTU; system32\DRIVERS\MAudioFastTrackUltra_DFU.sys [X]
S3 MAUSBFASTTRACKULTRA; system32\DRIVERS\MAudioFastTrackUltra.sys [X]
S3 MAUSBMOBILEPRE; system32\DRIVERS\MAudioMobilePre.sys [X]
S3 MAUSBRI; system32\DRIVERS\mausbftu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Stevo.old\AppData\Local\Temp\install_flashplayer10_mssd_aih.exe
C:\Users\Stevo.old\AppData\Local\Temp\ose00000.exe
C:\Users\Stevo.old\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Stevo.old\AppData\Local\Temp\utt59B3.tmp.exe
C:\Users\Stevo.old\AppData\Local\Temp\uttF23A.tmp.exe
C:\Users\Stevo.old\AppData\Local\Temp\_isE095.exe
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
Task: {1A259437-183F-49DE-AFBB-2221A41D9596} - System32\Tasks\schedule!1143840799 => C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe <==== ATTENTION
Task: {BDB75099-86A8-4E8A-A972-972E8C012163} - System32\Tasks\{79EA071B-1428-4609-BBB2-37F9523B154B} => pcalua.exe -a F:\setup\rsrc\Autorun.exe -d F:\
HKLM\...\regfile\shell\open\command: "regedit.exe" "%1" <===== ATTENTION
HOSTS:
CMD: netsh winsock reset

*****************

"HKU\S-1-5-21-3227243064-1642654041-612091633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully.
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3285DDC1-13E3-4070-90A8-7D76060AA417}\\DhcpNameServer => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value removed successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => key not found.
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => value not found.
HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => key not found.
FF DefaultSearchEngine,S: WebSearch => not found
FF SearchEngineOrder.1: WebSearch => not found
FF SearchEngineOrder.1,S: WebSearch => not found
FF SelectedSearchEngine,S: WebSearch => not found
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2" => key removed successfully.
C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2" => key removed successfully.
C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => moved successfully
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin => key not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully
HKU\FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)S-1-5-21-3227243064-1642654041-612091633-1000\Software\MozillaPlugins\FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)pandonetworks.com/PandoWebPlugin => key not found.
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll => moved successfully
"C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\WebSearch.xml" => not found.
C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] => moved successfully
C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] => moved successfully
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => moved successfully
C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll => not found.
C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll => not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully.
ag2yi2p2 => service not found.
anew86sb => service not found.
BCM42RLY => service removed successfully.
IpInIp => service removed successfully.
MADFUFTU => service removed successfully.
MAUSBFASTTRACKULTRA => service removed successfully.
MAUSBMOBILEPRE => service removed successfully.
MAUSBRI => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
C:\Users\Stevo.old\AppData\Local\Temp\install_flashplayer10_mssd_aih.exe => moved successfully
C:\Users\Stevo.old\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Stevo.old\AppData\Local\Temp\SkypeSetup.exe => moved successfully
"C:\Users\Stevo.old\AppData\Local\Temp\utt59B3.tmp.exe" => not found.
"C:\Users\Stevo.old\AppData\Local\Temp\uttF23A.tmp.exe" => not found.
C:\Users\Stevo.old\AppData\Local\Temp\_isE095.exe => moved successfully
C:\Windows\System32\nsprs.dll => moved successfully
C:\Windows\System32\serauth1.dll => moved successfully
C:\Windows\System32\serauth2.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A259437-183F-49DE-AFBB-2221A41D9596}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A259437-183F-49DE-AFBB-2221A41D9596}" => key removed successfully.
C:\Windows\System32\Tasks\schedule!1143840799 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!1143840799 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDB75099-86A8-4E8A-A972-972E8C012163}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDB75099-86A8-4E8A-A972-972E8C012163}" => key removed successfully.
C:\Windows\System32\Tasks\{79EA071B-1428-4609-BBB2-37F9523B154B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79EA071B-1428-4609-BBB2-37F9523B154B}" => key removed successfully.
HKLM\Software\Classes\regfile\shell\open\command\\Default => value restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog 18:30:23 ====

ComboFix 16-05-18.01 - Stevo 05/20/2016 18:45:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.421.1033.18.3573.1646 [GMT 2:00]
Running from: c:\users\Stevo.Agnes\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pst
c:\program files\pst\E-Prime 2.0\Documentation\GettingStartedGuide.pdf
c:\program files\pst\E-Prime 2.0\Documentation\NewFeaturesGuide.pdf
c:\program files\pst\E-Prime 2.0\Documentation\readme.txt
c:\program files\pst\E-Prime 2.0\Documentation\ReferenceGuide.pdf
c:\program files\pst\E-Prime 2.0\Documentation\UsersGuide.pdf
c:\program files\pst\E-Prime 2.0\mfc71.dll
c:\program files\pst\E-Prime 2.0\mfc71u.dll
c:\program files\pst\E-Prime 2.0\Program\ActivateBetaWizard.exe
c:\program files\pst\E-Prime 2.0\Program\ActivateBetaWizard.XmlSerializers.dll
c:\program files\pst\E-Prime 2.0\Program\ClockExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\Components\DeviceHelpers.dll
c:\program files\pst\E-Prime 2.0\Program\Components\E-ObjectLogging.dll
c:\program files\pst\E-Prime 2.0\Program\Components\E-StudioHelpers.dll
c:\program files\pst\E-Prime 2.0\Program\Components\E-Upgrade.dll
c:\program files\pst\E-Prime 2.0\Program\Components\PSTControls.ocx
c:\program files\pst\E-Prime 2.0\Program\CoreExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\Devices\DisplayDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\JoystickDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\KeyboardDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\MouseDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\ParallelPortDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\PortDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SerialDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SocketDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SoundCaptureDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SoundDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SRBoxDevice.dll
c:\program files\pst\E-Prime 2.0\Program\DisplayExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\E-Basic.chm
c:\program files\pst\E-Prime 2.0\Program\E-DataAid.chm
c:\program files\pst\E-Prime 2.0\Program\E-DataAid.exe
c:\program files\pst\E-Prime 2.0\Program\E-DataAidCSH.chm
c:\program files\pst\E-Prime 2.0\Program\E-Merge.chm
c:\program files\pst\E-Prime 2.0\Program\E-Merge.exe
c:\program files\pst\E-Prime 2.0\Program\E-Objects\ImageDisplay.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\InLine.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Label.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\List.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\MovieDisplay.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\PackageCall.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Procedure.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Slide.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\SoundIn.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\SoundOut.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\TextDisplay.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Wait.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Recovery.chm
c:\program files\pst\E-Prime 2.0\Program\E-Recovery.exe
c:\program files\pst\E-Prime 2.0\Program\E-Run.exe
c:\program files\pst\E-Prime 2.0\Program\E-Runtime.dll
c:\program files\pst\E-Prime 2.0\Program\E-Studio.chm
c:\program files\pst\E-Prime 2.0\Program\E-Studio.exe
c:\program files\pst\E-Prime 2.0\Program\EBasicScriptLib.dll
c:\program files\pst\E-Prime 2.0\Program\EDataAidAnalysisMacros.xla
c:\program files\pst\E-Prime 2.0\Program\FactorExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\FactorTableWizard.xls
c:\program files\pst\E-Prime 2.0\Program\hasp_net_windows.dll
c:\program files\pst\E-Prime 2.0\Program\hasp_net_windows_x64.dll
c:\program files\pst\E-Prime 2.0\Program\hasp_net_windows_x64.dll.manifest
c:\program files\pst\E-Prime 2.0\Program\hasp_windows_50978.dll
c:\program files\pst\E-Prime 2.0\Program\hasp_windows_x64_50978.dll
c:\program files\pst\E-Prime 2.0\Program\ICSharpCode.SharpZipLib.dll
c:\program files\pst\E-Prime 2.0\Program\Interop.MSXML.dll
c:\program files\pst\E-Prime 2.0\Program\JoystickExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\KeyboardExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\keywords.ini
c:\program files\pst\E-Prime 2.0\Program\LicenseManager.exe
c:\program files\pst\E-Prime 2.0\Program\MouseExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\ParallelPortExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\PortExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\Pst.Common.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.EPrime.ActivateBeta.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.EPrime.Common.MachineInfo.Interop.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.EPrime.EStudio.Packages.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.Gui.dll
c:\program files\pst\E-Prime 2.0\Program\PSTNCM22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNCX22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNDC22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNDD22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNDG22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNOL22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNPB22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNRN22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNTL22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNUASM.DLL
c:\program files\pst\E-Prime 2.0\Program\RuntimeAudio.dll
c:\program files\pst\E-Prime 2.0\Program\SerialExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\SharpZipLib.dll
c:\program files\pst\E-Prime 2.0\Program\SocketExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\SoundExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\SRBoxExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\vc6-re200l.dll
c:\program files\pst\E-Prime 2.0\Program\WebRequest.dll
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\BasicRT\BasicRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Box.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Cylinder.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Face.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\MovieRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Perception.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\NestingRT\NestingRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\NestingXRT\NestingXRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\BlueCar.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\PictureRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\RedCar.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\down.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\left.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\right.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\SlideRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\up.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\APPLEF.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\CANARYF.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\SoundRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Bob.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\CANARYF.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\cigars.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\cigars.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\MovieTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\PictureTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\ScriptTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\SoundTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-1-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-2-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-3-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-4-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-5-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-1-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-2-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-3-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-4-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-5-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\E-BasicExample.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\E-BasicSoundExample.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Female.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Female.jpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\flowers.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\flowers.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\laundry.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\laundry.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Linda.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Male.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Male.jpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\RedCar.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\sports.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\sports.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Tones.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage2-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodA-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodB-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodC-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-ChangeTrialProc-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-NestedBlockList-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage5-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage6-LexicalDecision001.es2
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\program files\SiL
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Recent\SVP-Grammar 2.roc. beginners.docx
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AdobePDF.dll
.
.
(((((((((((((((((((((((((   Files Created from 2016-04-20 to 2016-05-20 )))))))))))))))))))))))))))))))
.
.
2016-05-20 17:16 . 2016-05-20 17:16   --------   d-----w-   c:\users\Stevo.old_\AppData\Local\temp
2016-05-20 17:16 . 2016-05-20 17:16   --------   d-----w-   c:\users\Stevo.old\AppData\Local\temp
2016-05-20 17:15 . 2016-05-20 17:24   --------   d-----w-   c:\users\Stevo.Agnes\AppData\Local\temp
2016-05-20 17:15 . 2016-05-20 17:15   --------   d-----w-   c:\users\Default\AppData\Local\temp
2016-05-09 08:47 . 2016-05-20 17:22   170200   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-09 08:45 . 2016-03-10 12:09   53120   ----a-w-   c:\windows\system32\drivers\mwac.sys
2016-05-09 08:45 . 2016-03-10 12:08   126336   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2016-05-09 08:45 . 2016-03-10 12:08   24448   ----a-w-   c:\windows\system32\drivers\mbam.sys
2016-05-09 08:45 . 2016-05-09 08:45   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2016-05-09 07:55 . 2016-05-09 07:55   --------   d-----w-   c:\users\Stevo.Agnes\AppData\Roaming\ProductData
2016-05-09 07:55 . 2016-05-09 07:55   --------   d-----w-   c:\programdata\ProductData
2016-05-09 07:55 . 2016-05-09 07:55   --------   d-----w-   c:\programdata\IObit
2016-05-09 07:54 . 2016-05-09 07:56   --------   d-----w-   c:\users\Stevo.Agnes\AppData\Roaming\IObit
2016-05-09 07:54 . 2016-05-09 07:55   --------   d-----w-   c:\program files\IObit
2016-05-08 12:07 . 2016-05-08 12:07   --------   d-----w-   c:\windows\system32\Lang
2016-05-08 12:07 . 2008-01-29 07:46   920088   ----a-w-   c:\windows\system32\igxpun.exe
2016-05-08 12:07 . 2006-11-10 14:25   319456   ----a-w-   c:\windows\system32\difxapi.dll
2016-05-08 12:05 . 2008-01-29 07:47   170520   ----a-w-   c:\windows\system32\igfxzoom.exe
2016-05-08 12:05 . 2008-01-29 07:47   141848   ----a-w-   c:\windows\system32\igfxtray.exe
2016-05-08 12:05 . 2008-01-29 07:47   170520   ----a-w-   c:\windows\system32\igfxext.exe
2016-05-08 12:05 . 2008-01-29 07:47   530968   ----a-w-   c:\windows\system32\igfxcfg.exe
2016-05-07 04:48 . 2016-05-20 16:30   --------   d-----w-   C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-08 08:06 . 2012-08-12 12:45   797376   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2016-05-08 08:06 . 2011-08-18 16:50   142528   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-21 13:05 . 2010-09-16 06:22   374944   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-12-23 14:27   759072   ----a-w-   c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50   121528   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13   721408   ----a-w-   c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13   721408   ----a-w-   c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Simple Sticky Notes"="c:\program files\Simnet\Simple Sticky Notes\ssn.exe" [2013-05-25 552096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-29 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-29 133656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-04 15:37   10536   ----a-w-   c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04   86528   ----a-w-   c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Users^Stevo.Agnes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-29 21:14   624248   ----a-w-   c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08   59720   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39   486856   ----a-w-   c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-10-23 08:25   3108480   ----a-w-   c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopReminder2ByPolenter]
2013-01-06 09:26   2743344   ----a-w-   c:\program files\Desktop-Reminder 2\DesktopReminder2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 09:12   976320   ----a-w-   c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35   152392   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58   36864   ----a-w-   c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58   184320   ------w-   c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 03:50   49168   ----a-w-   c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38   167936   ----a-w-   c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00   90112   ------w-   c:\windows\Updreg.EXE
.
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-07 04:24   1106072   ----a-w-   c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 08:06]
.
2016-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 18:18]
.
2016-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 18:18]
.
.
------- Supplementary Scan -------
.
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
AddRemove-{0E931A51-A183-4E66-8562-D82896E74C67} - c:\progra~2\INSTAL~1\{0E931~1\Setup.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
AddRemove-{8B603F5E-8498-89E4-30CE-185D0B3B9EDE} - c:\progra~2\INSTAL~1\{F4F95~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-05-20 19:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(2864)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conime.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2016-05-20 19:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2016-05-20 17:36
.
Pre-Run: 3,703,455,744 bytes free
Post-Run: 3,905,589,248 bytes free
.
- - End Of File - - 5586D8E6E7C545614DADAC1130B6260E
5C616939100B85E558DA92B899A0FC36

19:45:31.0439 0x0228 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
19:45:34.0984 0x0228 ============================================================
19:45:34.0984 0x0228 Current date / time: 2016/05/20 19:45:34.0984
19:45:34.0985 0x0228 SystemInfo:
19:45:34.0985 0x0228
19:45:34.0985 0x0228 OS Version: 6.0.6001 ServicePack: 1.0
19:45:34.0985 0x0228 Product type: Workstation
19:45:34.0985 0x0228 ComputerName: AGNES
19:45:34.0989 0x0228 UserName: Stevo
19:45:34.0989 0x0228 Windows directory: C:\Windows
19:45:34.0989 0x0228 System windows directory: C:\Windows
19:45:34.0989 0x0228 Processor architecture: Intel x86
19:45:34.0990 0x0228 Number of processors: 2
19:45:34.0990 0x0228 Page size: 0x1000
19:45:34.0990 0x0228 Boot type: Normal boot
19:45:34.0990 0x0228 ============================================================
19:45:38.0083 0x0228 KLMD registered as C:\Windows\system32\drivers\83404971.sys
19:45:39.0009 0x0228 System UUID: {FD7E16C1-57F5-6F48-7C0B-2A4A5B6065AF}
19:45:42.0428 0x0228 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:45:42.0446 0x0228 ============================================================
19:45:42.0446 0x0228 \Device\Harddisk0\DR0:
19:45:42.0446 0x0228 MBR partitions:
19:45:42.0447 0x0228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
19:45:42.0447 0x0228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
19:45:42.0470 0x0228 ============================================================
19:45:42.0517 0x0228 C: <-> \Device\Harddisk0\DR0\Partition2
19:45:42.0550 0x0228 D: <-> \Device\Harddisk0\DR0\Partition1
19:45:42.0552 0x0228 ============================================================
19:45:42.0552 0x0228 Initialize success
19:45:42.0552 0x0228 ============================================================
19:46:18.0910 0x0e5c ============================================================
19:46:18.0911 0x0e5c Scan started
19:46:18.0911 0x0e5c Mode: Manual; SigCheck; TDLFS;
19:46:18.0911 0x0e5c ============================================================
19:46:18.0911 0x0e5c KSN ping started
19:46:23.0389 0x0e5c KSN ping finished: true
19:46:25.0082 0x0e5c ================ Scan system memory ========================
19:46:25.0082 0x0e5c System memory - ok
19:46:25.0083 0x0e5c ================ Scan services =============================
19:46:25.0357 0x0e5c [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:46:26.0017 0x0e5c ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:46:26.0264 0x0e5c [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:46:26.0345 0x0e5c ACPI - ok
19:46:26.0489 0x0e5c [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:26.0579 0x0e5c AdobeFlashPlayerUpdateSvc - ok
19:46:26.0669 0x0e5c [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:46:26.0762 0x0e5c adp94xx - ok
19:46:26.0837 0x0e5c [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:46:26.0952 0x0e5c adpahci - ok
19:46:27.0001 0x0e5c [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:46:27.0055 0x0e5c adpu160m - ok
19:46:27.0096 0x0e5c [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:46:27.0146 0x0e5c adpu320 - ok
19:46:27.0206 0x0e5c [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:46:27.0303 0x0e5c AeLookupSvc - ok
19:46:27.0383 0x0e5c [ EF1142512BEC12F1C2C87735DA1755BE, 236EFD8FBA717123E0CF5A136ACEBB80A2BE1FA4B1A9A2C74728BC4EB4E787D8 ] AESTFilters     C:\Windows\system32\aestsrv.exe
19:46:27.0450 0x0e5c AESTFilters - ok
19:46:27.0547 0x0e5c [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD             C:\Windows\system32\drivers\afd.sys
19:46:27.0659 0x0e5c AFD - ok
19:46:27.0712 0x0e5c [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:46:27.0752 0x0e5c agp440 - ok
19:46:27.0808 0x0e5c [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:46:27.0867 0x0e5c aic78xx - ok
19:46:27.0994 0x0e5c [ CB5A5079744A0535416D3A5E462C5EFE, D2FDB93619CEC4F66A799F16B2EC5CB7D7833F8F69554F7FE44DF7A5DC617391 ] aksfridge       C:\Windows\system32\DRIVERS\aksfridge.sys
19:46:28.0117 0x0e5c aksfridge - ok
19:46:28.0222 0x0e5c [ 1A27F5555448CC2D29D281B11F39177E, F1CA4D82440C26270C42F7626B82D3B4DEC9D6BB07719F938A42627D24109003 ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
19:46:28.0326 0x0e5c akshasp - ok
19:46:28.0368 0x0e5c [ 147B61B81BE1FFC38939EA47E5CFB51F, C464F31D3F884541F872D425A59F0C2AAB3F6B617F81E47C67D65A776084C57D ] akshhl          C:\Windows\system32\DRIVERS\akshhl.sys
19:46:28.0462 0x0e5c akshhl - ok
19:46:28.0516 0x0e5c [ B4AD9F5D78F27E0C6994E0CB05C60E21, 31331A13DEF9ABF2488B683D4189CBB69992778DC8A19A3717BA45B85E5EDD0F ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
19:46:28.0585 0x0e5c aksusb - ok
19:46:28.0643 0x0e5c [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
19:46:28.0763 0x0e5c ALG - ok
19:46:28.0811 0x0e5c [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
19:46:28.0852 0x0e5c aliide - ok
19:46:28.0919 0x0e5c [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:46:28.0961 0x0e5c amdagp - ok
19:46:28.0988 0x0e5c [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
19:46:29.0025 0x0e5c amdide - ok
19:46:29.0054 0x0e5c [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:46:29.0173 0x0e5c AmdK7 - ok
19:46:29.0215 0x0e5c [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:46:29.0339 0x0e5c AmdK8 - ok
19:46:29.0400 0x0e5c [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
19:46:29.0485 0x0e5c Appinfo - ok
19:46:29.0634 0x0e5c [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:46:29.0679 0x0e5c Apple Mobile Device - ok
19:46:29.0727 0x0e5c [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
19:46:29.0770 0x0e5c arc - ok
19:46:29.0819 0x0e5c [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:46:29.0869 0x0e5c arcsas - ok
19:46:30.0028 0x0e5c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:46:30.0070 0x0e5c aspnet_state - ok
19:46:30.0132 0x0e5c [ DE6ED95AEF259979B2830450072A627B, 28B02E088F408A1A2E90A48797E75EE8DC0A10F334CC943EEA3BA951C2F61EB3 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:46:30.0250 0x0e5c aswFsBlk - ok
19:46:30.0328 0x0e5c [ 62F9DCEC95F91B8E0203E85D344A7E65, 8B30F6469C9448A4F9C6E934DA90588A978D9551667B73852D20FF9C2FC6B5DF ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:46:30.0362 0x0e5c aswMonFlt - ok
19:46:30.0386 0x0e5c [ 7C9F0A2AB17D52261A9252A2EB320884, AB9362167A2FEB43265DC163419BECB128540EDFC56966BBDE2DEFF05EE58D9F ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
19:46:30.0419 0x0e5c aswRdr - ok
19:46:30.0572 0x0e5c [ B32E9AD44A1DBB3E8095E80F8DF32B03, 6AD8BE2ABBEC680E5133B0D02DC5B1A58B82288AF13A1CD61EDDD24B3341F57D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:46:30.0788 0x0e5c aswSnx - ok
19:46:30.0878 0x0e5c [ 67B558895695545FB0568B7541F3BCA7, 8C2A478B750C9268E203F9F86557F97AA3C3B4BB635966ECDA1249EC6D280E89 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:46:30.0960 0x0e5c aswSP - ok
19:46:31.0016 0x0e5c [ E3E73B2B73A4DFADFDDF557192C4B08A, 7D41C9BCB6B0DB4188347D92191B19196613EEAA88F9C3B7E78CFFDE41C357DC ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:46:31.0049 0x0e5c aswTdi - ok
19:46:31.0106 0x0e5c [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:31.0220 0x0e5c AsyncMac - ok
19:46:31.0264 0x0e5c [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:46:31.0302 0x0e5c atapi - ok
19:46:31.0369 0x0e5c [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:31.0495 0x0e5c AudioEndpointBuilder - ok
19:46:31.0536 0x0e5c [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:46:31.0665 0x0e5c Audiosrv - ok
19:46:31.0770 0x0e5c [ 8FA553E9AE69808D99C164733A0F9590, D3F5BA7000EF311A0E4772B5BF9B0BFFCA721FA971D87DD76B7E8B9B06E9BBC3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:46:31.0803 0x0e5c avast! Antivirus - ok
19:46:31.0892 0x0e5c [ 32795E299C3ABA589A5E04C83D531CDF, A020CB946D1AA4C7829CEB591B6B869CBA0A881B4F3C0FF6FAC20F7686C211DD ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:46:32.0002 0x0e5c b57nd60x - ok
19:46:32.0054 0x0e5c BCM42RLY - ok
19:46:32.0192 0x0e5c [ CDF7F28FFD693B1B4137845DD1EF1CCC, 5EAEC23CEEFF69DE116C4435D6AD637BD87E20BE82B6299560F2ED3A7EAD678D ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
19:46:32.0361 0x0e5c BCM43XX - ok
19:46:32.0422 0x0e5c [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:46:32.0512 0x0e5c Beep - ok
19:46:32.0630 0x0e5c [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS            C:\Windows\system32\qmgr.dll
19:46:32.0824 0x0e5c BITS - ok
19:46:32.0863 0x0e5c [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:46:32.0978 0x0e5c blbdrive - ok
19:46:33.0107 0x0e5c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:46:33.0172 0x0e5c Bonjour Service - ok
19:46:33.0257 0x0e5c [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:46:33.0355 0x0e5c bowser - ok
19:46:33.0419 0x0e5c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:46:33.0509 0x0e5c BrFiltLo - ok
19:46:33.0545 0x0e5c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:46:33.0645 0x0e5c BrFiltUp - ok
19:46:33.0700 0x0e5c [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
19:46:33.0827 0x0e5c Browser - ok
19:46:33.0871 0x0e5c [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:46:34.0065 0x0e5c Brserid - ok
19:46:34.0099 0x0e5c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:46:34.0287 0x0e5c BrSerWdm - ok
19:46:34.0320 0x0e5c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:46:34.0500 0x0e5c BrUsbMdm - ok
19:46:34.0541 0x0e5c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:46:34.0725 0x0e5c BrUsbSer - ok
19:46:34.0763 0x0e5c [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:46:34.0943 0x0e5c BTHMODEM - ok
19:46:34.0998 0x0e5c catchme - ok
19:46:35.0048 0x0e5c [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:46:35.0174 0x0e5c cdfs - ok
19:46:35.0213 0x0e5c [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:46:35.0312 0x0e5c cdrom - ok
19:46:35.0375 0x0e5c [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:46:35.0493 0x0e5c CertPropSvc - ok
19:46:35.0524 0x0e5c [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:46:35.0634 0x0e5c circlass - ok
19:46:35.0690 0x0e5c [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS            C:\Windows\system32\CLFS.sys
19:46:35.0749 0x0e5c CLFS - ok
19:46:35.0842 0x0e5c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:35.0889 0x0e5c clr_optimization_v2.0.50727_32 - ok
19:46:36.0007 0x0e5c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:36.0054 0x0e5c clr_optimization_v4.0.30319_32 - ok
19:46:36.0121 0x0e5c [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:36.0257 0x0e5c CmBatt - ok
19:46:36.0309 0x0e5c [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:46:36.0350 0x0e5c cmdide - ok
19:46:36.0378 0x0e5c [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:46:36.0421 0x0e5c Compbatt - ok
19:46:36.0442 0x0e5c COMSysApp - ok
19:46:36.0490 0x0e5c [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:46:36.0548 0x0e5c crcdisk - ok
19:46:36.0580 0x0e5c [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:46:36.0706 0x0e5c Crusoe - ok
19:46:36.0783 0x0e5c [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:46:36.0898 0x0e5c CryptSvc - ok
19:46:37.0023 0x0e5c [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:46:37.0215 0x0e5c DcomLaunch - ok
19:46:37.0284 0x0e5c [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:46:37.0366 0x0e5c DfsC - ok
19:46:37.0623 0x0e5c [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR            C:\Windows\system32\DFSR.exe
19:46:38.0040 0x0e5c DFSR - ok
19:46:38.0124 0x0e5c [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:46:38.0285 0x0e5c Dhcp - ok
19:46:38.0331 0x0e5c [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk            C:\Windows\system32\drivers\disk.sys
19:46:38.0374 0x0e5c disk - ok
19:46:38.0455 0x0e5c [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:46:38.0567 0x0e5c Dnscache - ok
19:46:38.0621 0x0e5c [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc         C:\Windows\System32\dot3svc.dll
19:46:38.0822 0x0e5c dot3svc - ok
19:46:38.0866 0x0e5c [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
19:46:38.0978 0x0e5c DPS - ok
19:46:39.0052 0x0e5c [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:46:39.0161 0x0e5c drmkaud - ok
19:46:39.0319 0x0e5c [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:46:39.0535 0x0e5c DXGKrnl - detected UnsignedFile.Multi.Generic ( 1 )
19:46:43.0978 0x0e5c Detect skipped due to KSN trusted
19:46:43.0979 0x0e5c DXGKrnl - ok
19:46:44.0085 0x0e5c [ 908ED85B7806E8AF3AF5E9B74F7809D4, 9A763D247035578A946094D2C1CE8204E6EDFFD7237C7BF2058B5F4ECC0306E0 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
19:46:44.0229 0x0e5c e1express - ok
19:46:44.0270 0x0e5c [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:46:44.0420 0x0e5c E1G60 - ok
19:46:44.0493 0x0e5c [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
19:46:44.0607 0x0e5c EapHost - ok
19:46:44.0680 0x0e5c [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:46:44.0748 0x0e5c Ecache - ok
19:46:44.0842 0x0e5c [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:46:44.0963 0x0e5c ehRecvr - ok
19:46:44.0999 0x0e5c [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
19:46:45.0109 0x0e5c ehSched - ok
19:46:45.0164 0x0e5c [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
19:46:45.0248 0x0e5c ehstart - ok
19:46:45.0334 0x0e5c [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:46:45.0406 0x0e5c elxstor - ok
19:46:45.0465 0x0e5c [ 2D77C535D32688D5FD6CD05C04E27948, 863D126384A36FDA48B73FA3E27E14B0B03C0BFFBD29F270DCA3CD92845DE8CE ] emaudsv         C:\Windows\system32\emaudsv.exe
19:46:45.0510 0x0e5c emaudsv - ok
19:46:45.0638 0x0e5c [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:46:45.0796 0x0e5c EMDMgmt - ok
19:46:45.0890 0x0e5c [ 0407B78FAAA9437FFCCD6C393D483309, 6E1DB1A229080B74FA23152D63739D1BB4B38E0EB1ACB1088659C712AFF0258C ] emusba10        C:\Windows\system32\DRIVERS\emusba10.sys
19:46:45.0940 0x0e5c emusba10 - ok
19:46:46.0068 0x0e5c [ B92F2B3247F0A99490C1298A1D3D7B4C, ABEF71FE2B6EE12F67F1D29D7977D779BED178B292D57B6850488095CFCBCF33 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:46:46.0162 0x0e5c EPSON_EB_RPCV4_04 - ok
19:46:46.0226 0x0e5c [ 651336B99C75FB54E4B5971CF458F9BD, EAE41E576B4C30989B3705C81ECDC0B164216D177C26D4C69EEB67CC153F3D5D ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:46:46.0315 0x0e5c EPSON_PM_RPCV4_04 - ok
19:46:46.0374 0x0e5c [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:46:46.0541 0x0e5c ErrDev - ok
19:46:46.0643 0x0e5c [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem     C:\Windows\system32\es.dll
19:46:46.0776 0x0e5c EventSystem - ok
19:46:46.0846 0x0e5c [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:46:46.0966 0x0e5c exfat - ok
19:46:47.0095 0x0e5c [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:46:47.0243 0x0e5c fastfat - ok
19:46:47.0289 0x0e5c [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:46:47.0428 0x0e5c fdc - ok
19:46:47.0469 0x0e5c [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
19:46:47.0581 0x0e5c fdPHost - ok
19:46:47.0605 0x0e5c [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:46:47.0838 0x0e5c FDResPub - ok
19:46:47.0895 0x0e5c [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:46:47.0941 0x0e5c FileInfo - ok
19:46:48.0008 0x0e5c [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:46:48.0130 0x0e5c Filetrace - ok
19:46:48.0301 0x0e5c [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:46:48.0431 0x0e5c FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
19:46:52.0918 0x0e5c Detect skipped due to KSN trusted
19:46:52.0919 0x0e5c FLEXnet Licensing Service - ok
19:46:52.0986 0x0e5c [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:46:53.0115 0x0e5c flpydisk - ok
19:46:53.0175 0x0e5c [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:46:53.0239 0x0e5c FltMgr - ok
19:46:53.0333 0x0e5c [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:53.0371 0x0e5c FontCache3.0.0.0 - ok
19:46:53.0404 0x0e5c [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:46:53.0490 0x0e5c Fs_Rec - ok
19:46:53.0529 0x0e5c [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:46:53.0573 0x0e5c gagp30kx - ok
19:46:53.0627 0x0e5c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:46:53.0659 0x0e5c GEARAspiWDM - ok
19:46:53.0759 0x0e5c [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:46:53.0790 0x0e5c GoToAssist - ok
19:46:53.0904 0x0e5c [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:46:54.0138 0x0e5c gpsvc - ok
19:46:54.0331 0x0e5c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:54.0377 0x0e5c gupdate - ok
19:46:54.0431 0x0e5c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:54.0476 0x0e5c gupdatem - ok
19:46:54.0552 0x0e5c [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:46:54.0604 0x0e5c gusvc - ok
19:46:54.0674 0x0e5c [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:46:54.0707 0x0e5c hamachi - ok
19:46:54.0815 0x0e5c [ 9DE9A7A19195C57EF38B4EE25422F2D7, EE03EA0F1A1B2DBED01567A0B8C9CF5BCE236FB9E09C9337A9E648982AB6A000 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
19:46:54.0936 0x0e5c Hardlock - ok
19:46:54.0980 0x0e5c hasplms - ok
19:46:55.0025 0x0e5c [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:55.0202 0x0e5c HDAudBus - ok
19:46:55.0292 0x0e5c [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:46:55.0511 0x0e5c HidBth - ok
19:46:55.0555 0x0e5c [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:46:55.0749 0x0e5c HidIr - ok
19:46:55.0801 0x0e5c [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv         C:\Windows\System32\hidserv.dll
19:46:56.0004 0x0e5c hidserv - ok
19:46:56.0031 0x0e5c [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:46:56.0158 0x0e5c HidUsb - ok
19:46:56.0259 0x0e5c [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:46:56.0392 0x0e5c hkmsvc - ok
19:46:56.0442 0x0e5c [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:46:56.0483 0x0e5c HpCISSs - ok
19:46:56.0553 0x0e5c [ 299683D4C8AAA3F6F5D5D226A1782A6E, A2ECF52DBDC442F3C9514EC80CE614A9D3F45698E5B0992CF009C66B770E9027 ] HPFXBULK        C:\Windows\system32\drivers\hpfxbulk.sys
19:46:56.0585 0x0e5c HPFXBULK - ok
19:46:56.0677 0x0e5c [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:46:56.0827 0x0e5c HTTP - ok
19:46:56.0864 0x0e5c [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:46:56.0902 0x0e5c i2omp - ok
19:46:56.0947 0x0e5c [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:57.0031 0x0e5c i8042prt - ok
19:46:57.0123 0x0e5c [ FD7F9D74C2B35DBDA400804A3F5ED5D8, 93BAEE15428E9B3FF2D5F7EE156697EA8C24E176C3A8E56D1B1AFF4E541867E4 ] iaStor          C:\Windows\system32\drivers\iastor.sys
19:46:57.0178 0x0e5c iaStor - ok
19:46:57.0242 0x0e5c [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:46:57.0305 0x0e5c iaStorV - ok
19:46:57.0437 0x0e5c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:46:57.0465 0x0e5c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:47:01.0898 0x0e5c Detect skipped due to KSN trusted
19:47:01.0898 0x0e5c IDriverT - ok
19:47:02.0087 0x0e5c [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:47:02.0230 0x0e5c idsvc - ok
19:47:02.0538 0x0e5c [ C134E69CE901422D1F2D7EA8D69098FE, 38D7AB6C85C0BCE34B8F52DDBD6F0371DF551003DF6BAE20A2AB1D1349128890 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:47:03.0009 0x0e5c igfx - ok
19:47:03.0072 0x0e5c [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:47:03.0113 0x0e5c iirsp - ok
19:47:03.0225 0x0e5c [ 68E8C415E102E5D79FD7E4A765B8CBA4, A5EA0DC9EEEED79D5D08D66D0E7B66F07889774F8AB667AD6839EE23A44E6D16 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:47:03.0382 0x0e5c IKEEXT - ok
19:47:03.0477 0x0e5c [ 98D303CCB3415E9202E82043B37D66DC, 53526635EBCA6E2C2E9AAEC68B333CAE6A5FF0008859FCDE3D84A2C9098B30B0 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
19:47:03.0585 0x0e5c IntcHdmiAddService - ok
19:47:03.0650 0x0e5c [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:47:03.0690 0x0e5c intelide - ok
19:47:03.0726 0x0e5c [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:47:03.0875 0x0e5c intelppm - ok
19:47:03.0920 0x0e5c [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:47:04.0063 0x0e5c IPBusEnum - ok
19:47:04.0123 0x0e5c [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:04.0259 0x0e5c IpFilterDriver - ok
19:47:04.0358 0x0e5c [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
19:47:04.0502 0x0e5c IpHlpSvc - ok
19:47:04.0547 0x0e5c [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:47:04.0691 0x0e5c IPMIDRV - ok
19:47:04.0802 0x0e5c [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:47:04.0927 0x0e5c IPNAT - ok
19:47:05.0032 0x0e5c [ E46B17060D3962A384AE484094614788, 9E8EF45C72A01FA586FF028B62F6675114CC9CBBCE172A789EDA754AE3F79121 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:47:05.0128 0x0e5c iPod Service - ok
19:47:05.0164 0x0e5c [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:47:05.0269 0x0e5c IRENUM - ok
19:47:05.0311 0x0e5c [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:47:05.0351 0x0e5c isapnp - ok
19:47:05.0420 0x0e5c [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:47:05.0477 0x0e5c iScsiPrt - ok
19:47:05.0516 0x0e5c [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:47:05.0557 0x0e5c iteatapi - ok
19:47:05.0579 0x0e5c [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:47:05.0618 0x0e5c iteraid - ok
19:47:05.0664 0x0e5c [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:47:05.0703 0x0e5c kbdclass - ok
19:47:05.0728 0x0e5c [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:47:05.0826 0x0e5c kbdhid - ok
19:47:05.0877 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso          C:\Windows\system32\lsass.exe
19:47:05.0939 0x0e5c KeyIso - ok
19:47:06.0002 0x0e5c [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:47:06.0091 0x0e5c KSecDD - ok
19:47:06.0177 0x0e5c [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:47:06.0389 0x0e5c KtmRm - ok
19:47:06.0465 0x0e5c [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:47:06.0556 0x0e5c LanmanServer - ok
19:47:06.0631 0x0e5c [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:47:06.0778 0x0e5c LanmanWorkstation - ok
19:47:07.0182 0x0e5c [ ED6923BF4D8D4383893825E2F74E2543, 55B044E09B0D254E5E76A054046CF76B6AB91D3A585630A272B832B3DF94C838 ] LiveUpdateSvc   C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
19:47:07.0630 0x0e5c LiveUpdateSvc - ok
19:47:07.0695 0x0e5c [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:47:07.0831 0x0e5c lltdio - ok
19:47:07.0906 0x0e5c [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:47:08.0062 0x0e5c lltdsvc - ok
19:47:08.0110 0x0e5c [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:47:08.0299 0x0e5c lmhosts - ok
19:47:08.0372 0x0e5c [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:47:08.0417 0x0e5c LSI_FC - ok
19:47:08.0450 0x0e5c [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:47:08.0494 0x0e5c LSI_SAS - ok
19:47:08.0529 0x0e5c [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:47:08.0574 0x0e5c LSI_SCSI - ok
19:47:08.0607 0x0e5c [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:47:08.0708 0x0e5c luafv - ok
19:47:08.0777 0x0e5c [ A1D52DB330E18B5A7A718D31D950CA87, D3BE0C13EB0001841B0BA3B401783C0CDA247023BAF8351EBDDB48264AB2E20C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:47:08.0816 0x0e5c MBAMProtector - ok
19:47:09.0113 0x0e5c [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
19:47:09.0434 0x0e5c MBAMScheduler - ok
19:47:09.0686 0x0e5c [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
19:47:09.0895 0x0e5c MBAMService - ok
19:47:10.0034 0x0e5c [ 5023F594D5448E16F920157174C61358, A8A188CA4E9995BBFCD419680A43EE8AD1E0C7EE529BEC8E0922581386982C4F ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:47:10.0084 0x0e5c MBAMSwissArmy - ok
19:47:10.0133 0x0e5c [ 33991F04AD6486D934BA14564B4CF823, E95C8487127BB037665DBA9D8D2D0DD49F13CF0A5390A2BC98595F859C44541D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
19:47:10.0168 0x0e5c MBAMWebAccessControl - ok
19:47:10.0208 0x0e5c [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:47:10.0293 0x0e5c Mcx2Svc - ok
19:47:10.0345 0x0e5c [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
19:47:10.0383 0x0e5c megasas - ok
19:47:10.0466 0x0e5c [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
19:47:10.0551 0x0e5c MegaSR - ok
19:47:10.0694 0x0e5c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:47:10.0738 0x0e5c Microsoft Office Groove Audit Service - ok
19:47:10.0783 0x0e5c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
19:47:10.0911 0x0e5c MMCSS - ok
19:47:10.0966 0x0e5c [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
19:47:11.0084 0x0e5c Modem - ok
19:47:11.0120 0x0e5c [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:47:11.0291 0x0e5c monitor - ok
19:47:11.0331 0x0e5c [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:47:11.0375 0x0e5c mouclass - ok
19:47:11.0415 0x0e5c [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:47:11.0523 0x0e5c mouhid - ok
19:47:11.0559 0x0e5c [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:47:11.0616 0x0e5c MountMgr - ok
19:47:11.0708 0x0e5c [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:47:11.0769 0x0e5c MozillaMaintenance - ok
19:47:11.0836 0x0e5c [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:47:11.0886 0x0e5c mpio - ok
19:47:11.0926 0x0e5c [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:47:12.0018 0x0e5c mpsdrv - ok
19:47:12.0106 0x0e5c [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:47:12.0259 0x0e5c MpsSvc - ok
19:47:12.0318 0x0e5c [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:47:12.0360 0x0e5c Mraid35x - ok
19:47:12.0402 0x0e5c [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:47:12.0519 0x0e5c MRxDAV - ok
19:47:12.0588 0x0e5c [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:12.0650 0x0e5c mrxsmb - ok
19:47:12.0724 0x0e5c [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:12.0824 0x0e5c mrxsmb10 - ok
19:47:12.0867 0x0e5c [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:12.0950 0x0e5c mrxsmb20 - ok
19:47:12.0986 0x0e5c [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:47:13.0025 0x0e5c msahci - ok
19:47:13.0066 0x0e5c [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:47:13.0116 0x0e5c msdsm - ok
19:47:13.0154 0x0e5c [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
19:47:13.0300 0x0e5c MSDTC - ok
19:47:13.0380 0x0e5c [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:47:13.0537 0x0e5c Msfs - ok
19:47:13.0595 0x0e5c [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:47:13.0634 0x0e5c msisadrv - ok
19:47:13.0687 0x0e5c [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:47:13.0803 0x0e5c MSiSCSI - ok
19:47:13.0844 0x0e5c msiserver - ok
19:47:13.0882 0x0e5c [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:47:14.0006 0x0e5c MSKSSRV - ok
19:47:14.0065 0x0e5c [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:14.0206 0x0e5c MSPCLOCK - ok
19:47:14.0240 0x0e5c [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:47:14.0376 0x0e5c MSPQM - ok
19:47:14.0435 0x0e5c [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:47:14.0495 0x0e5c MsRPC - ok
19:47:14.0534 0x0e5c [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:47:14.0577 0x0e5c mssmbios - ok
19:47:14.0609 0x0e5c [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:47:14.0717 0x0e5c MSTEE - ok
19:47:14.0751 0x0e5c [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:47:14.0797 0x0e5c Mup - ok
19:47:14.0871 0x0e5c [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent        C:\Windows\system32\qagentRT.dll
19:47:15.0082 0x0e5c napagent - ok
19:47:15.0177 0x0e5c [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:47:15.0270 0x0e5c NativeWifiP - ok
19:47:15.0384 0x0e5c [ C8560010A542B5DCA94C62468DC20784, AE7584D95B0E9F5E340ADD00AA88563C64462A4FC6440F580B7936FD19D173CA ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:47:15.0485 0x0e5c NDIS - ok
19:47:15.0518 0x0e5c [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:15.0624 0x0e5c NdisTapi - ok
19:47:15.0661 0x0e5c [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:15.0768 0x0e5c Ndisuio - ok
19:47:15.0806 0x0e5c [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:15.0927 0x0e5c NdisWan - ok
19:47:15.0967 0x0e5c [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:47:16.0057 0x0e5c NDProxy - ok
19:47:16.0142 0x0e5c [ 69C503C004F49AEE8B8E3067CC047BA7, 0E7A2FB0CC7669E6400EDA4D2220BBB1A85CF3D3529739DA5AE2C073FFA08313 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:47:16.0171 0x0e5c Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:47:20.0582 0x0e5c Detect skipped due to KSN trusted
19:47:20.0583 0x0e5c Net Driver HPZ12 - ok
19:47:20.0635 0x0e5c [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:47:20.0773 0x0e5c NetBIOS - ok
19:47:20.0880 0x0e5c [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:47:21.0049 0x0e5c netbt - ok
19:47:21.0097 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon        C:\Windows\system32\lsass.exe
19:47:21.0162 0x0e5c Netlogon - ok
19:47:21.0229 0x0e5c [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
19:47:21.0432 0x0e5c Netman - ok
19:47:21.0507 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:21.0555 0x0e5c NetMsmqActivator - ok
19:47:21.0578 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:21.0635 0x0e5c NetPipeActivator - ok
19:47:21.0693 0x0e5c [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
19:47:21.0880 0x0e5c netprofm - ok
19:47:21.0920 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:21.0968 0x0e5c NetTcpActivator - ok
19:47:22.0013 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:22.0064 0x0e5c NetTcpPortSharing - ok
19:47:22.0119 0x0e5c [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:47:22.0181 0x0e5c nfrd960 - ok
19:47:22.0343 0x0e5c [ 44C85E4724261178B42D57E129870608, A7543AA517A5207020C6FD1295A29EFDA6FAF235C590F24D0028CCB7C2ACE44B ] NitroDriverReadSpool8 C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
19:47:22.0436 0x0e5c NitroDriverReadSpool8 - ok
19:47:22.0491 0x0e5c [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:47:22.0705 0x0e5c NlaSvc - ok
19:47:22.0744 0x0e5c [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:47:22.0925 0x0e5c Npfs - ok
19:47:22.0948 0x0e5c [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
19:47:23.0150 0x0e5c nsi - ok
19:47:23.0175 0x0e5c [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:47:23.0300 0x0e5c nsiproxy - ok
19:47:23.0573 0x0e5c [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:47:23.0822 0x0e5c Ntfs - ok
19:47:23.0863 0x0e5c [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:47:24.0162 0x0e5c ntrigdigi - ok
19:47:24.0237 0x0e5c [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
19:47:24.0374 0x0e5c Null - ok
19:47:24.0451 0x0e5c [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:47:24.0504 0x0e5c nvraid - ok
19:47:24.0544 0x0e5c [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:47:24.0587 0x0e5c nvstor - ok
19:47:24.0625 0x0e5c [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:47:24.0747 0x0e5c nv_agp - ok
19:47:24.0855 0x0e5c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:47:25.0008 0x0e5c odserv - ok
19:47:25.0152 0x0e5c [ 19CAC780B858822055F46C58A111723C, D91CE501328281B8FEE6943776A145FB3201645B01BA8D1545FFA93A547DE2C7 ] OEM02Dev        C:\Windows\system32\DRIVERS\OEM02Dev.sys
19:47:25.0240 0x0e5c OEM02Dev - ok
19:47:25.0270 0x0e5c [ 86326062A90494BDD79CE383511D7D69, 43D5682CA8ECB4BA7CC1A5C4C2BF966EE4802E8C3AA84CDEB634CA3C410DAB89 ] OEM02Vfx        C:\Windows\system32\DRIVERS\OEM02Vfx.sys
19:47:25.0332 0x0e5c OEM02Vfx - ok
19:47:25.0410 0x0e5c [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:47:25.0637 0x0e5c ohci1394 - ok
19:47:25.0724 0x0e5c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:47:25.0789 0x0e5c ose - ok
19:47:25.0959 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:47:26.0197 0x0e5c p2pimsvc - ok
19:47:26.0320 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:47:26.0620 0x0e5c p2psvc - ok
19:47:26.0681 0x0e5c [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
19:47:26.0935 0x0e5c Parport - ok
19:47:27.0012 0x0e5c [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:47:27.0072 0x0e5c partmgr - ok
19:47:27.0123 0x0e5c [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:47:27.0348 0x0e5c Parvdm - ok
19:47:27.0397 0x0e5c [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:47:27.0494 0x0e5c PcaSvc - ok
19:47:27.0549 0x0e5c [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci             C:\Windows\system32\drivers\pci.sys
19:47:27.0630 0x0e5c pci - ok
19:47:27.0683 0x0e5c [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:47:27.0729 0x0e5c pciide - ok
19:47:27.0784 0x0e5c [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:47:27.0860 0x0e5c pcmcia - ok
19:47:28.0003 0x0e5c [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:47:28.0549 0x0e5c PEAUTH - ok
19:47:28.0816 0x0e5c [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
19:47:29.0180 0x0e5c pla - ok
19:47:29.0261 0x0e5c [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:47:29.0409 0x0e5c PlugPlay - ok
19:47:29.0489 0x0e5c [ 12B4549D515CB26BB8D375038017CA65, B09ED2BED994D2B04862BBF62EF56F110235D3489D3B1762432F22A3A8F97BB8 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:47:29.0520 0x0e5c Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:47:34.0357 0x0e5c Detect skipped due to KSN trusted
19:47:34.0358 0x0e5c Pml Driver HPZ12 - ok
19:47:34.0467 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:47:34.0624 0x0e5c PNRPAutoReg - ok
19:47:34.0780 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:47:34.0935 0x0e5c PNRPsvc - ok
19:47:35.0150 0x0e5c [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:47:35.0306 0x0e5c PolicyAgent - ok
19:47:35.0357 0x0e5c [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:47:35.0524 0x0e5c PptpMiniport - ok
19:47:35.0565 0x0e5c [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
19:47:35.0675 0x0e5c Processor - ok
19:47:35.0735 0x0e5c [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:47:35.0898 0x0e5c ProfSvc - ok
19:47:35.0939 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:47:36.0019 0x0e5c ProtectedStorage - ok
19:47:36.0112 0x0e5c [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:47:36.0210 0x0e5c PSched - ok
19:47:36.0429 0x0e5c [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:47:36.0800 0x0e5c ql2300 - ok
19:47:36.0876 0x0e5c [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:47:36.0932 0x0e5c ql40xx - ok
19:47:37.0000 0x0e5c [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
19:47:37.0187 0x0e5c QWAVE - ok
19:47:37.0229 0x0e5c [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:47:37.0315 0x0e5c QWAVEdrv - ok
19:47:37.0644 0x0e5c [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
19:47:38.0223 0x0e5c R300 - ok
19:47:38.0399 0x0e5c [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:47:38.0556 0x0e5c RasAcd - ok
19:47:38.0614 0x0e5c [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
19:47:38.0871 0x0e5c RasAuto - ok
19:47:38.0907 0x0e5c [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:39.0113 0x0e5c Rasl2tp - ok
19:47:39.0169 0x0e5c [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan          C:\Windows\System32\rasmans.dll
19:47:39.0419 0x0e5c RasMan - ok
19:47:39.0448 0x0e5c [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:39.0632 0x0e5c RasPppoe - ok
19:47:39.0689 0x0e5c [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:47:39.0891 0x0e5c RasSstp - ok
19:47:39.0937 0x0e5c [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:47:40.0183 0x0e5c rdbss - ok
19:47:40.0206 0x0e5c [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:40.0337 0x0e5c RDPCDD - ok
19:47:40.0432 0x0e5c [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:47:40.0573 0x0e5c rdpdr - ok
19:47:40.0589 0x0e5c [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:47:40.0696 0x0e5c RDPENCDD - ok
19:47:40.0757 0x0e5c [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:47:40.0909 0x0e5c RDPWD - ok
19:47:40.0972 0x0e5c [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:47:41.0115 0x0e5c RemoteAccess - ok
19:47:41.0166 0x0e5c [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:47:41.0335 0x0e5c RemoteRegistry - ok
19:47:41.0471 0x0e5c [ D85E3FA9F5B1F29BB4ED185C450D1470, 5DCB3DF594E907B058CCF3EDA07EB019D9E1835177B6CDAEA2EDE9003699809E ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
19:47:41.0584 0x0e5c rimmptsk - ok
19:47:41.0644 0x0e5c [ DB8EB01C58C9FADA00C70B1775278AE0, 35F0F3F15211D0F0B3EC85832C7E307ED7FDA6A2C9B463740EA0D7A49BC64926 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
19:47:41.0765 0x0e5c rimsptsk - ok
19:47:41.0783 0x0e5c [ 6C1F93C0760C9F79A1869D07233DF39D, 70DD037E76F6E89CE9630175772707BB8588324058079B5F18C505B31306BACE ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
19:47:41.0905 0x0e5c rismxdp - ok
19:47:41.0974 0x0e5c [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
19:47:42.0089 0x0e5c RpcLocator - ok
19:47:42.0196 0x0e5c [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs           C:\Windows\System32\rpcss.dll
19:47:42.0418 0x0e5c RpcSs - ok
19:47:42.0477 0x0e5c [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:47:42.0606 0x0e5c rspndr - ok
19:47:42.0621 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs           C:\Windows\system32\lsass.exe
19:47:42.0688 0x0e5c SamSs - ok
19:47:42.0731 0x0e5c [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:47:42.0804 0x0e5c sbp2port - ok
19:47:42.0851 0x0e5c [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:47:43.0069 0x0e5c SCardSvr - ok
19:47:43.0152 0x0e5c [ C23DBD9BFBA8B1170706E0896B3CF7DA, 3898674C961850581E20B65D96E651A45A23429AB5D11F712704E181B25B528B ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
19:47:43.0179 0x0e5c SCDEmu - detected UnsignedFile.Multi.Generic ( 1 )
19:47:47.0521 0x0e5c Detect skipped due to KSN trusted
19:47:47.0522 0x0e5c SCDEmu - ok
19:47:47.0654 0x0e5c [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule        C:\Windows\system32\schedsvc.dll
19:47:47.0897 0x0e5c Schedule - ok
19:47:47.0929 0x0e5c [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:47:48.0049 0x0e5c SCPolicySvc - ok
19:47:48.0128 0x0e5c [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:47:48.0329 0x0e5c sdbus - ok
19:47:48.0474 0x0e5c [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:47:48.0601 0x0e5c SDRSVC - ok
19:47:48.0648 0x0e5c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:47:48.0924 0x0e5c secdrv - ok
19:47:48.0963 0x0e5c [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
19:47:49.0087 0x0e5c seclogon - ok
19:47:49.0150 0x0e5c [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
19:47:49.0310 0x0e5c SENS - ok
19:47:49.0352 0x0e5c [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:47:49.0579 0x0e5c Serenum - ok
19:47:49.0695 0x0e5c [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
19:47:49.0945 0x0e5c Serial - ok
19:47:49.0983 0x0e5c [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:47:50.0176 0x0e5c sermouse - ok
19:47:50.0276 0x0e5c [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:47:50.0538 0x0e5c SessionEnv - ok
19:47:50.0597 0x0e5c [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:47:50.0715 0x0e5c sffdisk - ok
19:47:50.0778 0x0e5c [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:47:51.0039 0x0e5c sffp_mmc - ok
19:47:51.0067 0x0e5c [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:47:51.0211 0x0e5c sffp_sd - ok
19:47:51.0274 0x0e5c [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:47:51.0509 0x0e5c sfloppy - ok
19:47:51.0592 0x0e5c [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:47:51.0728 0x0e5c SharedAccess - ok
19:47:51.0820 0x0e5c [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:47:51.0936 0x0e5c ShellHWDetection - ok
19:47:51.0971 0x0e5c [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:47:52.0031 0x0e5c sisagp - ok
19:47:52.0061 0x0e5c [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:47:52.0106 0x0e5c SiSRaid2 - ok
19:47:52.0155 0x0e5c [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:47:52.0200 0x0e5c SiSRaid4 - ok
19:47:52.0460 0x0e5c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:47:52.0546 0x0e5c SkypeUpdate - ok
19:47:52.0854 0x0e5c [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc           C:\Windows\system32\SLsvc.exe
19:47:53.0394 0x0e5c slsvc - ok
19:47:53.0483 0x0e5c [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:47:53.0675 0x0e5c SLUINotify - ok
19:47:53.0767 0x0e5c [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:47:53.0896 0x0e5c Smb - ok
19:47:53.0954 0x0e5c [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:47:54.0029 0x0e5c SNMPTRAP - ok
19:47:54.0136 0x0e5c [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:47:54.0175 0x0e5c spldr - ok
19:47:54.0267 0x0e5c [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler         C:\Windows\System32\spoolsv.exe
19:47:54.0400 0x0e5c Spooler - ok
19:47:54.0626 0x0e5c [ 68103A2B441BBF3908EBB587F0704D6C, 0EE921D3D3D88AD0380923429E82B58078F53D7A9D53458AA33FEDF376EF1212 ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:47:54.0759 0x0e5c sptd - ok
19:47:54.0842 0x0e5c [ 712F59E64E1402237C23C55255FCB364, 448893B9CEE7DD622181B3ED9AB4F84D3FDB4A1082132BD08173653C0783711F ] SRBoxDRv        C:\Windows\system32\Drivers\SRBoxDRv.sys
19:47:54.0884 0x0e5c SRBoxDRv - detected UnsignedFile.Multi.Generic ( 1 )
19:47:59.0905 0x0e5c SRBoxDRv ( UnsignedFile.Multi.Generic ) - warning
19:48:04.0640 0x0e5c [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:48:04.0798 0x0e5c srv - ok
19:48:04.0869 0x0e5c [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:48:04.0986 0x0e5c srv2 - ok
19:48:05.0058 0x0e5c [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:48:05.0147 0x0e5c srvnet - ok
19:48:05.0210 0x0e5c [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:48:05.0362 0x0e5c SSDPSRV - ok
19:48:05.0426 0x0e5c [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:48:05.0520 0x0e5c SstpSvc - ok
19:48:05.0584 0x0e5c [ 7E6DD4B34ACD36AF6C711D2BDE91B040, 737C76749FE53A968E558289613A6ED5A0263F9585A47028343284F64808AC67 ] STacSV          C:\Windows\system32\STacSV.exe
19:48:05.0658 0x0e5c STacSV - ok
19:48:05.0710 0x0e5c [ 6A2A5E809C2C0178326D92B19EE4AAD3, B2D78857BDB72A2CB63950558CA3D5105F1857056F52BB8E9D888394CC2D06E9 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
19:48:05.0797 0x0e5c STHDA - ok
19:48:05.0894 0x0e5c [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc          C:\Windows\System32\wiaservc.dll
19:48:06.0039 0x0e5c stisvc - ok
19:48:06.0098 0x0e5c [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:48:06.0151 0x0e5c swenum - ok
19:48:06.0211 0x0e5c [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv           C:\Windows\System32\swprv.dll
19:48:06.0417 0x0e5c swprv - ok
19:48:06.0457 0x0e5c [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:48:06.0498 0x0e5c Symc8xx - ok
19:48:06.0526 0x0e5c [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:48:06.0576 0x0e5c Sym_hi - ok
19:48:06.0604 0x0e5c [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:48:06.0644 0x0e5c Sym_u3 - ok
19:48:06.0730 0x0e5c [ DD17B63F26430E179EF6BDEF5AC735BD, EA736CBD7001891F1823B8626964AC37952A86DEC1022EDE913259E8B1FA1D1F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:48:06.0779 0x0e5c SynTP - ok
19:48:06.0858 0x0e5c [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain         C:\Windows\system32\sysmain.dll
19:48:07.0069 0x0e5c SysMain - ok
19:48:07.0114 0x0e5c [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:48:07.0196 0x0e5c TabletInputService - ok
19:48:07.0244 0x0e5c [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:48:07.0419 0x0e5c TapiSrv - ok
19:48:07.0497 0x0e5c [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
19:48:07.0687 0x0e5c TBS - ok
19:48:07.0836 0x0e5c [ 6216A954ED7045B62880A92D6C9B9FC7, 23F702BA152499A8A64B97BAB46B6A638B4479A7E5DF69EAE257D923EA742471 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:48:08.0015 0x0e5c Tcpip - ok
19:48:08.0153 0x0e5c [ 6216A954ED7045B62880A92D6C9B9FC7, 23F702BA152499A8A64B97BAB46B6A638B4479A7E5DF69EAE257D923EA742471 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:48:08.0312 0x0e5c Tcpip6 - ok
19:48:08.0354 0x0e5c [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:48:08.0477 0x0e5c tcpipreg - ok
19:48:08.0568 0x0e5c [ 5CA437A08509FB7ECF843480FC1232E2, BBB49250CD4DD6245249689B3659C69447DA55C21BEB33F4508AEE782007E0F7 ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
19:48:08.0605 0x0e5c TcUsb - ok
19:48:08.0632 0x0e5c [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:48:08.0758 0x0e5c TDPIPE - ok
19:48:08.0793 0x0e5c [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:48:08.0894 0x0e5c TDTCP - ok
19:48:08.0928 0x0e5c [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:48:09.0063 0x0e5c tdx - ok
19:48:09.0106 0x0e5c [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:48:09.0148 0x0e5c TermDD - ok
19:48:09.0222 0x0e5c [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService     C:\Windows\System32\termsrv.dll
19:48:09.0495 0x0e5c TermService - ok
19:48:09.0564 0x0e5c [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes          C:\Windows\system32\shsvcs.dll
19:48:09.0673 0x0e5c Themes - ok
19:48:09.0710 0x0e5c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:48:09.0824 0x0e5c THREADORDER - ok
19:48:09.0865 0x0e5c [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
19:48:10.0020 0x0e5c TrkWks - ok
19:48:10.0093 0x0e5c [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:48:10.0236 0x0e5c TrustedInstaller - ok
19:48:10.0287 0x0e5c [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:48:10.0385 0x0e5c tssecsrv - ok
19:48:10.0408 0x0e5c [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:48:10.0464 0x0e5c tunmp - ok
19:48:10.0480 0x0e5c [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:48:10.0538 0x0e5c tunnel - ok
19:48:10.0570 0x0e5c [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:48:10.0614 0x0e5c uagp35 - ok
19:48:10.0676 0x0e5c [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:48:10.0816 0x0e5c udfs - ok
19:48:10.0871 0x0e5c [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:48:10.0988 0x0e5c UI0Detect - ok
19:48:11.0020 0x0e5c [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:48:11.0063 0x0e5c uliagpkx - ok
19:48:11.0109 0x0e5c [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:48:11.0266 0x0e5c uliahci - ok
19:48:11.0312 0x0e5c [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:48:11.0357 0x0e5c UlSata - ok
19:48:11.0413 0x0e5c [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:48:11.0464 0x0e5c ulsata2 - ok
19:48:11.0507 0x0e5c [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:48:11.0676 0x0e5c umbus - ok
19:48:11.0740 0x0e5c [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
19:48:12.0005 0x0e5c upnphost - ok
19:48:12.0119 0x0e5c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
19:48:12.0227 0x0e5c USBAAPL - ok
19:48:12.0287 0x0e5c [ 292A25BB75A568AE2C67169BA2C6365A, EE8B50DD446ECDEBC8B27D015FA9DE18F918ABBA8CF277B799D71CC9D79842FC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:48:12.0409 0x0e5c usbaudio - ok
19:48:12.0449 0x0e5c [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:48:12.0584 0x0e5c usbccgp - ok
19:48:12.0625 0x0e5c [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:48:12.0825 0x0e5c usbcir - ok
19:48:12.0863 0x0e5c [ CEBE90821810E76320155BEBA722FCF9, AD27B032520BE2A45690DD1AFDDA632B934AB7F815CD313B19CD692790C761D8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:48:13.0033 0x0e5c usbehci - ok
19:48:13.0089 0x0e5c [ CC6B28E4CE39951357963119CE47B143, 0BC653B51A33709AADD8B5A2B8102DBCB3C1EE14BDDF4C58813FDCA43FF7C1B2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:48:13.0290 0x0e5c usbhub - ok
19:48:13.0323 0x0e5c [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:48:13.0615 0x0e5c usbohci - ok
19:48:13.0709 0x0e5c [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:48:13.0890 0x0e5c usbprint - ok
19:48:13.0970 0x0e5c [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:48:14.0075 0x0e5c usbscan - ok
19:48:14.0131 0x0e5c [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:48:14.0294 0x0e5c USBSTOR - ok
19:48:14.0329 0x0e5c [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:48:14.0440 0x0e5c usbuhci - ok
19:48:14.0474 0x0e5c [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms           C:\Windows\System32\uxsms.dll
19:48:14.0604 0x0e5c UxSms - ok
19:48:14.0664 0x0e5c [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds             C:\Windows\System32\vds.exe
19:48:14.0886 0x0e5c vds - ok
19:48:14.0950 0x0e5c [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:48:15.0072 0x0e5c vga - ok
19:48:15.0109 0x0e5c [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:48:15.0233 0x0e5c VgaSave - ok
19:48:15.0285 0x0e5c [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:48:15.0343 0x0e5c viaagp - ok
19:48:15.0397 0x0e5c [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:48:15.0565 0x0e5c ViaC7 - ok
19:48:15.0618 0x0e5c [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
19:48:15.0675 0x0e5c viaide - ok
19:48:15.0716 0x0e5c [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:48:15.0763 0x0e5c volmgr - ok
19:48:15.0858 0x0e5c [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:48:15.0966 0x0e5c volmgrx - ok
19:48:16.0054 0x0e5c [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:48:16.0123 0x0e5c volsnap - ok
19:48:16.0173 0x0e5c [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:48:16.0223 0x0e5c vsmraid - ok
19:48:16.0451 0x0e5c [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS             C:\Windows\system32\vssvc.exe
19:48:16.0795 0x0e5c VSS - ok
19:48:16.0884 0x0e5c [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time         C:\Windows\system32\w32time.dll
19:48:17.0080 0x0e5c W32Time - ok
19:48:17.0120 0x0e5c [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:48:17.0412 0x0e5c WacomPen - ok
19:48:17.0499 0x0e5c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:48:17.0617 0x0e5c Wanarp - ok
19:48:17.0633 0x0e5c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:48:17.0791 0x0e5c Wanarpv6 - ok
19:48:17.0883 0x0e5c [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:48:18.0047 0x0e5c wcncsvc - ok
19:48:18.0095 0x0e5c [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:48:18.0228 0x0e5c WcsPlugInService - ok
19:48:18.0267 0x0e5c [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
19:48:18.0309 0x0e5c Wd - ok
19:48:18.0386 0x0e5c [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:48:18.0484 0x0e5c Wdf01000 - ok
19:48:18.0523 0x0e5c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:48:18.0649 0x0e5c WdiServiceHost - ok
19:48:18.0666 0x0e5c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:48:18.0790 0x0e5c WdiSystemHost - ok
19:48:18.0845 0x0e5c [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient       C:\Windows\System32\webclnt.dll
19:48:18.0977 0x0e5c WebClient - ok
19:48:19.0067 0x0e5c [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:48:19.0198 0x0e5c Wecsvc - ok
19:48:19.0275 0x0e5c [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:48:19.0434 0x0e5c wercplsupport - ok
19:48:19.0494 0x0e5c [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:48:19.0595 0x0e5c WerSvc - ok
19:48:19.0687 0x0e5c [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:48:19.0754 0x0e5c WinDefend - ok
19:48:19.0783 0x0e5c WinHttpAutoProxySvc - ok
19:48:19.0898 0x0e5c [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:48:20.0149 0x0e5c Winmgmt - ok
19:48:20.0665 0x0e5c [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:48:21.0476 0x0e5c WinRM - ok
19:48:21.0601 0x0e5c [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:48:21.0831 0x0e5c Wlansvc - ok
19:48:21.0851 0x0e5c wltrysvc - ok
19:48:21.0901 0x0e5c [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:48:21.0991 0x0e5c WmiAcpi - ok
19:48:22.0092 0x0e5c [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:48:22.0349 0x0e5c wmiApSrv - ok
19:48:22.0513 0x0e5c [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:48:22.0951 0x0e5c WMPNetworkSvc - ok
19:48:23.0015 0x0e5c [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:48:23.0114 0x0e5c WPCSvc - ok
19:48:23.0138 0x0e5c [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:48:23.0297 0x0e5c WPDBusEnum - ok
19:48:23.0353 0x0e5c [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:48:23.0469 0x0e5c WpdUsb - ok
19:48:23.0706 0x0e5c [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:48:23.0919 0x0e5c WPFFontCache_v0400 - ok
19:48:23.0963 0x0e5c [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:48:24.0142 0x0e5c ws2ifsl - ok
19:48:24.0223 0x0e5c [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:48:24.0338 0x0e5c wscsvc - ok
19:48:24.0365 0x0e5c WSearch - ok
19:48:24.0730 0x0e5c [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:48:25.0324 0x0e5c wuauserv - ok
19:48:25.0405 0x0e5c [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:48:25.0610 0x0e5c WUDFRd - ok
19:48:25.0668 0x0e5c [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:48:25.0901 0x0e5c wudfsvc - ok
19:48:25.0926 0x0e5c ================ Scan global ===============================
19:48:25.0972 0x0e5c [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
19:48:26.0089 0x0e5c [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
19:48:26.0244 0x0e5c [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
19:48:26.0420 0x0e5c [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
19:48:26.0460 0x0e5c [ Global ] - ok
19:48:26.0461 0x0e5c ================ Scan MBR ==================================
19:48:26.0491 0x0e5c [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:48:27.0642 0x0e5c \Device\Harddisk0\DR0 - ok
19:48:27.0651 0x0e5c ================ Scan VBR ==================================
19:48:27.0664 0x0e5c [ ED337346FF6214B86FAD82E01830E234 ] \Device\Harddisk0\DR0\Partition1
19:48:27.0717 0x0e5c \Device\Harddisk0\DR0\Partition1 - ok
19:48:27.0762 0x0e5c [ 8B921CA17C28CE65E74AACBA88EDAA4B ] \Device\Harddisk0\DR0\Partition2
19:48:27.0802 0x0e5c \Device\Harddisk0\DR0\Partition2 - ok
19:48:27.0804 0x0e5c ================ Scan generic autorun ======================
19:48:27.0954 0x0e5c [ D8B83790F45403B83D24FC63310E3BC7, 627245DC56B55EC3851DC6BA594175841EA38D67C27A53B020C9C97859257AA4 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
19:48:28.0143 0x0e5c SynTPEnh - ok
19:48:28.0299 0x0e5c [ 267B3A856E9F4DB1CABD4E6DB71E07D2, E384B0204375A8E9DCAFB3FD6E72442F3E9418812637F4EFA2653F946EBE8E26 ] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
19:48:28.0336 0x0e5c dscactivate - detected UnsignedFile.Multi.Generic ( 1 )
19:48:33.0090 0x0e5c Detect skipped due to KSN trusted
19:48:33.0090 0x0e5c dscactivate - ok
19:48:33.0132 0x0e5c [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
19:48:33.0206 0x0e5c GrooveMonitor - ok
19:48:33.0758 0x0e5c [ 083649EF692A066880C9326020915AFE, 570DBF28F6D77890476F7B6A9C57F77DCC3C51038A1780540032B5FD9CF72190 ] C:\Program Files\Alwil Software\Avast5\avastUI.exe
19:48:34.0649 0x0e5c avast - ok
19:48:34.0777 0x0e5c [ DD5C2D9B33E8E3FF8A4A8BE892E3DCFB, A2C6C1B34B91D5BDD631729DA87522FAD2DEE4ACA7D6006964735D33531EA7EF ] C:\Windows\system32\igfxtray.exe
19:48:34.0847 0x0e5c IgfxTray - ok
19:48:34.0907 0x0e5c [ E51394C741D6A2C2DE3CE3DE3ABD1287, 1F9A84A171AD144203EACD8BCA9D50F12C5ADBEE6462BA65C8C74F62ACEF7F0A ] C:\Windows\system32\hkcmd.exe
19:48:34.0971 0x0e5c HotKeysCmds - ok
19:48:35.0005 0x0e5c [ C0D9CB9E24C541E87C26F0E0C0044CEA, 3FB4BA430481A3813F21D92E6D56B056BF00CC891F876BD94EBDD7EC2EA2C899 ] C:\Windows\system32\igfxpers.exe
19:48:35.0054 0x0e5c Persistence - ok
19:48:35.0117 0x0e5c [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
19:48:35.0238 0x0e5c ehTray.exe - ok
19:48:35.0425 0x0e5c [ 86C162E413451ECD9710D16B876B23F9, 70686C96DDD807CE2C25882E874385EF30CA7C15230E42B4BE38DFD7753FE65F ] C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe
19:48:35.0625 0x0e5c Simple Sticky Notes - ok
19:48:35.0741 0x0e5c [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
19:48:35.0892 0x0e5c WMPNSCFG - ok
19:48:35.0920 0x0e5c [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
19:48:36.0028 0x0e5c ehTray.exe - ok
19:48:36.0031 0x0e5c Waiting for KSN requests completion. In queue: 104
19:48:37.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:38.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:39.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:40.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:41.0667 0x0e5c AV detected via SS2: avast! Antivirus, ?\Program Files\Alwil Software\Avast5\VisthAux.exe ( ), 0x41000 ( enabled : updated )
19:48:41.0815 0x0e5c Win FW state via NFP2: disabled ( not trusted )
19:48:46.0446 0x0e5c ============================================================
19:48:46.0446 0x0e5c Scan finished
19:48:46.0446 0x0e5c ============================================================
19:48:46.0485 0x05ac Detected object count: 1
19:48:46.0485 0x05ac Actual detected object count: 1
19:49:01.0963 0x05ac SRBoxDRv ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:01.0963 0x05ac SRBoxDRv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:06.0916 0x0524 Deinitialize success

Junk (from the Command Prompt)

2016-05-20 20:13:22, Info                  CSI    00000006 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:22, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2016-05-20 20:13:35, Info                  CSI    00000009 [SR] Verify complete
2016-05-20 20:13:36, Info                  CSI    0000000a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:36, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2016-05-20 20:13:50, Info                  CSI    0000000d [SR] Verify complete
2016-05-20 20:13:52, Info                  CSI    0000000e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:52, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2016-05-20 20:13:58, Info                  CSI    00000011 [SR] Verify complete
2016-05-20 20:13:59, Info                  CSI    00000012 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:59, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:02, Info                  CSI    00000015 [SR] Verify complete
2016-05-20 20:14:03, Info                  CSI    00000016 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:03, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:07, Info                  CSI    00000019 [SR] Verify complete
2016-05-20 20:14:08, Info                  CSI    0000001a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:08, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:11, Info                  CSI    0000001d [SR] Verify complete
2016-05-20 20:14:13, Info                  CSI    0000001e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:13, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:16, Info                  CSI    00000021 [SR] Verify complete
2016-05-20 20:14:17, Info                  CSI    00000022 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:17, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:20, Info                  CSI    00000025 [SR] Verify complete
2016-05-20 20:14:22, Info                  CSI    00000026 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:22, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:25, Info                  CSI    00000029 [SR] Verify complete
2016-05-20 20:14:27, Info                  CSI    0000002a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:27, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:30, Info                  CSI    0000002d [SR] Verify complete
2016-05-20 20:14:31, Info                  CSI    0000002e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:31, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:35, Info                  CSI    00000031 [SR] Verify complete
2016-05-20 20:14:36, Info                  CSI    00000032 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:36, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:39, Info                  CSI    00000035 [SR] Verify complete
2016-05-20 20:14:41, Info                  CSI    00000036 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:41, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:44, Info                  CSI    00000039 [SR] Verify complete
2016-05-20 20:14:46, Info                  CSI    0000003a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:46, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:50, Info                  CSI    0000003d [SR] Verify complete
2016-05-20 20:14:51, Info                  CSI    0000003e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:51, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:57, Info                  CSI    00000041 [SR] Verify complete
2016-05-20 20:14:59, Info                  CSI    00000042 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:59, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:02, Info                  CSI    00000045 [SR] Verify complete
2016-05-20 20:15:04, Info                  CSI    00000046 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:04, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:11, Info                  CSI    00000049 [SR] Verify complete
2016-05-20 20:15:13, Info                  CSI    0000004a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:13, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:17, Info                  CSI    0000004d [SR] Verify complete
2016-05-20 20:15:19, Info                  CSI    0000004e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:19, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:22, Info                  CSI    00000051 [SR] Verify complete
2016-05-20 20:15:24, Info                  CSI    00000052 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:24, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:30, Info                  CSI    00000055 [SR] Verify complete
2016-05-20 20:15:31, Info                  CSI    00000056 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:31, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:36, Info                  CSI    00000059 [SR] Verify complete
2016-05-20 20:15:39, Info                  CSI    0000005a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:39, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:45, Info                  CSI    0000005d [SR] Verify complete
2016-05-20 20:15:46, Info                  CSI    0000005e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:46, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:50, Info                  CSI    00000061 [SR] Verify complete
2016-05-20 20:15:52, Info                  CSI    00000062 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:52, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:55, Info                  CSI    00000065 [SR] Verify complete
2016-05-20 20:15:56, Info                  CSI    00000066 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:56, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:59, Info                  CSI    00000069 [SR] Verify complete
2016-05-20 20:16:00, Info                  CSI    0000006a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:00, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:07, Info                  CSI    0000006d [SR] Verify complete
2016-05-20 20:16:09, Info                  CSI    0000006e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:09, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:12, Info                  CSI    00000071 [SR] Verify complete
2016-05-20 20:16:14, Info                  CSI    00000072 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:14, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:17, Info                  CSI    00000075 [SR] Verify complete
2016-05-20 20:16:18, Info                  CSI    00000076 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:18, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:26, Info                  CSI    00000079 [SR] Verify complete
2016-05-20 20:16:28, Info                  CSI    0000007a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:28, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:45, Info                  CSI    0000007d [SR] Verify complete
2016-05-20 20:16:47, Info                  CSI    0000007e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:47, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2016-05-20 20:17:04, Info                  CSI    00000081 [SR] Verify complete
2016-05-20 20:17:06, Info                  CSI    00000082 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:17:06, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2016-05-20 20:17:22, Info                  CSI    00000086 [SR] Verify complete
2016-05-20 20:17:25, Info                  CSI    00000087 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:17:25, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2016-05-20 20:17:39, Info                  CSI    0000008b [SR] Verify complete
2016-05-20 20:17:41, Info                  CSI    0000008c [SR] Verifying 100 (0x00000064) components
2016-05-20 20:17:41, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2016-05-20 20:18:00, Info                  CSI    0000008f [SR] Verify complete
2016-05-20 20:18:02, Info                  CSI    00000090 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:18:02, Info                  CSI    00000091 [SR] Beginning Verify and Repair transaction
2016-05-20 20:18:42, Info                  CSI    0000009b [SR] Verify complete
2016-05-20 20:18:44, Info                  CSI    0000009c [SR] Verifying 100 (0x00000064) components
2016-05-20 20:18:44, Info                  CSI    0000009d [SR] Beginning Verify and Repair transaction
2016-05-20 20:18:59, Info                  CSI    0000009f [SR] Verify complete
2016-05-20 20:19:01, Info                  CSI    000000a0 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:19:01, Info                  CSI    000000a1 [SR] Beginning Verify and Repair transaction
2016-05-20 20:19:16, Info                  CSI    000000a3 [SR] Verify complete
2016-05-20 20:19:17, Info                  CSI    000000a4 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:19:17, Info                  CSI    000000a5 [SR] Beginning Verify and Repair transaction
2016-05-20 20:19:37, Info                  CSI    000000a7 [SR] Verify complete
2016-05-20 20:19:38, Info                  CSI    000000a8 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:19:38, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2016-05-20 20:20:20, Info                  CSI    000000ab [SR] Verify complete
2016-05-20 20:20:25, Info                  CSI    000000ac [SR] Verifying 100 (0x00000064) components
2016-05-20 20:20:25, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2016-05-20 20:20:58, Info                  CSI    000000b1 [SR] Verify complete
2016-05-20 20:20:59, Info                  CSI    000000b2 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:20:59, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2016-05-20 20:22:32, Info                  CSI    000000b5 [SR] Verify complete
2016-05-20 20:22:35, Info                  CSI    000000b6 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:22:35, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:06, Info                  CSI    000000b9 [SR] Verify complete
2016-05-20 20:24:08, Info                  CSI    000000ba [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:08, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:32, Info                  CSI    000000bd [SR] Verify complete
2016-05-20 20:24:34, Info                  CSI    000000be [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:34, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:42, Info                  CSI    000000c1 [SR] Verify complete
2016-05-20 20:24:43, Info                  CSI    000000c2 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:43, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:48, Info                  CSI    000000c5 [SR] Verify complete
2016-05-20 20:24:49, Info                  CSI    000000c6 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:49, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:15, Info                  CSI    000000dd [SR] Verify complete
2016-05-20 20:25:16, Info                  CSI    000000de [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:16, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:31, Info                  CSI    000000e9 [SR] Verify complete
2016-05-20 20:25:32, Info                  CSI    000000ea [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:32, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:37, Info                  CSI    000000ed [SR] Verify complete
2016-05-20 20:25:38, Info                  CSI    000000ee [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:38, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:49, Info                  CSI    000000f1 [SR] Verify complete
2016-05-20 20:25:51, Info                  CSI    000000f2 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:51, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2016-05-20 20:26:04, Info                  CSI    000000f5 [SR] Verify complete
2016-05-20 20:26:05, Info                  CSI    000000f6 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:26:05, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2016-05-20 20:26:33, Info                  CSI    000000f9 [SR] Verify complete
2016-05-20 20:26:35, Info                  CSI    000000fa [SR] Verifying 100 (0x00000064) components
2016-05-20 20:26:35, Info                  CSI    000000fb [SR] Beginning Verify and Repair transaction
2016-05-20 20:26:41, Info                  CSI    000000fd [SR] Verify complete
2016-05-20 20:26:43, Info                  CSI    000000fe [SR] Verifying 100 (0x00000064) components
2016-05-20 20:26:43, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:04, Info                  CSI    00000101 [SR] Verify complete
2016-05-20 20:27:06, Info                  CSI    00000102 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:06, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:15, Info                  CSI    00000105 [SR] Verify complete
2016-05-20 20:27:16, Info                  CSI    00000106 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:16, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:28, Info                  CSI    00000109 [SR] Verify complete
2016-05-20 20:27:30, Info                  CSI    0000010a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:30, Info                  CSI    0000010b [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:57, Info                  CSI    00000124 [SR] Verify complete
2016-05-20 20:27:59, Info                  CSI    00000125 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:59, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2016-05-20 20:28:29, Info                  CSI    00000134 [SR] Verify complete
2016-05-20 20:28:31, Info                  CSI    00000135 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:28:31, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2016-05-20 20:29:36, Info                  CSI    00000138 [SR] Verify complete
2016-05-20 20:29:37, Info                  CSI    00000139 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:29:37, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2016-05-20 20:30:06, Info                  CSI    0000013c [SR] Verify complete
2016-05-20 20:30:07, Info                  CSI    0000013d [SR] Verifying 100 (0x00000064) components
2016-05-20 20:30:07, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2016-05-20 20:30:55, Info                  CSI    00000140 [SR] Verify complete
2016-05-20 20:30:57, Info                  CSI    00000141 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:30:57, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2016-05-20 20:31:01, Info                  CSI    00000144 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:31:06, Info                  CSI    00000146 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:31:06, Info                  CSI    00000147 [SR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"
2016-05-20 20:31:07, Info                  CSI    0000014a [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2016-05-20 20:31:10, Info                  CSI    0000014c [SR] Verify complete
2016-05-20 20:31:12, Info                  CSI    0000014d [SR] Verifying 100 (0x00000064) components
2016-05-20 20:31:12, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
2016-05-20 20:31:30, Info                  CSI    00000150 [SR] Verify complete
2016-05-20 20:31:33, Info                  CSI    00000151 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:31:33, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2016-05-20 20:31:47, Info                  CSI    00000155 [SR] Verify complete
2016-05-20 20:31:49, Info                  CSI    00000156 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:31:49, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2016-05-20 20:32:40, Info                  CSI    00000159 [SR] Verify complete
2016-05-20 20:32:41, Info                  CSI    0000015a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:32:41, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2016-05-20 20:33:39, Info                  CSI    0000015d [SR] Verify complete
2016-05-20 20:33:42, Info                  CSI    0000015e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:33:42, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2016-05-20 20:33:44, Info                  CSI    00000161 [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:00, Info                  CSI    00000163 [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:00, Info                  CSI    00000164 [SR] This component was referenced by [l:188{94}]"Microsoft-Windows-Shell-InboxGames-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386.Solitaire"
2016-05-20 20:34:00, Info                  CSI    00000167 [SR] Could not reproject corrupted file [ml:520{260},l:104{52}]"\??\C:\Program Files\Microsoft Games\Solitaire\en-US"\[l:34{17}]"Solitaire.exe.mui"; source file in store is also corrupted
2016-05-20 20:34:01, Info                  CSI    00000169 [SR] Verify complete
2016-05-20 20:34:03, Info                  CSI    0000016a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:34:03, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2016-05-20 20:34:36, Info                  CSI    0000016d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:43, Info                  CSI    0000016f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:43, Info                  CSI    00000170 [SR] This component was referenced by [l:158{79}]"Package_20_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-33_neutral_GDR"
2016-05-20 20:34:43, Info                  CSI    00000173 [SR] Could not reproject corrupted file [ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted
2016-05-20 20:34:59, Info                  CSI    00000175 [SR] Verify complete
2016-05-20 20:35:00, Info                  CSI    00000176 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:35:00, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2016-05-20 20:35:23, Info                  CSI    00000179 [SR] Verify complete
2016-05-20 20:35:26, Info                  CSI    0000017a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:35:26, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2016-05-20 20:36:00, Info                  CSI    0000017d [SR] Verify complete
2016-05-20 20:36:02, Info                  CSI    0000017e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:36:02, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2016-05-20 20:36:44, Info                  CSI    00000182 [SR] Verify complete
2016-05-20 20:36:46, Info                  CSI    00000183 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:36:46, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2016-05-20 20:37:04, Info                  CSI    00000186 [SR] Verify complete
2016-05-20 20:37:06, Info                  CSI    00000187 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:37:06, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2016-05-20 20:37:28, Info                  CSI    0000018a [SR] Verify complete
2016-05-20 20:37:30, Info                  CSI    0000018b [SR] Verifying 100 (0x00000064) components
2016-05-20 20:37:30, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2016-05-20 20:37:48, Info                  CSI    0000018e [SR] Verify complete
2016-05-20 20:37:49, Info                  CSI    0000018f [SR] Verifying 100 (0x00000064) components
2016-05-20 20:37:49, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2016-05-20 20:38:10, Info                  CSI    00000193 [SR] Verify complete
2016-05-20 20:38:12, Info                  CSI    00000194 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:38:12, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2016-05-20 20:38:38, Info                  CSI    00000197 [SR] Verify complete
2016-05-20 20:38:40, Info                  CSI    00000198 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:38:40, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:01, Info                  CSI    0000019b [SR] Verify complete
2016-05-20 20:39:03, Info                  CSI    0000019c [SR] Verifying 100 (0x00000064) components
2016-05-20 20:39:03, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:09, Info                  CSI    0000019f [SR] Verify complete
2016-05-20 20:39:11, Info                  CSI    000001a0 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:39:11, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:33, Info                  CSI    000001a3 [SR] Verify complete
2016-05-20 20:39:35, Info                  CSI    000001a4 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:39:35, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:58, Info                  CSI    000001a7 [SR] Verify complete
2016-05-20 20:40:00, Info                  CSI    000001a8 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:40:00, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2016-05-20 20:40:16, Info                  CSI    000001ab [SR] Verify complete
2016-05-20 20:40:17, Info                  CSI    000001ac [SR] Verifying 100 (0x00000064) components
2016-05-20 20:40:17, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2016-05-20 20:40:54, Info                  CSI    000001af [SR] Verify complete
2016-05-20 20:40:55, Info                  CSI    000001b0 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:40:55, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:08, Info                  CSI    000001b3 [SR] Verify complete
2016-05-20 20:41:09, Info                  CSI    000001b4 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:41:09, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:21, Info                  CSI    000001b7 [SR] Verify complete
2016-05-20 20:41:22, Info                  CSI    000001b8 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:41:22, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:41, Info                  CSI    000001c4 [SR] Verify complete
2016-05-20 20:41:41, Info                  CSI    000001c5 [SR] Verifying 36 (0x00000024) components
2016-05-20 20:41:41, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:46, Info                  CSI    000001c8 [SR] Verify complete
2016-05-20 20:41:46, Info                  CSI    000001c9 [SR] Repairing 3 components
2016-05-20 20:41:46, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:46, Info                  CSI    000001cc [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info                  CSI    000001ce [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info                  CSI    000001d0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info                  CSI    000001d2 [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info                  CSI    000001d3 [SR] This component was referenced by [l:188{94}]"Microsoft-Windows-Shell-InboxGames-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386.Solitaire"
2016-05-20 20:41:46, Info                  CSI    000001d6 [SR] Could not reproject corrupted file [ml:520{260},l:104{52}]"\??\C:\Program Files\Microsoft Games\Solitaire\en-US"\[l:34{17}]"Solitaire.exe.mui"; source file in store is also corrupted
2016-05-20 20:41:46, Info                  CSI    000001d8 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info                  CSI    000001d9 [SR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"
2016-05-20 20:41:46, Info                  CSI    000001dc [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2016-05-20 20:41:46, Info                  CSI    000001de [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info                  CSI    000001df [SR] This component was referenced by [l:158{79}]"Package_20_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-33_neutral_GDR"
2016-05-20 20:41:46, Info                  CSI    000001e2 [SR] Could not reproject corrupted file [ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted
2016-05-20 20:41:46, Info                  CSI    000001e4 [SR] Repair complete
2016-05-20 20:41:47, Info                  CSI    000001e5 [SR] Committing transaction
2016-05-20 20:41:47, Info                  CSI    000001e9 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-05-2016
Ran by Stevo (administrator) on AGNES (21-05-2016 08:18:30)
Running from C:\Users\Stevo.Agnes\Downloads
Loaded Profiles: Stevo (Available Profiles: Stevo & Stevo.old)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Simnet Ltd. ) C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(KMP Media co.,Ltd) C:\Program Files\The KMPlayer\KMPlayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
( ) C:\Users\Stevo.Agnes\Desktop\VEW.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4297136 2012-10-31] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-04-17] (UPEK Inc.)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [Simple Sticky Notes] => C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe [552096 2013-05-25] (Simnet Ltd. )
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\photoscreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2012-10-31] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2008-08-13]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-02-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stevo.old_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C50C14DC-FFFF-4833-96AA-E3AA1792C207}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131071703050538729&GUID=8DAB5BAA-6A9E-4D5E-A184-CC50DD57C51A
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.joinred.com/
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> DefaultScope E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

FireFox:
========
FF ProfilePath: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2012-11-29] (Nitro PDF)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.14 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2009-02-05] (Veetle, Inc.)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.14 -> C:\Program Files\Veetle\Player\npvlc.dll [2009-02-13] (VideoLAN Team)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-09-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\yandex.com-161732.xml [2015-01-24]
FF Extension: Performance Cache - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2008-01-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-03-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-02-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yandex.com/?__PARAM__from=chromehp
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Profile: C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-07]
CHR Extension: (avast! WebRep) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-31]
CHR Extension: (YousableTubeFix for Chrome) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe [2013-03-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]
CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2012-10-31]

Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=160&clid=1989595"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S4 emaudsv; C:\Windows\system32\emaudsv.exe [20992 2007-11-26] (E-MU Systems)
S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-01-13] (Macrovision Europe Ltd.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-11-29] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [35928 2012-10-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [625152 2008-08-02] (Microsoft Corporation) [File not signed]
S3 emusba10; C:\Windows\System32\DRIVERS\emusba10.sys [163352 2007-11-26] (E-MU Systems)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-12] (Duplex Secure Ltd.)
S3 SRBoxDRv; C:\Windows\System32\Drivers\SRBoxDRv.sys [11776 2006-04-12] (Psychology Software Tools) [File not signed]
U3 anvnwc6h; C:\Windows\system32\Drivers\anvnwc6h.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aoh1dcbs; C:\Windows\system32\Drivers\aoh1dcbs.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 08:18 - 2016-05-21 08:19 - 00023316 _____ C:\Users\Stevo.Agnes\Downloads\FRST.txt
2016-05-20 21:33 - 2016-05-20 21:33 - 00061440 _____ ( ) C:\Users\Stevo.Agnes\Desktop\VEW.exe
2016-05-20 19:45 - 2016-05-20 19:49 - 00194016 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_19.45.31_log.txt
2016-05-20 19:42 - 2016-05-20 19:45 - 00191492 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_19.42.39_log.txt
2016-05-20 19:40 - 2016-05-20 19:40 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Stevo.Agnes\Desktop\tdsskiller.exe
2016-05-20 19:36 - 2016-05-20 19:36 - 00029399 _____ C:\ComboFix.txt
2016-05-20 18:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-20 18:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-20 18:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-20 18:37 - 2016-05-20 19:36 - 00000000 ____D C:\Qoobox
2016-05-20 18:36 - 2016-05-20 19:32 - 00000000 ____D C:\Windows\erdnt
2016-05-20 18:36 - 2016-05-20 18:36 - 05659526 ____R (Swearware) C:\Users\Stevo.Agnes\Desktop\ComboFix.exe
2016-05-20 18:34 - 2016-05-20 18:34 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2016-05-20 18:33 - 2013-10-16 16:40 - 04009167 _____ C:\Users\Stevo.Agnes\Desktop\ServicesRepair.exe
2016-05-20 18:29 - 2016-05-20 18:30 - 00014922 _____ C:\Users\Stevo.Agnes\Downloads\Fixlog.txt
2016-05-20 18:27 - 2016-05-20 18:28 - 01732608 _____ (Farbar) C:\Users\Stevo.Agnes\Downloads\FRST.exe
2016-05-17 09:58 - 2016-05-17 09:58 - 00298819 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Still-no-flying-cars-The-future-promises-something-better-int.pdf
2016-05-13 10:18 - 2016-05-13 10:21 - 00000000 ____D C:\Users\Stevo.Agnes\Desktop\SM - Matej
2016-05-12 13:39 - 2016-05-12 13:39 - 00310128 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Wealth-therapy-for-the-rich-int.pdf
2016-05-12 13:38 - 2016-05-12 13:38 - 00321309 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Wealth-therapy-for-the-rich-adv.pdf
2016-05-12 13:27 - 2016-05-12 13:28 - 00420192 _____ () C:\Users\Stevo.Agnes\Downloads\DellSystemDetectLauncher.exe
2016-05-12 13:15 - 2016-05-12 13:15 - 00000000 ____D C:\Windows\pss
2016-05-10 19:08 - 2016-05-10 19:08 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\uTorrent
2016-05-10 13:32 - 2016-05-10 13:33 - 00304940 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Vienna-named-worlds-top-city-for-quality-of-life-int.pdf
2016-05-09 22:35 - 2016-05-11 06:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-09 20:13 - 2016-05-09 20:15 - 00000000 ____D C:\Users\Stevo.Agnes\Downloads\Game.of.Thrones.S06E03.HDTV.x264-KILLERS[ettv]
2016-05-09 10:47 - 2016-05-21 03:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 10:46 - 2016-05-09 10:46 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-09 10:45 - 2016-05-09 10:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-09 10:45 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-09 10:45 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-09 10:45 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-09 09:55 - 2016-05-09 09:55 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\ProductData
2016-05-09 09:55 - 2016-05-09 09:55 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\IObit
2016-05-09 09:54 - 2016-05-09 09:56 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\IObit
2016-05-09 09:54 - 2016-05-09 09:55 - 00000000 ____D C:\Program Files\IObit
2016-05-09 09:54 - 2016-05-09 09:54 - 00001931 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-05-08 20:11 - 2016-05-08 20:11 - 00056768 _____ C:\Users\Stevo.Agnes\Desktop\Nejtiv-LOGO.pdf
2016-05-08 14:07 - 2016-05-08 14:07 - 00000000 ____D C:\Windows\system32\Lang
2016-05-08 14:07 - 2008-01-29 09:46 - 00920088 _____ (Intel® Corporation) C:\Windows\system32\igxpun.exe
2016-05-08 14:07 - 2006-11-10 16:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2016-05-08 14:05 - 2008-01-29 09:47 - 00530968 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxzoom.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00141848 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2016-05-07 06:48 - 2016-05-21 08:18 - 00000000 ____D C:\FRST
2016-05-07 06:31 - 2016-05-07 06:38 - 00380240 _____ C:\Users\Stevo.Agnes\Desktop\cc_20160507_063101.reg
2016-05-06 21:37 - 2016-05-09 15:06 - 00000927 _____ C:\Users\Stevo.Agnes\Desktop\zdroje_MO.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 08:05 - 2013-07-15 18:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 08:02 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 08:02 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 06:30 - 2010-03-31 12:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 04:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2016-05-20 20:08 - 2012-08-12 14:45 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-20 20:08 - 2011-08-18 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-20 20:06 - 2010-03-31 12:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 20:05 - 2012-06-01 09:40 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\TSVNCache
2016-05-20 20:02 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 20:01 - 2006-11-02 15:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-20 19:24 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2016-05-17 10:06 - 2012-06-01 13:58 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Skype
2016-05-13 10:19 - 2008-08-04 17:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-13 10:16 - 2008-08-04 17:31 - 00000000 ____D C:\Program Files\Adobe
2016-05-13 08:00 - 2014-07-30 21:29 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\uTorrent
2016-05-13 07:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-05-12 08:59 - 2012-06-01 09:46 - 00084992 ____H C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-12 07:34 - 2012-06-01 14:19 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox
2016-05-11 21:56 - 2013-04-17 17:13 - 00000000 ____D C:\Users\Stevo.Agnes\Documents\DesktopReminder
2016-05-11 12:34 - 2014-02-16 13:49 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 08:56 - 2006-11-02 12:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-05-11 06:54 - 2012-05-28 08:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-10 19:08 - 2012-06-02 12:38 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\Temp
2016-05-10 18:45 - 2013-03-01 21:13 - 00000000 ____D C:\Program Files\Diablo II
2016-05-10 18:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2016-05-10 13:14 - 2012-06-10 19:38 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\vlc
2016-05-09 10:35 - 2012-08-20 12:01 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\Unity
2016-05-09 10:35 - 2012-08-20 12:01 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\Unity
2016-05-09 09:50 - 2012-06-01 09:42 - 00000000 ____D C:\Users\Stevo.Agnes\.jedit
2016-05-08 14:11 - 2012-06-01 09:39 - 00000000 ____D C:\Users\Stevo.Agnes
2016-05-08 14:06 - 2008-08-13 17:33 - 00000000 ____D C:\Intel
2016-05-08 14:05 - 2008-08-04 19:56 - 00000000 ____D C:\DELL
2016-05-08 13:20 - 2006-11-02 13:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-21 15:05 - 2010-09-16 08:22 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-06-01 14:05 - 2012-06-01 14:05 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Roaming\winscp.rnd
2012-06-01 11:37 - 2015-02-21 18:24 - 0006648 _____ () C:\Users\Stevo.Agnes\AppData\Local\d3d9caps.dat
2012-06-01 09:46 - 2016-05-12 08:59 - 0084992 ____H () C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 14:06 - 2012-06-01 14:19 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Local\PUTTY.RND
2013-05-17 02:42 - 2013-05-17 02:42 - 0001360 _____ () C:\Users\Stevo.Agnes\AppData\Local\recently-used.xbel
2009-02-03 19:54 - 2009-02-03 19:54 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-09-20 12:39 - 2010-09-20 16:12 - 0004465 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-21 08:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Stevo (2016-05-21 08:21:25)
Running from C:\Users\Stevo.Agnes\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-08-04 10:10:07)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3227243064-1642654041-612091633-500 - Administrator - Disabled)
Guest (S-1-5-21-3227243064-1642654041-612091633-501 - Limited - Enabled)
Stevo (S-1-5-21-3227243064-1642654041-612091633-1000 - Administrator - Enabled) => C:\Users\Stevo.Agnes
Stevo.old (S-1-5-21-3227243064-1642654041-612091633-1001 - Administrator - Enabled) => C:\Users\Stevo.old

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_8bb24e071e5922899698c2105557bd2) (Version: 1.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Muse (HKLM\...\AdobeMuse) (Version: 5.0.704 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
akustyk (HKLM\...\akustyk) (Version: - )
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
calibre (HKLM\...\{DA9E9010-058B-4159-8CC5-28298D90AE7B}) (Version: 0.7.49 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Desktop-Reminder 2 (HKLM\...\Desktop-Reminder 2) (Version: 2.56 - Polenter - Software Solutions)
Desktop-Reminder 2 (Version: 2.56 - Polenter - Software Solutions) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Diablo II) (Version: - )
DMDX (HKLM\...\{D64B6C54-1BBF-4E72-B535-6FE3E0AFFEDF}) (Version: 1.0.0.0 - University of Arizona Psychology Dept.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
eM Client (HKLM\...\{B1E24C9A-ADF2-491A-AE71-12F4C66218E7}) (Version: 5.0.18025.0 - eM Client Inc.)
Email Verifier (HKLM\...\Email Verifier) (Version: - Live Software Inc)
Email Verifier (Version: 6.2 - Live Software Inc) Hidden
Emu Patch version 2.2.4_2 (HKLM\...\Emu Patch_is1) (Version: 2.2.4_2 - University Munich)
Emu Speech Tools (HKLM\...\Emu_is1) (Version: 2.2.4 - University Munich)
E-MU USB Audio (HKLM\...\{1C99893D-BC98-4456-AA3E-B67AB42301A6}) (Version: 1.0 - )
English Pronouncing Dictionary (HKLM\...\English Pronouncing Dictionary) (Version: - )
E-Prime 2.0 (2.0.8.22) (HKLM\...\{ADF3275B-23D9-4714-B357-4DED9D6EE705}) (Version: 2.0.08022 - Psychology Software Tools, Inc.)
Epson Easy Photo Print 2 (HKLM\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Manual (HKLM\...\EPSON SX125 Series Manual) (Version: - )
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fingerprint Reader Suite 5.6 (HKLM\...\{A2289997-10A3-48F2-AA03-99180D761661}) (Version: 5.6.2.3476 - UPEK Inc.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
IPA/SAM Phonetics Fonts (HKLM\...\IPA/SAM Phonetic Fonts_is1) (Version: - University College London)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2007a (HKLM\...\MatlabR2007a) (Version: 7.4 - The MathWorks, Inc.)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 en-US) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 en-US)) (Version: 17.0.7 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Micro 8.1.1.4 (HKLM\...\Nero8Lite_is1) (Version: 8.1.1.4 - Updatepack.nl)
Nitro Pro 8 (HKLM\...\{F70D8C2A-9320-4DDC-8693-6E7DEAA5B096}) (Version: 8.0.9.8 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.7 - )
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCFriendly (HKLM\...\PCFriendly) (Version: - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
PowerISO (HKLM\...\PowerISO) (Version: - )
pzizz (HKLM\...\pzizz) (Version: 2.7.3.0 - Brainwave)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
R for Windows 2.10.0 (HKLM\...\R for Windows 2.10.0_is1) (Version: 2.10.0 - R Development Core Team)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Simple Sticky Notes 2.1 (HKLM\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Noise Reduction Plug-In 2.0e (HKLM\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)
Sony Sound Forge 9.0 (HKLM\...\{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}) (Version: 9.0.297 - Sony)
SPSS 16.0 (HKLM\...\{9A657E90-E2B7-44DE-8929-055948162595}) (Version: 16.0.0 - SPSS Inc.)
Sublime Text 2.0.1 (HKLM\...\Sublime Text 2_is1) (Version: - )
Subversion (HKLM\...\{522C39C5-F781-49E5-AE1D-FE8A16B1A61A}) (Version: 1.6.6 - CollabNet)
The Bridge (HKLM\...\The Bridge_is1) (Version: - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.55 - KMP Media co., Ltd)
TortoiseSVN 1.6.6.17493 (32 bit) (HKLM\...\{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}) (Version: 1.6.17493 - TortoiseSVN)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
Transcriber 1.5.1 (HKLM\...\Transcriber_is1) (Version: - DGA)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Veetle TV 0.9.14 (HKLM\...\Veetle TV) (Version: 0.9.14 - Veetle, Inc)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Photo Gallery (HKLM\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1329.0201 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{9176251A-4CC1-4DDB-B343-B487195EB397}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 4.1.6 (HKLM\...\winscp3_is1) (Version: 4.1.6 - Martin Prikryl)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.63 - dnSoft Research Group)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3227243064-1642654041-612091633-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0090489B-E1D5-4736-99C6-AA7B25EF255B} - System32\Tasks\{1C71A993-704C-489F-BFA0-F75B6BDDE21A} => pcalua.exe -a "C:\Downloads\Nero 7 Premium\Nero_7_Premium.exe" -d "C:\Downloads\Nero 7 Premium"
Task: {03734FDB-CC5C-479B-A36E-FC7F47A9D56F} - System32\Tasks\AdobeAAMUpdater-1.0-Agnes-Stevo => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0CB9BF4C-D160-4244-973F-46620F8EBD28} - System32\Tasks\{147ED7DF-D319-4976-B64E-3CF7E2C4A18E} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
Task: {1699F5AF-65A3-428D-81C9-D7C219B29F28} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {2B53710A-5AA0-4BDE-B162-04E771C4A787} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {36E83CD5-08ED-4159-94FA-4B5040A12616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3A14D099-9E0C-4C65-8568-57BE42B7E39B} - System32\Tasks\{58F050AE-3EA9-4F50-84BF-66FD009CF0EE} => pcalua.exe -a "C:\Program Files\Sony Setup\Vegas Pro 8.0\Setup.exe" -d "C:\Program Files\Sony Setup\Vegas Pro 8.0"
Task: {488733A4-D06E-4AE3-A5A2-1EAEBE6964E3} - System32\Tasks\{D3D566E7-3204-4E2E-AC4D-E7B05105FEE6} => pcalua.exe -a C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program\setup.exe -d C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program
Task: {531D29CD-3309-487B-BC5B-2ED4A6757FDC} - System32\Tasks\{9A7F3D14-59DE-49FA-B04C-CE19F451F6F8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.22.0.109/sk/abandoninstall?page=tsProgressBar
Task: {6E378AB6-BDDE-421D-8341-CF61A36FA4E7} - System32\Tasks\RunAsStdUser Task => c:\program files\matlab\r2010a\MATLAB R2010a.lnk [2011-08-04] ()
Task: {83C972DA-1518-46A7-B1B4-7942845AA8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {ABABE7CA-2DCB-48F6-B9F6-DD781E8CA566} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D18C4988-57CC-481E-A024-58E547C658E6} - System32\Tasks\Uninstaller_SkipUac_Stevo => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
Task: {FD25EE92-C12C-421A-B96F-92EA97BC0C8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FE930BAA-C912-4B10-A747-B909BEF06C79} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-04-11] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800
ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800

==================== Loaded Modules (Whitelisted) ==============

2008-08-04 17:29 - 2008-05-19 08:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-08-04 17:29 - 2008-05-19 08:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2016-05-20 19:26 - 2016-05-20 18:03 - 02926592 _____ () C:\Program Files\Alwil Software\Avast5\defs\16052006\algo.dll
2009-12-11 17:24 - 2001-08-10 15:23 - 00388608 _____ () C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll
2010-11-08 17:15 - 2010-11-08 17:15 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2013-03-01 21:24 - 2013-03-01 21:24 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2009-10-20 01:11 - 2009-10-20 01:11 - 00101128 _____ () C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
2013-06-03 14:44 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files\Simnet\Simple Sticky Notes\sqlite3.dll
2012-10-31 10:59 - 2012-10-31 10:59 - 04562432 _____ () C:\Program Files\The KMPlayer\libcodec.dll
2008-12-05 09:42 - 2008-12-05 09:42 - 00123036 _____ () C:\Program Files\The KMPlayer\libmad.dll
2012-10-31 10:59 - 2012-10-31 10:59 - 00538112 _____ () C:\Program Files\The KMPlayer\libmplay.dll
2016-05-08 10:05 - 2016-05-08 10:06 - 19403968 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2016-05-20 19:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: emaudsv => 2
MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\startupfolder: C:^Users^Stevo.Agnes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DesktopReminder2ByPolenter => "C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe" -silent
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => (Allow) LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => (Allow) LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => (Allow) LPort=80

==================== Restore Points =========================

10-05-2016 07:12:09 Windows Update
10-05-2016 21:57:17 Windows Update
11-05-2016 07:35:46 Windows Update
11-05-2016 08:30:10 Windows Update
13-05-2016 07:51:57 Windows Update
16-05-2016 18:28:47 Scheduled Checkpoint
17-05-2016 08:31:37 Scheduled Checkpoint
17-05-2016 09:35:48 Windows Update
18-05-2016 12:04:15 Scheduled Checkpoint
19-05-2016 14:58:24 Scheduled Checkpoint
20-05-2016 07:23:21 Windows Update
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2016 08:06:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/20/2016 08:04:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2016 08:03:30 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: STacSV connection to InputMonitor COM interface failed

System errors:
=============
Error: (05/21/2016 08:16:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a46\SystemRoot\System32\Config\RegBack\COMPONENTS

Error: (05/21/2016 08:01:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/21/2016 08:01:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/20/2016 08:06:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Microsoft .NET Framework NGEN v4.0.30319_X8611200001Restart the service

Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: MBAMWebAccessControlBFE

Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: MBAMWebAccessControlBFE

Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

CodeIntegrity:
===================================
Date: 2016-05-21 08:21:23.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:21:20.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:21:19.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:21:18.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:21:17.574
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:21:16.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:20:46.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:20:46.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:20:45.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-21 08:20:44.831
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3573.12 MB
Available physical RAM: 1118.4 MB
Total Virtual: 7345.22 MB
Available Virtual: 4732.59 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:5.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

#4
RKinner

Posted 21 May 2016 - 07:57 AM

Malware Expert

Expert
24,625 posts

We made some progress but apparently this is something that changes its name after every boot. I'm not sure we can remove it from within windows.

If you haven't rebooted since the last scan:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

File::

C:\Windows\system32\Drivers\anvnwc6h.sys

C:\Windows\system32\Drivers\aoh1dcbs.sys

Driver::

anvnwc6h

aoh1dcbs

RootKit::

C:\Windows\system32\Drivers\anvnwc6h.sys

C:\Windows\system32\Drivers\aoh1dcbs.sys

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

If you have rebooted then run FRST again (you don't need the Addition.txt) and look in the section:

===================== Drivers (Whitelisted) ==========================

for the two lines flagged with "<==== ATTENTION (zero byte File/Folder)"

Change the text in the cfscript to reflect the latest names, save it then drag it over to combofix. Remember to turn off Avast.

Do you have a blank DVD? If this doesn't work we will probably need to boot to a DVD and run a scan outside of windows.

#5
moose35

Posted 21 May 2016 - 01:33 PM

Member

Topic Starter
Member
27 posts

Woah, sounds kind of cool to be honest.

Hope we took care of it, but if not, I have a few blank DVDs. What should I do with them?

Here's the log:

ComboFix 16-05-18.01 - Stevo . 05. 2016 20:09:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.421.1033.18.3573.2067 [GMT 2:00]
Running from: c:\users\Stevo.Agnes\Desktop\ComboFix.exe
Command switches used :: c:\users\Stevo.Agnes\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Drivers\anvnwc6h.sys"
"c:\windows\system32\Drivers\aoh1dcbs.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_a7n7ljai
-------\Service_akdnghgz
.
.
(((((((((((((((((((((((((   Files Created from 2016-04-21 to 2016-05-21 )))))))))))))))))))))))))))))))
.
.
2016-05-21 18:40 . 2016-05-21 18:40   --------   d-----w-   c:\users\Stevo.old_\AppData\Local\temp
2016-05-21 18:40 . 2016-05-21 18:40   --------   d-----w-   c:\users\Stevo.old\AppData\Local\temp
2016-05-21 18:40 . 2016-05-21 18:40   --------   d-----w-   c:\users\Default\AppData\Local\temp
2016-05-20 17:36 . 2016-05-21 18:47   --------   d-----w-   c:\users\Stevo.Agnes\AppData\Local\temp
2016-05-09 08:47 . 2016-05-21 18:45   170200   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-09 08:45 . 2016-03-10 12:09   53120   ----a-w-   c:\windows\system32\drivers\mwac.sys
2016-05-09 08:45 . 2016-03-10 12:08   126336   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2016-05-09 08:45 . 2016-03-10 12:08   24448   ----a-w-   c:\windows\system32\drivers\mbam.sys
2016-05-09 08:45 . 2016-05-09 08:45   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2016-05-09 07:55 . 2016-05-09 07:55   --------   d-----w-   c:\users\Stevo.Agnes\AppData\Roaming\ProductData
2016-05-09 07:55 . 2016-05-09 07:55   --------   d-----w-   c:\programdata\ProductData
2016-05-09 07:55 . 2016-05-09 07:55   --------   d-----w-   c:\programdata\IObit
2016-05-09 07:54 . 2016-05-09 07:56   --------   d-----w-   c:\users\Stevo.Agnes\AppData\Roaming\IObit
2016-05-09 07:54 . 2016-05-09 07:55   --------   d-----w-   c:\program files\IObit
2016-05-08 12:07 . 2016-05-08 12:07   --------   d-----w-   c:\windows\system32\Lang
2016-05-08 12:07 . 2008-01-29 07:46   920088   ----a-w-   c:\windows\system32\igxpun.exe
2016-05-08 12:07 . 2006-11-10 14:25   319456   ----a-w-   c:\windows\system32\difxapi.dll
2016-05-08 12:05 . 2008-01-29 07:47   170520   ----a-w-   c:\windows\system32\igfxzoom.exe
2016-05-08 12:05 . 2008-01-29 07:47   141848   ----a-w-   c:\windows\system32\igfxtray.exe
2016-05-08 12:05 . 2008-01-29 07:47   170520   ----a-w-   c:\windows\system32\igfxext.exe
2016-05-08 12:05 . 2008-01-29 07:47   530968   ----a-w-   c:\windows\system32\igfxcfg.exe
2016-05-07 04:48 . 2016-05-21 17:59   --------   d-----w-   C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-20 18:08 . 2012-08-12 12:45   797376   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2016-05-20 18:08 . 2011-08-18 16:50   142528   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-17 22:58 . 2016-05-20 05:28   9466160   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8142806D-F5E1-449C-BAD4-3D7D4F35E796}\mpengine.dll
2016-04-21 13:05 . 2010-09-16 06:22   374944   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-12-23 14:27   759072   ----a-w-   c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50   121528   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55   85768   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13   721408   ----a-w-   c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13   721408   ----a-w-   c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Simple Sticky Notes"="c:\program files\Simnet\Simple Sticky Notes\ssn.exe" [2013-05-25 552096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-29 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-29 133656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-04 15:37   10536   ----a-w-   c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04   86528   ----a-w-   c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Users^Stevo.Agnes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-29 21:14   624248   ----a-w-   c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10   35696   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08   59720   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39   486856   ----a-w-   c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-10-23 08:25   3108480   ----a-w-   c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopReminder2ByPolenter]
2013-01-06 09:26   2743344   ----a-w-   c:\program files\Desktop-Reminder 2\DesktopReminder2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 09:12   976320   ----a-w-   c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35   152392   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58   36864   ----a-w-   c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58   184320   ------w-   c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 03:50   49168   ----a-w-   c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38   167936   ----a-w-   c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00   90112   ------w-   c:\windows\Updreg.EXE
.
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-07 04:24   1106072   ----a-w-   c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 18:08]
.
2016-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 18:18]
.
2016-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 18:18]
.
.
------- Supplementary Scan -------
.
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-05-21 20:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(3460)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\mssprxy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2016-05-21 20:57:21 - machine was rebooted
ComboFix-quarantined-files.txt 2016-05-21 18:57
ComboFix2.txt 2016-05-20 17:36
.
Pre-Run: 6,022,553,600 bytes free
Post-Run: 5,428,469,760 bytes free
.
- - End Of File - - FC2F080E851AFB7DCB13CDC12AC87535
5C616939100B85E558DA92B899A0FC36

#6
RKinner

Posted 21 May 2016 - 01:37 PM

Malware Expert

Expert
24,625 posts

It does look like Combofix was successful. Let's run a new FRST scan this time with Addition.txt checked and let me see both logs. We still have to fix the bfe service.

#7
moose35

Posted 21 May 2016 - 11:14 PM

Member

Topic Starter
Member
27 posts

That's great!

Here are the two logs you requested (FRST first, then Addition):

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-05-2016
Ran by Stevo (administrator) on AGNES (22-05-2016 07:04:42)
Running from C:\Users\Stevo.Agnes\Downloads
Loaded Profiles: Stevo (Available Profiles: Stevo & Stevo.old)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Simnet Ltd. ) C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4297136 2012-10-31] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-04-17] (UPEK Inc.)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [Simple Sticky Notes] => C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe [552096 2013-05-25] (Simnet Ltd. )
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\photoscreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2012-10-31] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2008-08-13]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-02-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stevo.old_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C50C14DC-FFFF-4833-96AA-E3AA1792C207}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131071703050538729&GUID=8DAB5BAA-6A9E-4D5E-A184-CC50DD57C51A
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.joinred.com/
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> DefaultScope E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

FireFox:
========
FF ProfilePath: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2012-11-29] (Nitro PDF)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.14 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2009-02-05] (Veetle, Inc.)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.14 -> C:\Program Files\Veetle\Player\npvlc.dll [2009-02-13] (VideoLAN Team)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-09-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\yandex.com-161732.xml [2015-01-24]
FF Extension: Performance Cache - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2008-01-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-03-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-02-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yandex.com/?__PARAM__from=chromehp
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Profile: C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-07]
CHR Extension: (avast! WebRep) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-31]
CHR Extension: (YousableTubeFix for Chrome) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe [2013-03-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]
CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2012-10-31]

Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=160&clid=1989595"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S4 emaudsv; C:\Windows\system32\emaudsv.exe [20992 2007-11-26] (E-MU Systems)
S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-01-13] (Macrovision Europe Ltd.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-11-29] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [35928 2012-10-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [625152 2008-08-02] (Microsoft Corporation) [File not signed]
S3 emusba10; C:\Windows\System32\DRIVERS\emusba10.sys [163352 2007-11-26] (E-MU Systems)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-12] (Duplex Secure Ltd.)
S3 SRBoxDRv; C:\Windows\System32\Drivers\SRBoxDRv.sys [11776 2006-04-12] (Psychology Software Tools) [File not signed]
U3 ac2eumgl; C:\Windows\system32\Drivers\ac2eumgl.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 atd90s2p; C:\Windows\system32\Drivers\atd90s2p.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 20:57 - 2016-05-21 20:57 - 00017208 _____ C:\ComboFix.txt
2016-05-21 20:43 - 2016-05-22 06:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-21 20:05 - 2016-05-21 20:57 - 00000000 ____D C:\ComboFix
2016-05-21 20:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-21 19:56 - 2016-05-21 19:56 - 00000222 _____ C:\Users\Stevo.Agnes\CFSscript.txt
2016-05-21 08:21 - 2016-05-21 08:25 - 00034984 _____ C:\Users\Stevo.Agnes\Downloads\Addition.txt
2016-05-21 08:18 - 2016-05-22 07:07 - 00022903 _____ C:\Users\Stevo.Agnes\Downloads\FRST.txt
2016-05-20 21:33 - 2016-05-20 21:33 - 00061440 _____ ( ) C:\Users\Stevo.Agnes\Desktop\VEW.exe
2016-05-20 19:45 - 2016-05-20 19:49 - 00194016 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_19.45.31_log.txt
2016-05-20 19:42 - 2016-05-20 19:45 - 00191492 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_19.42.39_log.txt
2016-05-20 19:40 - 2016-05-20 19:40 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Stevo.Agnes\Desktop\tdsskiller.exe
2016-05-20 18:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-20 18:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-20 18:37 - 2016-05-21 20:57 - 00000000 ____D C:\Qoobox
2016-05-20 18:36 - 2016-05-21 20:40 - 00000000 ____D C:\Windows\erdnt
2016-05-20 18:36 - 2016-05-20 18:36 - 05659526 ____R (Swearware) C:\Users\Stevo.Agnes\Desktop\ComboFix.exe
2016-05-20 18:34 - 2016-05-20 18:34 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2016-05-20 18:33 - 2013-10-16 16:40 - 04009167 _____ C:\Users\Stevo.Agnes\Desktop\ServicesRepair.exe
2016-05-20 18:29 - 2016-05-20 18:30 - 00014922 _____ C:\Users\Stevo.Agnes\Downloads\Fixlog.txt
2016-05-20 18:27 - 2016-05-20 18:28 - 01732608 _____ (Farbar) C:\Users\Stevo.Agnes\Downloads\FRST.exe
2016-05-17 09:58 - 2016-05-17 09:58 - 00298819 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Still-no-flying-cars-The-future-promises-something-better-int.pdf
2016-05-13 10:18 - 2016-05-13 10:21 - 00000000 ____D C:\Users\Stevo.Agnes\Desktop\SM - Matej
2016-05-12 13:39 - 2016-05-12 13:39 - 00310128 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Wealth-therapy-for-the-rich-int.pdf
2016-05-12 13:38 - 2016-05-12 13:38 - 00321309 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Wealth-therapy-for-the-rich-adv.pdf
2016-05-12 13:27 - 2016-05-12 13:28 - 00420192 _____ () C:\Users\Stevo.Agnes\Downloads\DellSystemDetectLauncher.exe
2016-05-12 13:15 - 2016-05-12 13:15 - 00000000 ____D C:\Windows\pss
2016-05-10 19:08 - 2016-05-10 19:08 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\uTorrent
2016-05-10 13:32 - 2016-05-10 13:33 - 00304940 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Vienna-named-worlds-top-city-for-quality-of-life-int.pdf
2016-05-09 22:35 - 2016-05-11 06:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-09 20:13 - 2016-05-09 20:15 - 00000000 ____D C:\Users\Stevo.Agnes\Downloads\Game.of.Thrones.S06E03.HDTV.x264-KILLERS[ettv]
2016-05-09 10:47 - 2016-05-22 07:01 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 10:46 - 2016-05-09 10:46 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-09 10:45 - 2016-05-09 10:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-09 10:45 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-09 10:45 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-09 10:45 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-09 09:55 - 2016-05-09 09:55 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\ProductData
2016-05-09 09:55 - 2016-05-09 09:55 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\IObit
2016-05-09 09:54 - 2016-05-09 09:56 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\IObit
2016-05-09 09:54 - 2016-05-09 09:55 - 00000000 ____D C:\Program Files\IObit
2016-05-09 09:54 - 2016-05-09 09:54 - 00001931 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-05-08 20:11 - 2016-05-08 20:11 - 00056768 _____ C:\Users\Stevo.Agnes\Desktop\Nejtiv-LOGO.pdf
2016-05-08 14:07 - 2016-05-08 14:07 - 00000000 ____D C:\Windows\system32\Lang
2016-05-08 14:07 - 2008-01-29 09:46 - 00920088 _____ (Intel® Corporation) C:\Windows\system32\igxpun.exe
2016-05-08 14:07 - 2006-11-10 16:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2016-05-08 14:05 - 2008-01-29 09:47 - 00530968 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxzoom.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00141848 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2016-05-07 06:48 - 2016-05-22 07:04 - 00000000 ____D C:\FRST
2016-05-07 06:31 - 2016-05-07 06:38 - 00380240 _____ C:\Users\Stevo.Agnes\Desktop\cc_20160507_063101.reg
2016-05-06 21:37 - 2016-05-09 15:06 - 00000927 _____ C:\Users\Stevo.Agnes\Desktop\zdroje_MO.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-22 07:07 - 2012-06-01 13:58 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Skype
2016-05-22 07:05 - 2013-07-15 18:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-22 07:01 - 2012-06-01 09:40 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\TSVNCache
2016-05-22 07:01 - 2010-03-31 12:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-22 06:56 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-22 06:56 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-22 06:55 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 22:10 - 2006-11-02 15:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-21 21:30 - 2010-03-31 12:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 20:58 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-05-21 20:47 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2016-05-21 20:41 - 2006-11-02 12:22 - 58720256 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-05-21 20:41 - 2006-11-02 12:22 - 38010880 _____ C:\Windows\system32\config\COMPON~2.bak
2016-05-21 20:41 - 2006-11-02 12:22 - 33292288 _____ C:\Windows\system32\config\SYSTEM.bak
2016-05-21 20:41 - 2006-11-02 12:22 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-05-21 20:41 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-05-21 20:41 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-05-21 19:56 - 2012-06-01 09:39 - 00000000 ____D C:\Users\Stevo.Agnes
2016-05-21 04:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2016-05-20 20:08 - 2012-08-12 14:45 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-20 20:08 - 2011-08-18 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-13 10:19 - 2008-08-04 17:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-13 10:16 - 2008-08-04 17:31 - 00000000 ____D C:\Program Files\Adobe
2016-05-13 08:00 - 2014-07-30 21:29 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\uTorrent
2016-05-12 08:59 - 2012-06-01 09:46 - 00084992 ____H C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-12 07:34 - 2012-06-01 14:19 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox
2016-05-11 21:56 - 2013-04-17 17:13 - 00000000 ____D C:\Users\Stevo.Agnes\Documents\DesktopReminder
2016-05-11 12:34 - 2014-02-16 13:49 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 08:56 - 2006-11-02 12:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-05-11 06:54 - 2012-05-28 08:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-10 19:08 - 2012-06-02 12:38 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\Temp
2016-05-10 18:45 - 2013-03-01 21:13 - 00000000 ____D C:\Program Files\Diablo II
2016-05-10 18:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2016-05-10 13:14 - 2012-06-10 19:38 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\vlc
2016-05-09 10:35 - 2012-08-20 12:01 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\Unity
2016-05-09 10:35 - 2012-08-20 12:01 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\Unity
2016-05-09 09:50 - 2012-06-01 09:42 - 00000000 ____D C:\Users\Stevo.Agnes\.jedit
2016-05-08 14:06 - 2008-08-13 17:33 - 00000000 ____D C:\Intel
2016-05-08 14:05 - 2008-08-04 19:56 - 00000000 ____D C:\DELL
2016-05-08 13:20 - 2006-11-02 13:18 - 00000000 ___SD C:\Windows\Downloaded Program Files

==================== Files in the root of some directories =======

2012-06-01 14:05 - 2012-06-01 14:05 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Roaming\winscp.rnd
2012-06-01 11:37 - 2015-02-21 18:24 - 0006648 _____ () C:\Users\Stevo.Agnes\AppData\Local\d3d9caps.dat
2012-06-01 09:46 - 2016-05-12 08:59 - 0084992 ____H () C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 14:06 - 2012-06-01 14:19 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Local\PUTTY.RND
2013-05-17 02:42 - 2013-05-17 02:42 - 0001360 _____ () C:\Users\Stevo.Agnes\AppData\Local\recently-used.xbel
2009-02-03 19:54 - 2009-02-03 19:54 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-09-20 12:39 - 2010-09-20 16:12 - 0004465 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Stevo.Agnes\AppData\Local\temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-22 07:06

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Stevo (2016-05-22 07:09:03)
Running from C:\Users\Stevo.Agnes\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-08-04 10:10:07)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3227243064-1642654041-612091633-500 - Administrator - Disabled)
Guest (S-1-5-21-3227243064-1642654041-612091633-501 - Limited - Enabled)
Stevo (S-1-5-21-3227243064-1642654041-612091633-1000 - Administrator - Enabled) => C:\Users\Stevo.Agnes
Stevo.old (S-1-5-21-3227243064-1642654041-612091633-1001 - Administrator - Enabled) => C:\Users\Stevo.old

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_8bb24e071e5922899698c2105557bd2) (Version: 1.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Muse (HKLM\...\AdobeMuse) (Version: 5.0.704 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
akustyk (HKLM\...\akustyk) (Version: - )
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
calibre (HKLM\...\{DA9E9010-058B-4159-8CC5-28298D90AE7B}) (Version: 0.7.49 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Desktop-Reminder 2 (HKLM\...\Desktop-Reminder 2) (Version: 2.56 - Polenter - Software Solutions)
Desktop-Reminder 2 (Version: 2.56 - Polenter - Software Solutions) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Diablo II) (Version: - )
DMDX (HKLM\...\{D64B6C54-1BBF-4E72-B535-6FE3E0AFFEDF}) (Version: 1.0.0.0 - University of Arizona Psychology Dept.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
eM Client (HKLM\...\{B1E24C9A-ADF2-491A-AE71-12F4C66218E7}) (Version: 5.0.18025.0 - eM Client Inc.)
Email Verifier (HKLM\...\Email Verifier) (Version: - Live Software Inc)
Email Verifier (Version: 6.2 - Live Software Inc) Hidden
Emu Patch version 2.2.4_2 (HKLM\...\Emu Patch_is1) (Version: 2.2.4_2 - University Munich)
Emu Speech Tools (HKLM\...\Emu_is1) (Version: 2.2.4 - University Munich)
E-MU USB Audio (HKLM\...\{1C99893D-BC98-4456-AA3E-B67AB42301A6}) (Version: 1.0 - )
English Pronouncing Dictionary (HKLM\...\English Pronouncing Dictionary) (Version: - )
E-Prime 2.0 (2.0.8.22) (HKLM\...\{ADF3275B-23D9-4714-B357-4DED9D6EE705}) (Version: 2.0.08022 - Psychology Software Tools, Inc.)
Epson Easy Photo Print 2 (HKLM\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Manual (HKLM\...\EPSON SX125 Series Manual) (Version: - )
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fingerprint Reader Suite 5.6 (HKLM\...\{A2289997-10A3-48F2-AA03-99180D761661}) (Version: 5.6.2.3476 - UPEK Inc.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
IPA/SAM Phonetics Fonts (HKLM\...\IPA/SAM Phonetic Fonts_is1) (Version: - University College London)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2007a (HKLM\...\MatlabR2007a) (Version: 7.4 - The MathWorks, Inc.)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 en-US) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 en-US)) (Version: 17.0.7 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Micro 8.1.1.4 (HKLM\...\Nero8Lite_is1) (Version: 8.1.1.4 - Updatepack.nl)
Nitro Pro 8 (HKLM\...\{F70D8C2A-9320-4DDC-8693-6E7DEAA5B096}) (Version: 8.0.9.8 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.7 - )
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCFriendly (HKLM\...\PCFriendly) (Version: - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
PowerISO (HKLM\...\PowerISO) (Version: - )
pzizz (HKLM\...\pzizz) (Version: 2.7.3.0 - Brainwave)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
R for Windows 2.10.0 (HKLM\...\R for Windows 2.10.0_is1) (Version: 2.10.0 - R Development Core Team)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Simple Sticky Notes 2.1 (HKLM\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Noise Reduction Plug-In 2.0e (HKLM\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)
Sony Sound Forge 9.0 (HKLM\...\{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}) (Version: 9.0.297 - Sony)
SPSS 16.0 (HKLM\...\{9A657E90-E2B7-44DE-8929-055948162595}) (Version: 16.0.0 - SPSS Inc.)
Sublime Text 2.0.1 (HKLM\...\Sublime Text 2_is1) (Version: - )
Subversion (HKLM\...\{522C39C5-F781-49E5-AE1D-FE8A16B1A61A}) (Version: 1.6.6 - CollabNet)
The Bridge (HKLM\...\The Bridge_is1) (Version: - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.55 - KMP Media co., Ltd)
TortoiseSVN 1.6.6.17493 (32 bit) (HKLM\...\{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}) (Version: 1.6.17493 - TortoiseSVN)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
Transcriber 1.5.1 (HKLM\...\Transcriber_is1) (Version: - DGA)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Veetle TV 0.9.14 (HKLM\...\Veetle TV) (Version: 0.9.14 - Veetle, Inc)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Photo Gallery (HKLM\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1329.0201 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{9176251A-4CC1-4DDB-B343-B487195EB397}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 4.1.6 (HKLM\...\winscp3_is1) (Version: 4.1.6 - Martin Prikryl)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.63 - dnSoft Research Group)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3227243064-1642654041-612091633-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0090489B-E1D5-4736-99C6-AA7B25EF255B} - System32\Tasks\{1C71A993-704C-489F-BFA0-F75B6BDDE21A} => pcalua.exe -a "C:\Downloads\Nero 7 Premium\Nero_7_Premium.exe" -d "C:\Downloads\Nero 7 Premium"
Task: {03734FDB-CC5C-479B-A36E-FC7F47A9D56F} - System32\Tasks\AdobeAAMUpdater-1.0-Agnes-Stevo => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0CB9BF4C-D160-4244-973F-46620F8EBD28} - System32\Tasks\{147ED7DF-D319-4976-B64E-3CF7E2C4A18E} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
Task: {1699F5AF-65A3-428D-81C9-D7C219B29F28} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {2B53710A-5AA0-4BDE-B162-04E771C4A787} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {36E83CD5-08ED-4159-94FA-4B5040A12616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3A14D099-9E0C-4C65-8568-57BE42B7E39B} - System32\Tasks\{58F050AE-3EA9-4F50-84BF-66FD009CF0EE} => pcalua.exe -a "C:\Program Files\Sony Setup\Vegas Pro 8.0\Setup.exe" -d "C:\Program Files\Sony Setup\Vegas Pro 8.0"
Task: {488733A4-D06E-4AE3-A5A2-1EAEBE6964E3} - System32\Tasks\{D3D566E7-3204-4E2E-AC4D-E7B05105FEE6} => pcalua.exe -a C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program\setup.exe -d C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program
Task: {531D29CD-3309-487B-BC5B-2ED4A6757FDC} - System32\Tasks\{9A7F3D14-59DE-49FA-B04C-CE19F451F6F8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.22.0.109/sk/abandoninstall?page=tsProgressBar
Task: {6E378AB6-BDDE-421D-8341-CF61A36FA4E7} - System32\Tasks\RunAsStdUser Task => c:\program files\matlab\r2010a\MATLAB R2010a.lnk [2011-08-04] ()
Task: {83C972DA-1518-46A7-B1B4-7942845AA8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {ABABE7CA-2DCB-48F6-B9F6-DD781E8CA566} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D18C4988-57CC-481E-A024-58E547C658E6} - System32\Tasks\Uninstaller_SkipUac_Stevo => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
Task: {FD25EE92-C12C-421A-B96F-92EA97BC0C8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FE930BAA-C912-4B10-A747-B909BEF06C79} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-04-11] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800
ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800

==================== Loaded Modules (Whitelisted) ==============

2008-08-04 17:29 - 2008-05-19 08:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-08-04 17:29 - 2008-05-19 08:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2016-05-22 06:59 - 2016-05-21 21:36 - 02929664 _____ () C:\Program Files\Alwil Software\Avast5\defs\16052101\algo.dll
2009-12-11 17:24 - 2001-08-10 15:23 - 00388608 _____ () C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll
2010-11-08 17:15 - 2010-11-08 17:15 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2013-03-01 21:24 - 2013-03-01 21:24 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2009-10-20 01:11 - 2009-10-20 01:11 - 00101128 _____ () C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
2013-06-03 14:44 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files\Simnet\Simple Sticky Notes\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2016-05-21 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: emaudsv => 2
MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\startupfolder: C:^Users^Stevo.Agnes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DesktopReminder2ByPolenter => "C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe" -silent
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => (Allow) LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => (Allow) LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => (Allow) LPort=80
FirewallRules: [TCP Query User{75CA7BD7-BD16-481E-A51C-F274364E3486}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{95042147-5D07-4125-8840-18C455DA6ED1}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe

==================== Restore Points =========================

10-05-2016 07:12:09 Windows Update
10-05-2016 21:57:17 Windows Update
11-05-2016 07:35:46 Windows Update
11-05-2016 08:30:10 Windows Update
13-05-2016 07:51:57 Windows Update
16-05-2016 18:28:47 Scheduled Checkpoint
17-05-2016 08:31:37 Scheduled Checkpoint
17-05-2016 09:35:48 Windows Update
18-05-2016 12:04:15 Scheduled Checkpoint
19-05-2016 14:58:24 Scheduled Checkpoint
20-05-2016 07:23:21 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2016 07:07:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:07:50 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:07:39 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:07:39 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:06:55 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:06:55 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:06:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:06:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:06:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

Error: (05/22/2016 07:06:40 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\STEVO.AGNES\APPDATA\LOCAL\SKYPE\APPS\LOGIN\CSS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
   A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (05/22/2016 07:01:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/22/2016 07:01:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/22/2016 06:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/22/2016 06:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/22/2016 06:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/22/2016 06:56:05 AM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer hp psc 1200 series with shared resource name hp psc 1200 series. Error 2114. The printer cannot be used by others on the network.

Error: (05/22/2016 06:55:59 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/21/2016 08:45:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/21/2016 08:45:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (05/21/2016 08:45:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

CodeIntegrity:
===================================
Date: 2016-05-22 07:08:28.028
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:08:27.303
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:08:26.573
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:08:25.920
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:06:50.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:06:49.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:06:48.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:06:47.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:06:46.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-05-22 07:06:46.069
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3573.12 MB
Available physical RAM: 1783.36 MB
Total Virtual: 7341.22 MB
Available Virtual: 5539.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:4.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

#8
RKinner

Posted 21 May 2016 - 11:44 PM

Malware Expert

Expert
24,625 posts

Bad news. They're back:

U3 ac2eumgl; C:\Windows\system32\Drivers\ac2eumgl.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 atd90s2p; C:\Windows\system32\Drivers\atd90s2p.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

I've seen this before. Seems like ESET has a fix for it. Just need to remember the name. I'm thinking it might be necurs. Try running the removal tool for necurs.A

http://support.eset.com/kb2372/

If it says you don't have necurs then let's run an ESET online scan. (Takes a few hours) Maybe it will identify it if it can't fix it.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives

# Push the Start button.

# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

# When the scan completes, push LIST OF THREATS FOUND

# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

# Push the BACK button.

# Push Finish

# Once the scan is completed, you may close the window.

# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply.

#9
RKinner

Posted 21 May 2016 - 11:52 PM

Malware Expert

Expert
24,625 posts

Before you run the full eset scan also try the one for Sirefef / ZeroAccess on the same page as necurs

Remember to right click on the files and run as administrator.

#10
moose35

Posted 22 May 2016 - 06:19 AM

Member

Topic Starter
Member
27 posts

Hi there,

I did both of the specific scans you mentioned, none of them showed anything (both said I did not have the virus the scan was made for). I ran the ESET one, here is a copy of that log:

C:\Program Files\Nero 8 Micro\fire\Ahead.Nero.v8.3.6.0.Incl.Keymaker-EMBRACE\Nero-8.3.6.0_eng.exe   Win32/Toolbar.AskSBar potentially unwanted application   deleted
C:\Users\Stevo.Agnes\AppData\Roaming\uTorrent\updates\3.4.2_32549.exe   a variant of Win32/AdkDLLWrapper.A potentially unwanted application   cleaned by deleting
C:\Users\Stevo.Agnes\Downloads\mkvtomp4_setup(1).exe   a variant of Win32/InstallCore.ADX.gen potentially unwanted application   cleaned by deleting
C:\Users\Stevo.Agnes\Downloads\trz2363.tmp   a variant of Win32/Amonetize.AW potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\BrowseToSave\sprotector.dll   Win32/SProtector.A potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\BrowseToSave\uninstall.exe   Win32/SProtector.B potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\ContinueToSave\sprotector.dll   a variant of Win32/SProtector.A potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\SimpleSpeedy\sprotector.dll   a variant of Win32/SProtector.A potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\SimpleSpeedy\uninstall.exe   a variant of Win32/SProtector.B potentially unwanted application   deleted
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\WebSearch\sprotector.dll   a variant of Win32/SProtector.A potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_Program Files\WebSearch\uninstall.exe   Win32/SProtector.B potentially unwanted application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_ProgramData\Bcool\bhoclass.dll   Win32/Adware.MultiPlug.A application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_ProgramData\Browyse2Saave\51463b764adf4.dll   a variant of Win32/Adware.MultiPlug.I application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_ProgramData\continuetosave\5103cc989f039.dll   a variant of Win32/Adware.MultiPlug.I application   cleaned by deleting
C:\_OTL\MovedFiles\03242013_211413\C_ProgramData\SSEyaarch-NNewTaab\51463becaf7f3.dll   a variant of Win32/Adware.MultiPlug.I application   cleaned by deleting

#11
RKinner

Posted 22 May 2016 - 08:13 AM

Malware Expert

Expert
24,625 posts

I don't think it found anything but some adware and PUPs. I think we need to try the AVG Rescue CD as described in 1. of http://www.geekstogo...ystem-tutorial/

See if you can get your pc to boot off it and then have it do a scan.

#12
RKinner

Posted 22 May 2016 - 09:48 AM

Malware Expert

Expert
24,625 posts

I just been told that these two drivers are from Demon Tools Pro and do not need to be removed so no need to run the AVC Rescue Disk. Sorry for wasting your time.

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 7 Update 71

Java 8 Update 25

Java™ SE Development Kit 7

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also uninstall

Pando Media Booster

Skype Click to Call

#13
RKinner

Posted 22 May 2016 - 09:52 AM

Malware Expert

Expert
24,625 posts

After you finish the above let's try and fix bfe

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(We want it to say

"The requested service has already been started

More help is available by typing NET HELPMSG 2182"

but it likely will say Access Denied. If you get Access Denied (and you usually will) then:

Go into regedit, (Start, Search, regedit, doubleclick, Continue) navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

(Find HKEY_LOCAL_MACHINE\SYSTEM and click on the + in front of it. Find CurrentControlSet and click on its plus. Click on Services) then right click on Services and select Permissions then click Add.

Type in

NT Service\bfe

and click on Check Name. (It will change your typing to BFE ) OK. You should be back on the first Permissions page. Now select BFE on the permission page and click on the first box to the right of Full Control (Allow column). Then Apply. Reboot and do the

net  start  bfe

command again and see if BFE has already been started.

Start, (All) Programs, Accessories then right click on Command Prompt and select Run As Admin.

Type with an Enter after each line:

net  start  bfe

(also check the mpssvc which is Windows Firewall)

net  start  mpssvc

#14
moose35

Posted 22 May 2016 - 11:03 AM

Member

Topic Starter
Member
27 posts

Hiya,

No worries, just happy to hear we don't have to go virus hunting.

I uninstalled the Java and programs you mentioned. Also typed what you mentioned into Command Prompt, but it said "The requested services has already been started..."

What should I do now?

Edited by moose35, 22 May 2016 - 11:04 AM.