vtsoxfn7 Posted July 28, 2014 ID:859342 Share Posted July 28, 2014 I made the mistake this past weekend of beginning to install the WMP x264 codec (I was prompted to when a video file would not play on my laptop). I opened the install file but cancelled out of it without beginning the actual install. In the two days since, I have experience an odd screen blip every few minutes (almost as if something is trying to refresh). Other than the obnoxious blip, it also closes down Windows explorer and cancels any file transfers that are in progress. I then became aware of the codec pack virus and found Malwarebytes anti-malware download. I have run it once and it quarantined a number of files but the blip/Windows Explorer crash continues. Nothing shows up when I run my anti-virus scan either. I had found a couple of other help threads regarding this virus on the forum but they appeared to be unique to each scenario. Is this something that anyone could help me with? Thanks in advance! Link to post Share on other sites More sharing options...
deeprybka Posted July 28, 2014 ID:859349 Share Posted July 28, 2014 Hi & My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1 Please run a FRST scan. This will help us diagnose your problem. Please download Farbar Recovery Scan Tool and save it to your Desktop. (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859754 Share Posted July 29, 2014 Thank you for your help. The FRST log is as follows: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 08:25:30Running from C:\Users\Tim\DesktopPlatform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe() C:\ProgramData\YogaSmartSwicth\yogaserver.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-24] ()HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll <===== ATTENTIONHKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll <===== ATTENTIONHKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnkShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp http://search.yahoo.com?type=714647&fr=spigot-yhp-iehttp://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comSearchScopes: HKLM - DefaultScope {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - DefaultScope {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - DefaultScope {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=dsp&q={searchTerms} BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.599\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.599\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.599\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 192.168.17.2 192.168.16.2 192.168.15.2Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No FileFF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-05]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR HomePage: hxxp://www.espn.com/CHR StartupUrls: "hxxp://www.espn.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No FileCHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]CHR Extension: (Google Cast) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-11]CHR Extension: (Add to Amazon Wish List) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-01-05]CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]CHR Extension: (AVG SafeGuard) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-17]CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1807896 2014-06-24] (AVG Secure Search)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 08:25 - 2014-07-29 08:25 - 00027490 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 08:24 - 2014-07-29 08:25 - 00000000 ____D () C:\FRST2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-27 10:25 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 08:25 - 2014-07-29 08:25 - 00027490 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 08:25 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST2014-07-29 08:25 - 2013-11-22 08:54 - 01515472 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-29 08:25 - 2012-12-20 20:51 - 00084384 _____ () C:\Users\Tim\AppData\Local\BTServer.log2014-07-29 08:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-28 22:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-28 22:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job2014-07-28 22:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job2014-07-28 22:38 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-28 22:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 18:58 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-28 16:36 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-27 16:41 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-27 16:41 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood2014-07-27 10:46 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive2014-07-27 10:46 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive2014-07-27 10:45 - 2013-09-29 23:55 - 00030786 _____ () C:\WINDOWS\PFRO.log2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-07-27 10:45 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-27 10:45 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-07-27 10:45 - 2013-08-08 20:24 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Search Protection2014-07-27 10:45 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek2014-07-27 10:44 - 2014-02-09 01:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DigitalSites2014-07-27 10:44 - 2013-07-18 22:42 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\BabSolution2014-07-27 10:44 - 2013-07-18 22:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DSite2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG2014-07-27 07:19 - 2013-08-14 19:33 - 00000000 _____ () C:\END2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-10012014-07-26 09:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics2014-07-25 18:40 - 2013-08-22 10:46 - 00310714 _____ () C:\WINDOWS\setupact.log2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job Some content of TEMP:====================C:\Users\Tim\AppData\Local\Temp\avgnt.exeC:\Users\Tim\AppData\Local\Temp\DivXSetup.exeC:\Users\Tim\AppData\Local\Temp\htmlayout.dllC:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exeC:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-22 12:32 ==================== End Of Log ============================ And the Addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014Ran by Tim at 2014-07-29 08:26:09Running from C:\Users\Tim\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.599 - AVG Technologies)Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)Energy Management (x32 Version: 8.0.2.4 - Lenovo) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenIntel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - Lenovo EasyCamera)Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) HiddenLenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Media Player Classic - Home Cinema v1.5.0.2827 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.0.2827 - MPC-HC Team) <==== ATTENTIONMicrosoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)Search Protection (HKCU\...\Search Protection) (Version: 9.4.0.2 - Spigot, Inc.) <==== ATTENTIONShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Sony Pictures Download Manager (HKCU\...\2506994508.sonypicturesstore.com) (Version: - sonypicturesstore.com)Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)UserGuide (x32 Version: 1.0.0.9 - Lenovo) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenWD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll No FileCustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 27-07-2014 20:41:27 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {127CDD3B-0B04-48BC-B6FF-A205FDBC7307} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {185ACDE8-CDD5-4C0A-93E0-D9A83A389768} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)Task: {1B0F3725-D62F-41D4-982A-3571D5CC11DC} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)Task: {1EB134D1-BE02-4319-8BBE-7839BE3850D0} - System32\Tasks\DSite => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {35971A4E-E8E8-459B-8560-15E667EAA3F7} - \EPUpdater No Task File <==== ATTENTIONTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4B2A8DB8-F480-4A51-9D99-5B15FE5689B8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {4D7F358E-3559-4F38-9080-E899F9B7672F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {4EB1D0CB-194B-4919-BEF9-F3D579654A27} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {55410713-D490-454B-B48E-80575AF80DF5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-14] (Microsoft Corporation)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8AE55946-3A61-45AD-AE43-E22D27677BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {999B97B2-324F-4F28-8528-485B1412B781} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {C208A2DF-7FEB-41C1-97D7-00EF3E92801F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)Task: {C5E91138-4C07-4969-895C-E167F436C43C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D4D70300-DA85-4204-BA9F-F64EC7D26AFE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-24] (Synaptics Incorporated)Task: {D6EDCD5B-5860-4840-B017-F1FBB4863049} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {D71F0B38-9CED-4039-8B35-59ABEB221796} - System32\Tasks\Digital Sites => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {D9A42156-0B29-4164-B9F6-472FB888F322} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DB31FA52-4F06-498F-9C63-87A77B55A62E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EF5D4ED3-B477-4D0B-AB69-A94A31E7B40F} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXETask: C:\WINDOWS\Tasks\DSite.job => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXETask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-12 17:06 - 2012-08-31 20:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe2014-06-24 22:36 - 2014-06-24 22:36 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe2012-12-12 17:11 - 2012-12-12 17:11 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-12-12 17:04 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2012-12-12 17:11 - 2012-12-12 17:11 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe2012-12-12 17:10 - 2012-12-12 17:10 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe2013-07-24 19:26 - 2014-06-24 22:36 - 02567192 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe2014-05-23 22:22 - 2014-05-23 22:22 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-06-24 22:36 - 2014-06-24 22:36 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll2014-07-26 23:21 - 2014-07-26 23:21 - 00809472 _____ () C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll2014-07-27 10:46 - 2014-07-27 10:46 - 00098816 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32api.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00110080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pywintypes27.dll2014-07-27 10:46 - 2014-07-27 10:46 - 00364544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pythoncom27.dll2014-07-27 10:46 - 2014-07-27 10:46 - 00045568 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_socket.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 01160704 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_ssl.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00320512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32com.shell.shell.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00713216 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_hashlib.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 01175040 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._core_.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00805888 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._gdi_.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00811008 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._windows_.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 01062400 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._controls_.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00735232 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._misc_.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00128512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_elementtree.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00127488 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pyexpat.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00557056 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pysqlite2._sqlite.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00007168 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\hashobjs_ext.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00087552 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_ctypes.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00119808 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32file.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00108544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32security.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00018432 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32event.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00038912 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32inet.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00070656 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._html2.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00167936 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32gui.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00011264 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32crypt.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00027136 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_multiprocessing.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00122368 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._wizard.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00010240 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\select.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00024064 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32pipe.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00686080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\unicodedata.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00025600 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32pdh.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00525640 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\windows._lib_cacheinvalidation.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00035840 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32process.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00017408 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32profile.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00022528 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32ts.pyd2014-07-27 10:46 - 2014-07-27 10:46 - 00078336 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._animate.pyd2012-12-12 17:10 - 2012-12-12 17:10 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll2012-12-12 17:10 - 2012-12-12 17:10 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll2012-12-12 17:03 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-19 17:00 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-19 17:00 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libexif.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferencesAlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "DivXMediaServer"HKLM\...\StartupApproved\Run32: => "DivXUpdate"HKLM\...\StartupApproved\Run32: => "YouCam Mirage"HKCU\...\StartupApproved\Run: => "DW7"HKCU\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Data Acquisition and Signal Processing ControllerDescription: PCI Data Acquisition and Signal Processing ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (07/29/2014 08:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0x1e44Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 08:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0x2574Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 08:23:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0x7bcFaulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 08:22:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 33250968 Error: (07/29/2014 08:22:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 33250968 Error: (07/29/2014 08:22:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/29/2014 08:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 33249750 Error: (07/29/2014 08:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 33249750 Error: (07/29/2014 08:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/28/2014 11:08:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5625 System errors:=============Error: (07/20/2014 10:23:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Superfetch service terminated with the following error: %%1062 Error: (07/15/2014 07:18:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Superfetch service terminated with the following error: %%1062 Error: (07/12/2014 09:53:42 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:36 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:30 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:24 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:18 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:12 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:06 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:52:59 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 37%Total physical RAM: 8071.27 MBAvailable physical RAM: 5015.04 MBTotal Pagefile: 9607.27 MBAvailable Pagefile: 5932.67 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:92.91 GB) (Free:23.64 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.35 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 119 GB) (Disk ID: CE05E53F) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859847 Share Posted July 29, 2014 Hi,Step 1Please uninstall some programs:Windows 8 : Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.Select Programs and Features from the menu.Search and select the following programs one by one and click on Uninstall:Media Player Classic - Home Cinema v1.5.0.2827Search ProtectionReboot your computer.Step 2Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.Step 3Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859857 Share Posted July 29, 2014 Report from AdwCleaner (Step 2) from your post: # AdwCleaner v3.301 - Report created 29/07/2014 at 13:23:53# Updated 28/07/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : Tim - TIMMMAAAAAY# Running from : C:\Users\Tim\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater18.1.7 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbarFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbarFolder Deleted : C:\Program Files (x86)\DeltaFolder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstallerFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\AVG SafeGuard toolbar[!] Folder Deleted : C:\Users\Tim\AppData\Local\AVG SafeGuard toolbarFolder Deleted : C:\Users\Tim\AppData\LocalLow\AVG SafeGuard toolbarFolder Deleted : C:\Users\Tim\AppData\Roaming\BabSolutionFolder Deleted : C:\Users\Tim\AppData\Roaming\BabylonFolder Deleted : C:\Users\Tim\AppData\Roaming\DigitalSitesFolder Deleted : C:\Users\Tim\AppData\Roaming\DSiteFolder Deleted : C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuardFolder Deleted : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFile Deleted : C:\END ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Deleted : HKCU\Software\5353d88ae768be43Key Deleted : HKLM\SOFTWARE\5353d88ae768be43Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AVG SafeGuard toolbarKey Deleted : HKCU\Software\BABSOLUTIONKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\DeltaKey Deleted : HKCU\Software\dsiteproductsKey Deleted : HKCU\Software\IMKey Deleted : HKLM\Software\AVG SafeGuard toolbarKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\DeltaKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Soft-Now bundleKey Deleted : [x64] HKLM\SOFTWARE\AVG Secure SearchKey Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbarData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Google Chrome v36.0.1985.125 ************************* AdwCleaner[R0].txt - [8728 octets] - [29/07/2014 13:21:48]AdwCleaner[s0].txt - [8232 octets] - [29/07/2014 13:23:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8292 octets] ########## Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859858 Share Posted July 29, 2014 Report from FRST (Step 3) from your post: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 13:27:35Running from C:\Users\Tim\DesktopPlatform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe() C:\ProgramData\YogaSmartSwicth\yogaserver.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll <===== ATTENTIONHKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnkShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp http://search.yahoo.com?type=714647&fr=spigot-yhp-iehttp://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comSearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.17.2 192.168.16.2 192.168.15.2Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 13:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-07-29 13:21 - 2014-07-29 13:24 - 00000000 ____D () C:\AdwCleaner2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt2014-07-29 08:25 - 2014-07-29 13:27 - 00020647 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 08:24 - 2014-07-29 13:27 - 00000000 ____D () C:\FRST2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-27 10:25 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 13:27 - 2014-07-29 08:25 - 00020647 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 13:27 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST2014-07-29 13:26 - 2012-12-20 20:51 - 00101001 _____ () C:\Users\Tim\AppData\Local\BTServer.log2014-07-29 13:25 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive2014-07-29 13:25 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive2014-07-29 13:25 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-29 13:24 - 2014-07-29 13:21 - 00000000 ____D () C:\AdwCleaner2014-07-29 13:24 - 2013-11-22 08:54 - 01580077 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-29 13:24 - 2013-09-29 23:55 - 00031948 _____ () C:\WINDOWS\PFRO.log2014-07-29 13:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-07-29 13:24 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-29 13:24 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-07-29 13:24 - 2013-07-24 19:26 - 00000000 ____D () C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar2014-07-29 13:24 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-29 13:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-29 12:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-29 12:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job2014-07-29 12:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job2014-07-29 12:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job2014-07-29 08:34 - 2013-08-22 10:46 - 00310753 _____ () C:\WINDOWS\setupact.log2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt2014-07-28 22:38 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 16:36 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-10012014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job Some content of TEMP:====================C:\Users\Tim\AppData\Local\Temp\avgnt.exeC:\Users\Tim\AppData\Local\Temp\DivXSetup.exeC:\Users\Tim\AppData\Local\Temp\htmlayout.dllC:\Users\Tim\AppData\Local\Temp\Quarantine.exeC:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exeC:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-22 12:32 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859862 Share Posted July 29, 2014 Good job! Now I am curious...Please make an upload of this file to www.virustotal.com an post up the results URL...C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859866 Share Posted July 29, 2014 Ok...here you go: https://www.virustotal.com/en/file/34ecfe87d6eeeba170a80cf7f489da0e7ab736e85790b972b1300c34bdef3d0b/analysis/1406656067/ Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859867 Share Posted July 29, 2014 You make a really good job! Later I will post you further instructions! Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859869 Share Posted July 29, 2014 Sounds good. Thanks so much for your help! Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859938 Share Posted July 29, 2014 Hi, Step 1 Please download the attached fixlist and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from. Please copy and paste its contents in your next reply.fixlist.txt After Reboot: Step 2 Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from. Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859946 Share Posted July 29, 2014 Fixlog.txt from Step 1 of previous post: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014Ran by Tim at 2014-07-29 17:13:04 Run:1Running from C:\Users\Tim\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll <===== ATTENTIONC:\Users\Tim\AppData\Local\YrxcPack\Reboot:***************** HKU\S-1-5-21-2566500704-406659886-728432584-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YrxcPack => value deleted successfully.C:\Users\Tim\AppData\Local\YrxcPack => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859947 Share Posted July 29, 2014 FRST.txt from Step 2 of your previous post: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 17:17:20Running from C:\Users\Tim\DesktopPlatform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe() C:\ProgramData\YogaSmartSwicth\yogaserver.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnkShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp http://search.yahoo.com?type=714647&fr=spigot-yhp-iehttp://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comSearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.17.2 192.168.16.2 192.168.15.2Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 13:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-07-29 13:21 - 2014-07-29 13:24 - 00000000 ____D () C:\AdwCleaner2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt2014-07-29 08:25 - 2014-07-29 17:17 - 00020329 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 08:24 - 2014-07-29 17:17 - 00000000 ____D () C:\FRST2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-27 10:25 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 17:17 - 2014-07-29 08:25 - 00020329 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 17:17 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST2014-07-29 17:16 - 2012-12-20 20:51 - 00009325 _____ () C:\Users\Tim\AppData\Local\BTServer.log2014-07-29 17:15 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive2014-07-29 17:14 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive2014-07-29 17:14 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-29 17:13 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-29 17:13 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-07-29 17:13 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek2014-07-29 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-29 16:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-29 16:40 - 2013-11-22 08:54 - 01594434 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-29 16:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job2014-07-29 16:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job2014-07-29 16:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job2014-07-29 13:31 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-29 13:24 - 2014-07-29 13:21 - 00000000 ____D () C:\AdwCleaner2014-07-29 13:24 - 2013-09-29 23:55 - 00031948 _____ () C:\WINDOWS\PFRO.log2014-07-29 13:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-07-29 13:24 - 2013-07-24 19:26 - 00000000 ____D () C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-29 08:34 - 2013-08-22 10:46 - 00310753 _____ () C:\WINDOWS\setupact.log2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 16:36 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-10012014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job Some content of TEMP:====================C:\Users\Tim\AppData\Local\Temp\avgnt.exeC:\Users\Tim\AppData\Local\Temp\DivXSetup.exeC:\Users\Tim\AppData\Local\Temp\htmlayout.dllC:\Users\Tim\AppData\Local\Temp\Quarantine.exeC:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exeC:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-22 12:32 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859948 Share Posted July 29, 2014 Hi, good job! Let's do a final check up: Step 1 Scan with Malwarebytes Anti-MalwarePlease open Malwarebytes Anti-Malware.Please update the database by clicking on the "Update Now" button.Following the update and click "Settings" and go to "Detection and Protection"Make sure "Scan for Rootkits" is checked.Click on Dashboard, then click on Scan Now to start the scan. (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)A window with an option to view the detailed log will appear. Click on "View Detailed Log".After viewing the results, please click on the "Copy to Clipboard" button and then OK.Return to our forum. Paste your log into your next reply.Step 2 Please download the ESET Online Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start esetsmartinstaller_enu.exe with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste the content of this log file in your next reply.Note: Do not forget to re-enable your antivirus application after running the above scan! Step 3 Start FRST with administator privileges.Make sure the following option is checked: Press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from. Please copy and paste these logs in your next reply. Can you please tell me which problems still persist now? Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859952 Share Posted July 29, 2014 I am currently encountering problems trying to update the databases for Malwarebytes Anti-Malware. I click the update button and it searches for a couple of minutes then gives me the message that the databases are out of date. I then click the Update Now button and the same thing happens. I am close to leaving work and will not have constant internet access. I will continue trying to update the databases and hope that I can move onto your other steps. I will post back here again when I am able! Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859955 Share Posted July 29, 2014 OK... Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 29, 2014 Author ID:859959 Share Posted July 29, 2014 Malwarebytes log from Step 1: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/29/2014Scan Time: 5:32:14 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.07.29.07Rootkit Database: v2014.07.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Tim Scan Type: Threat ScanResult: CompletedObjects Scanned: 312510Time Elapsed: 11 min, 3 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) I will continue the next steps as I am able to! Link to post Share on other sites More sharing options...
deeprybka Posted July 29, 2014 ID:859960 Share Posted July 29, 2014 Very good! Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 30, 2014 Author ID:860098 Share Posted July 30, 2014 Sorry for the delay... Eset scanner log from step 2: ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=be733cf0a24b1a43b98623847c9e5d00# engine=19409# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-07-30 02:50:09# local_time=2014-07-29 10:50:09 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.2.9200 NT # compatibility_mode_1='Avira Desktop'# compatibility_mode=1810 16777213 100 100 0 60494395 0 0# compatibility_mode_1=''# compatibility_mode=5893 16776574 100 94 4694738 30648302 0 0# scanned=191938# found=17# cleaned=0# scan_time=2482sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir"sh=90DC74663B061C57279869D5166A4823EBE42F0B ft=1 fh=39111451eb2e0a1b vn="a variant of Win32/Packed.Themida.AAJ trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll"sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"sh=7C9E6334CA2C8919DC343FDFB6EFD110482CB64B ft=1 fh=c71c00110f54a538 vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll"sh=21C8BE4BE4CDC31FBDED0DAEC50E27C29C4198C3 ft=1 fh=054f9b991de7d1fb vn="a variant of Win32/Injector.BIWG trojan" ac=I fn="C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp584F.exe"sh=EE7FCBBB5384145B90FBC405A62BC33328D7F97B ft=1 fh=a1e91ba2ae8a9207 vn="a variant of Win32/Injector.BITS trojan" ac=I fn="C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpAB9D.exe"sh=7C9E6334CA2C8919DC343FDFB6EFD110482CB64B ft=1 fh=c71c00110f54a538 vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dll"sh=21C8BE4BE4CDC31FBDED0DAEC50E27C29C4198C3 ft=1 fh=054f9b991de7d1fb vn="a variant of Win32/Injector.BIWG trojan" ac=I fn="C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp584F.exe"sh=EE7FCBBB5384145B90FBC405A62BC33328D7F97B ft=1 fh=a1e91ba2ae8a9207 vn="a variant of Win32/Injector.BITS trojan" ac=I fn="C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpAB9D.exe"sh=D8430F4EA0815FB5AEF336B53F1612121B66D66E ft=1 fh=54dcaf6623a1c1ec vn="a variant of Win32/DomaIQ.BF potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"sh=A7B0AA1B7F54D5CBA81BC92D34F6C444F457F615 ft=1 fh=f6fcc07cacecb5af vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe"sh=D8557AC708E828868CED73454624143C1752AEC5 ft=1 fh=32c6bcee0f301040 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Temp\oi_5kqnQTE0sa\OIAssistWTD.exe"sh=B5A959465A82776804C7CBBDCE7C3C7158B1F5FE ft=1 fh=3a9864896d9bd40a vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Temp\~nsu.tmp\Au_.exe"sh=D8557AC708E828868CED73454624143C1752AEC5 ft=1 fh=32c6bcee0f301040 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Tim\Downloads\install files\b84a291d6f2dd32622e3a7e1bb64aa0b_WinZip180.exe" Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 30, 2014 Author ID:860100 Share Posted July 30, 2014 FRST.txt from Step 3: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 22:53:57Running from C:\Users\Tim\DesktopPlatform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe() C:\ProgramData\YogaSmartSwicth\yogaserver.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(David Ayton) C:\Program Files (x86)\CDisplay\CDisplay.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnkShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp http://search.yahoo.com?type=714647&fr=spigot-yhp-iehttp://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comSearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.12 68.105.29.12Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{2E13D959-9E84-4373-B3CB-297BA1A8CF9E}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 17:45 - 2014-07-29 17:45 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-29 17:44 - 2014-07-29 17:44 - 02347384 _____ (ESET) C:\Users\Tim\Desktop\esetsmartinstaller_enu.exe2014-07-29 13:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-07-29 13:21 - 2014-07-29 13:24 - 00000000 ____D () C:\AdwCleaner2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt2014-07-29 08:25 - 2014-07-29 22:54 - 00022282 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 08:24 - 2014-07-29 22:53 - 00000000 ____D () C:\FRST2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-27 10:25 - 2014-07-29 17:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 22:54 - 2014-07-29 08:25 - 00022282 _____ () C:\Users\Tim\Desktop\FRST.txt2014-07-29 22:53 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST2014-07-29 22:52 - 2012-12-20 20:51 - 00013749 _____ () C:\Users\Tim\AppData\Local\BTServer.log2014-07-29 22:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job2014-07-29 22:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job2014-07-29 22:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job2014-07-29 22:21 - 2013-11-22 08:54 - 01619086 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-29 22:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-29 18:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-07-29 17:45 - 2014-07-29 17:45 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-29 17:44 - 2014-07-29 17:44 - 02347384 _____ (ESET) C:\Users\Tim\Desktop\esetsmartinstaller_enu.exe2014-07-29 17:32 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-29 17:20 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-29 17:15 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive2014-07-29 17:14 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive2014-07-29 17:14 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-29 17:13 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-29 17:13 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-07-29 17:13 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek2014-07-29 16:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-29 13:24 - 2014-07-29 13:21 - 00000000 ____D () C:\AdwCleaner2014-07-29 13:24 - 2013-09-29 23:55 - 00031948 _____ () C:\WINDOWS\PFRO.log2014-07-29 13:24 - 2013-07-24 19:26 - 00000000 ____D () C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-29 08:34 - 2013-08-22 10:46 - 00310753 _____ () C:\WINDOWS\setupact.log2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp42014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp42014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-10012014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp42014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp42014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp42014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job Some content of TEMP:====================C:\Users\Tim\AppData\Local\Temp\avgnt.exeC:\Users\Tim\AppData\Local\Temp\DivXSetup.exeC:\Users\Tim\AppData\Local\Temp\htmlayout.dllC:\Users\Tim\AppData\Local\Temp\Quarantine.exeC:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exeC:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-22 12:32 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 30, 2014 Author ID:860101 Share Posted July 30, 2014 And Addition.txt from Step 3: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014Ran by Tim at 2014-07-29 22:54:31Running from C:\Users\Tim\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) HiddenAdobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)Energy Management (x32 Version: 8.0.2.4 - Lenovo) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenIntel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - Lenovo EasyCamera)Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) HiddenLenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Sony Pictures Download Manager (HKCU\...\2506994508.sonypicturesstore.com) (Version: - sonypicturesstore.com)Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)UserGuide (x32 Version: 1.0.0.9 - Lenovo) HiddenVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenWD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll No FileCustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 27-07-2014 20:41:27 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {127CDD3B-0B04-48BC-B6FF-A205FDBC7307} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {185ACDE8-CDD5-4C0A-93E0-D9A83A389768} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)Task: {1B0F3725-D62F-41D4-982A-3571D5CC11DC} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)Task: {1EB134D1-BE02-4319-8BBE-7839BE3850D0} - System32\Tasks\DSite => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {35971A4E-E8E8-459B-8560-15E667EAA3F7} - \EPUpdater No Task File <==== ATTENTIONTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4B2A8DB8-F480-4A51-9D99-5B15FE5689B8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {4D7F358E-3559-4F38-9080-E899F9B7672F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {4EB1D0CB-194B-4919-BEF9-F3D579654A27} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {55410713-D490-454B-B48E-80575AF80DF5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-14] (Microsoft Corporation)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8AE55946-3A61-45AD-AE43-E22D27677BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {999B97B2-324F-4F28-8528-485B1412B781} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {C208A2DF-7FEB-41C1-97D7-00EF3E92801F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)Task: {C5E91138-4C07-4969-895C-E167F436C43C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D4D70300-DA85-4204-BA9F-F64EC7D26AFE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-24] (Synaptics Incorporated)Task: {D6EDCD5B-5860-4840-B017-F1FBB4863049} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {D71F0B38-9CED-4039-8B35-59ABEB221796} - System32\Tasks\Digital Sites => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {D9A42156-0B29-4164-B9F6-472FB888F322} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DB31FA52-4F06-498F-9C63-87A77B55A62E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EF5D4ED3-B477-4D0B-AB69-A94A31E7B40F} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXETask: C:\WINDOWS\Tasks\DSite.job => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXETask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-12 17:06 - 2012-08-31 20:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe2012-12-12 17:11 - 2012-12-12 17:11 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-12-12 17:04 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2012-12-12 17:11 - 2012-12-12 17:11 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe2012-12-12 17:10 - 2012-12-12 17:10 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe2014-07-26 23:19 - 2014-07-26 23:19 - 02604032 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll2014-07-26 23:19 - 2014-07-26 23:19 - 02180096 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll2012-07-16 04:49 - 2012-07-16 04:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-12-12 17:11 - 2012-12-12 17:11 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll2012-12-12 17:11 - 2012-12-12 17:11 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll2012-12-12 17:11 - 2012-12-12 17:11 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll2014-07-29 17:15 - 2014-07-29 17:15 - 00098816 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32api.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00110080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pywintypes27.dll2014-07-29 17:15 - 2014-07-29 17:15 - 00364544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pythoncom27.dll2014-07-29 17:15 - 2014-07-29 17:15 - 00045568 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_socket.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 01160704 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_ssl.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00320512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32com.shell.shell.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00713216 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_hashlib.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 01175040 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._core_.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00805888 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._gdi_.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00811008 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._windows_.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 01062400 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._controls_.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00735232 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._misc_.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00128512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_elementtree.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00127488 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pyexpat.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00557056 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pysqlite2._sqlite.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00007168 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\hashobjs_ext.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00087552 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_ctypes.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00119808 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32file.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00108544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32security.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00018432 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32event.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00038912 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32inet.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00070656 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._html2.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00167936 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32gui.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00011264 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32crypt.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00027136 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_multiprocessing.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00122368 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._wizard.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00010240 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\select.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00024064 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32pipe.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00686080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\unicodedata.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00025600 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32pdh.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00525640 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\windows._lib_cacheinvalidation.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00035840 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32process.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00017408 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32profile.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00022528 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32ts.pyd2014-07-29 17:15 - 2014-07-29 17:15 - 00078336 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._animate.pyd2012-12-12 17:10 - 2012-12-12 17:10 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll2012-12-12 17:10 - 2012-12-12 17:10 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-19 17:00 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-19 17:00 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-19 17:00 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2012-12-12 17:03 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2002-05-14 19:26 - 2002-05-14 19:26 - 00158208 _____ () C:\Program Files (x86)\CDisplay\UNRAR.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferencesAlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "DivXMediaServer"HKLM\...\StartupApproved\Run32: => "DivXUpdate"HKLM\...\StartupApproved\Run32: => "YouCam Mirage"HKCU\...\StartupApproved\Run: => "DW7"HKCU\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Data Acquisition and Signal Processing ControllerDescription: PCI Data Acquisition and Signal Processing ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (07/29/2014 10:52:50 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/29/2014 10:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0xc54Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 10:51:27 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/29/2014 10:50:54 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/29/2014 10:50:52 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0x674Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 10:49:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/29/2014 10:49:35 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0x1688Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 10:48:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/29/2014 10:48:31 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81fException code: 0xc0000005Fault offset: 0x00000000000139e8Faulting process id: 0x1644Faulting application start time: 0xexplorer.exe0Faulting application path: explorer.exe1Faulting module path: explorer.exe2Report Id: explorer.exe3Faulting package full name: explorer.exe4Faulting package-relative application ID: explorer.exe5 Error: (07/29/2014 10:47:29 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (07/20/2014 10:23:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Superfetch service terminated with the following error: %%1062 Error: (07/15/2014 07:18:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Superfetch service terminated with the following error: %%1062 Error: (07/12/2014 09:53:42 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:36 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:30 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:24 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:18 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:12 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:53:06 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Error: (07/12/2014 09:52:59 PM) (Source: disk) (EventID: 7) (User: )Description: The device, \Device\Harddisk1\DR8, has a bad block. Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 26%Total physical RAM: 8071.27 MBAvailable physical RAM: 5936.62 MBTotal Pagefile: 9607.27 MBAvailable Pagefile: 7198.02 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:92.91 GB) (Free:23.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.35 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 119 GB) (Disk ID: CE05E53F) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 30, 2014 Author ID:860102 Share Posted July 30, 2014 And to answer the last portion of your last post of instructions - after completing those 3 steps, I am still experiencing the screen 'blip' that closes Windows Explorer. :-( Link to post Share on other sites More sharing options...
deeprybka Posted July 30, 2014 ID:860424 Share Posted July 30, 2014 Hi, Step 1 Please download TDSSKiller and save it to your Desktop.Start tdsskiller.exe with administrator privileges.Accept the EULA and the KSN Statement.Click on Change parameters.Make sure that all available options are checked and click OK.Click on Start scan.If any threats are found don't delete them but choose the Skip option for all of them.Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt). Copy and paste its contents in your next reply. Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 30, 2014 Author ID:860453 Share Posted July 30, 2014 In parts due to length: 15:58:05.0766 0x0f00 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:5815:58:05.0766 0x0f00 UEFI system15:58:06.0110 0x0f00 ============================================================15:58:06.0110 0x0f00 Current date / time: 2014/07/30 15:58:06.011015:58:06.0110 0x0f00 SystemInfo:15:58:06.0110 0x0f00 15:58:06.0110 0x0f00 OS Version: 6.3.9600 ServicePack: 0.015:58:06.0110 0x0f00 Product type: Workstation15:58:06.0110 0x0f00 ComputerName: TIMMMAAAAAY15:58:06.0110 0x0f00 UserName: Tim15:58:06.0110 0x0f00 Windows directory: C:\WINDOWS15:58:06.0110 0x0f00 System windows directory: C:\WINDOWS15:58:06.0110 0x0f00 Running under WOW6415:58:06.0110 0x0f00 Processor architecture: Intel x6415:58:06.0110 0x0f00 Number of processors: 415:58:06.0110 0x0f00 Page size: 0x100015:58:06.0110 0x0f00 Boot type: Normal boot15:58:06.0110 0x0f00 ============================================================15:58:06.0110 0x0f00 BG loaded15:58:06.0219 0x0f00 System UUID: {53A15526-03E1-59ED-438E-71E7244C5E7D}15:58:06.0813 0x0f00 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004015:58:06.0813 0x0f00 ============================================================15:58:06.0813 0x0f00 \Device\Harddisk0\DR0:15:58:06.0813 0x0f00 GPT partitions:15:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {36FB0CB4-1667-4BCB-B5FE-B326A4F99186}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F400015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3AAB3093-37A3-4794-B9C6-764EBCCD63C5}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x8200015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {80F24A1A-6C4B-4BA1-ADF5-DA09975ACD33}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F400015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {835E70B1-1E37-4E71-B37F-B9D661B39DAB}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x4000015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EC416C69-C753-4303-9B2C-6D05CD5901E9}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0xB9D180015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AC95342E-35B9-4165-BCE2-7E85DBBF231E}, Name: Basic data partition, StartLBA 0xBE7C000, BlocksNum 0x80000015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {15DD30FC-A5DD-4DB7-846D-A3D369B56D07}, Name: Basic data partition, StartLBA 0xC67C000, BlocksNum 0x100000015:58:06.0813 0x0f00 \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1CAD5B5D-089D-4088-A01E-42FC234314EA}, Name: Basic data partition, StartLBA 0xD67C000, BlocksNum 0x180000015:58:06.0813 0x0f00 MBR partitions:15:58:06.0813 0x0f00 ============================================================15:58:06.0813 0x0f00 C: <-> \Device\Harddisk0\DR0\Partition515:58:06.0813 0x0f00 D: <-> \Device\Harddisk0\DR0\Partition615:58:06.0813 0x0f00 ============================================================15:58:06.0813 0x0f00 Initialize success15:58:06.0813 0x0f00 ============================================================15:59:02.0903 0x16fc ============================================================15:59:02.0903 0x16fc Scan started15:59:02.0903 0x16fc Mode: Manual; SigCheck; TDLFS; 15:59:02.0903 0x16fc ============================================================15:59:02.0903 0x16fc KSN ping started15:59:05.0434 0x16fc KSN ping finished: true15:59:05.0789 0x16fc ================ Scan system memory ========================15:59:05.0789 0x16fc System memory - ok15:59:05.0790 0x16fc ================ Scan services =============================15:59:05.0861 0x16fc [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys15:59:05.0994 0x16fc 1394ohci - ok15:59:06.0011 0x16fc [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys15:59:06.0038 0x16fc 3ware - ok15:59:06.0067 0x16fc [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys15:59:06.0135 0x16fc ACPI - ok15:59:06.0146 0x16fc [ A273E88FAC37A4F819ED99FE4B642F4D, 994DC229B7B4379852928DF0B22E8E575AB239FD8904AF580AA36A44ED717CD9 ] acpials C:\WINDOWS\system32\DRIVERS\acpials.sys15:59:06.0166 0x16fc acpials - ok15:59:06.0175 0x16fc [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys15:59:06.0202 0x16fc acpiex - ok15:59:06.0210 0x16fc [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys15:59:06.0237 0x16fc acpipagr - ok15:59:06.0247 0x16fc [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys15:59:06.0272 0x16fc AcpiPmi - ok15:59:06.0279 0x16fc [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys15:59:06.0304 0x16fc acpitime - ok15:59:06.0315 0x16fc [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys15:59:06.0347 0x16fc ACPIVPC - ok15:59:06.0356 0x16fc [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe15:59:06.0382 0x16fc AdobeARMservice - ok15:59:06.0410 0x16fc [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS15:59:06.0463 0x16fc ADP80XX - ok15:59:06.0479 0x16fc [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll15:59:06.0502 0x16fc AeLookupSvc - ok15:59:06.0524 0x16fc [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys15:59:06.0557 0x16fc AFD - ok15:59:06.0568 0x16fc [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys15:59:06.0593 0x16fc agp440 - ok15:59:06.0604 0x16fc [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys15:59:06.0635 0x16fc ahcache - ok15:59:06.0644 0x16fc [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\WINDOWS\System32\alg.exe15:59:06.0684 0x16fc ALG - ok15:59:06.0694 0x16fc [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys15:59:06.0724 0x16fc AmdK8 - ok15:59:06.0738 0x16fc [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys15:59:06.0761 0x16fc AmdPPM - ok15:59:06.0771 0x16fc [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys15:59:06.0804 0x16fc amdsata - ok15:59:06.0818 0x16fc [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys15:59:06.0855 0x16fc amdsbs - ok15:59:06.0865 0x16fc [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys15:59:06.0888 0x16fc amdxata - ok15:59:06.0912 0x16fc [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe15:59:06.0947 0x16fc AntiVirSchedulerService - ok15:59:06.0964 0x16fc [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe15:59:06.0997 0x16fc AntiVirService - ok15:59:07.0032 0x16fc [ 1BF085C13A8F62E056E6201AFCF5E675, 8768E18A536ACCF3A0F0E31F9B5FF30054ACCF1CC0E77AC7A386EDBDFC663C63 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe15:59:07.0090 0x16fc AntiVirWebService - ok15:59:07.0104 0x16fc [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\WINDOWS\system32\drivers\appid.sys15:59:07.0138 0x16fc AppID - ok15:59:07.0150 0x16fc [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll15:59:07.0178 0x16fc AppIDSvc - ok15:59:07.0188 0x16fc [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo C:\WINDOWS\System32\appinfo.dll15:59:07.0215 0x16fc Appinfo - ok15:59:07.0225 0x16fc [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe15:59:07.0251 0x16fc Apple Mobile Device - ok15:59:07.0281 0x16fc [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll15:59:07.0338 0x16fc AppReadiness - ok15:59:07.0385 0x16fc [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll15:59:07.0447 0x16fc AppXSvc - ok15:59:07.0459 0x16fc [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys15:59:07.0492 0x16fc arcsas - ok15:59:07.0499 0x16fc [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys15:59:07.0525 0x16fc atapi - ok15:59:07.0541 0x16fc [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll15:59:07.0563 0x16fc AudioEndpointBuilder - ok15:59:07.0592 0x16fc [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll15:59:07.0635 0x16fc Audiosrv - ok15:59:07.0652 0x16fc [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys15:59:07.0680 0x16fc avgntflt - ok15:59:07.0687 0x16fc [ 7688C67BDF55500C1FDC8291230C397D, 68A4C3D7F7043C73113B1EE7A3DD8E98BC1D6F54CA7E4E1BFB2333A75CDE2DE0 ] avgtp C:\WINDOWS\system32\drivers\avgtpx64.sys15:59:07.0711 0x16fc avgtp - ok15:59:07.0724 0x16fc [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys15:59:07.0749 0x16fc avipbb - ok15:59:07.0757 0x16fc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys15:59:07.0784 0x16fc avkmgr - ok15:59:07.0797 0x16fc [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll15:59:07.0826 0x16fc AxInstSV - ok15:59:07.0850 0x16fc [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys15:59:07.0898 0x16fc b06bdrv - ok15:59:07.0905 0x16fc [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys15:59:07.0935 0x16fc BasicDisplay - ok15:59:07.0944 0x16fc [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys15:59:07.0966 0x16fc BasicRender - ok15:59:07.0977 0x16fc [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys15:59:07.0995 0x16fc bcmfn2 - ok15:59:08.0010 0x16fc [ 5BD3A2351BEFCAC8757626271F8EFA89, 6508673210129CF7EFCA93EC7874208FAD361E37814EB4FE9E0EC034E73D5F16 ] BDESVC C:\WINDOWS\System32\bdesvc.dll15:59:08.0047 0x16fc BDESVC - ok15:59:08.0053 0x16fc [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys15:59:08.0077 0x16fc Beep - ok15:59:08.0106 0x16fc [ BBE15881FE11BE37112F8320C41DAFB9, 5CE92563628812FF6E00556D8E2DAD6ADCAAF0F4C3B90123F1D98ED6E3BB6DAD ] BFE C:\WINDOWS\System32\bfe.dll15:59:08.0148 0x16fc BFE - ok15:59:08.0189 0x16fc [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\WINDOWS\System32\qmgr.dll15:59:08.0247 0x16fc BITS - ok15:59:08.0270 0x16fc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe15:59:08.0301 0x16fc Bonjour Service - ok15:59:08.0318 0x16fc [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys15:59:08.0348 0x16fc bowser - ok15:59:08.0367 0x16fc [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll15:59:08.0397 0x16fc BrokerInfrastructure - ok15:59:08.0409 0x16fc [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser C:\WINDOWS\System32\browser.dll15:59:08.0445 0x16fc Browser - ok15:59:08.0458 0x16fc [ FEA76BD5593F021E0422A3A1CE6DC07B, DBD0AFE012AFBB89C6CF2266A0B2EC89DE907E3A158F9722FCD5AD85A612D892 ] BTDevManager C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe15:59:08.0470 0x16fc BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )15:59:11.0068 0x16fc Detect skipped due to KSN trusted15:59:11.0068 0x16fc BTDevManager - ok15:59:11.0081 0x16fc [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys15:59:11.0115 0x16fc BthAvrcpTg - ok15:59:11.0131 0x16fc [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys15:59:11.0164 0x16fc BthEnum - ok15:59:11.0177 0x16fc [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys15:59:11.0208 0x16fc BthHFEnum - ok15:59:11.0224 0x16fc [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys15:59:11.0253 0x16fc bthhfhid - ok15:59:11.0269 0x16fc [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys15:59:11.0315 0x16fc BthLEEnum - ok15:59:11.0331 0x16fc [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys15:59:11.0365 0x16fc BTHMODEM - ok15:59:11.0380 0x16fc [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys15:59:11.0418 0x16fc BthPan - ok15:59:11.0481 0x16fc [ 92370F46AF28D54B67C135FA8C2AFCFC, B1C0DBF27D392DEA8786AB9479C6CCD5A5DBDF3BE25ABA5FC7C6DB6D3EEE739B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys15:59:11.0567 0x16fc BTHPORT - ok15:59:11.0590 0x16fc [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\WINDOWS\system32\bthserv.dll15:59:11.0612 0x16fc bthserv - ok15:59:11.0624 0x16fc [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys15:59:11.0670 0x16fc BTHUSB - ok15:59:11.0679 0x16fc [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys15:59:11.0720 0x16fc cdfs - ok15:59:11.0735 0x16fc [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys15:59:11.0797 0x16fc cdrom - ok15:59:11.0812 0x16fc [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll15:59:11.0860 0x16fc CertPropSvc - ok15:59:11.0872 0x16fc [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys15:59:11.0900 0x16fc circlass - ok15:59:11.0919 0x16fc [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys15:59:11.0964 0x16fc CLFS - ok15:59:11.0996 0x16fc [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys15:59:12.0022 0x16fc CmBatt - ok15:59:12.0046 0x16fc [ 1CD3A907D64D08F49208DA00B69BF35E, ABBD70FFCA0DE2274D855AFC08BF7BC0AA6D44EFC9FDBF7DF44B73CD5C210E28 ] CNG C:\WINDOWS\system32\Drivers\cng.sys15:59:12.0108 0x16fc CNG - ok15:59:12.0202 0x16fc [ B4C97854D48060EF8891B53AF3990D15, 5BD03C79954566DDDB58A73B0C735112CB24F1C090E0AB553595DC65D02CFFCC ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys15:59:12.0348 0x16fc CnxtHdAudService - ok15:59:12.0364 0x16fc [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys15:59:12.0409 0x16fc CompositeBus - ok15:59:12.0415 0x16fc COMSysApp - ok15:59:12.0425 0x16fc [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys15:59:12.0450 0x16fc condrv - ok15:59:12.0508 0x16fc [ 034643AFE2973A175E782AE530A0683C, C488572B971144D8A10F6EC8480175868913942896144D38BF49E3D8D1BC54F3 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe15:59:12.0565 0x16fc cphs - ok15:59:12.0591 0x16fc [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll15:59:12.0621 0x16fc CryptSvc - ok15:59:12.0640 0x16fc [ 48AED45DF009081AF3F5144F7D624674, 4425C15EB9E1177EE5134A33F63DAF7FF876577946DBF1EAD92C5614025113BB ] CxAudMsg C:\windows\system32\CxAudMsg64.exe15:59:12.0675 0x16fc CxAudMsg - ok15:59:12.0694 0x16fc [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys15:59:12.0823 0x16fc dam - ok15:59:12.0874 0x16fc [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll15:59:13.0042 0x16fc DcomLaunch - ok15:59:13.0069 0x16fc [ AF3FF97AC2A73E70F8A8D11FB694175B, 3AA25BF9DED08056F52ACF246118C13C8816B5E8AA4D8606DB7DAB4E4E6A9169 ] defragsvc C:\WINDOWS\System32\defragsvc.dll15:59:13.0133 0x16fc defragsvc - ok15:59:13.0166 0x16fc [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll15:59:13.0229 0x16fc DeviceAssociationService - ok15:59:13.0257 0x16fc [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll15:59:13.0333 0x16fc DeviceInstall - ok15:59:13.0345 0x16fc [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys15:59:13.0394 0x16fc Dfsc - ok15:59:13.0423 0x16fc [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys15:59:13.0462 0x16fc dg_ssudbus - ok15:59:13.0480 0x16fc [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll15:59:13.0531 0x16fc Dhcp - ok15:59:13.0555 0x16fc [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys15:59:13.0608 0x16fc disk - ok15:59:13.0619 0x16fc [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys15:59:13.0649 0x16fc dmvsc - ok15:59:13.0667 0x16fc [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll15:59:13.0699 0x16fc Dnscache - ok15:59:13.0717 0x16fc [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\WINDOWS\System32\dot3svc.dll15:59:13.0766 0x16fc dot3svc - ok15:59:13.0786 0x16fc [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\WINDOWS\system32\dps.dll15:59:13.0828 0x16fc DPS - ok15:59:13.0838 0x16fc [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys15:59:13.0864 0x16fc drmkaud - ok15:59:13.0878 0x16fc [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll15:59:13.0919 0x16fc DsmSvc - ok15:59:14.0009 0x16fc [ C7D252742946DD395670649742FBD73D, 333CC984CF318D36EA8C5867077A1732A214445EB6B7CF7AC2E8F1C8259CD9C7 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys15:59:14.0159 0x16fc DXGKrnl - ok15:59:14.0175 0x16fc [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\WINDOWS\System32\eapsvc.dll15:59:14.0211 0x16fc Eaphost - ok15:59:14.0336 0x16fc [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys15:59:14.0533 0x16fc ebdrv - ok15:59:14.0550 0x16fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\WINDOWS\System32\lsass.exe15:59:14.0573 0x16fc EFS - ok15:59:14.0586 0x16fc [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys15:59:14.0615 0x16fc EhStorClass - ok15:59:14.0629 0x16fc [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys15:59:14.0668 0x16fc EhStorTcgDrv - ok15:59:14.0679 0x16fc [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys15:59:14.0703 0x16fc ErrDev - ok15:59:14.0734 0x16fc [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\WINDOWS\system32\es.dll15:59:14.0778 0x16fc EventSystem - ok15:59:14.0793 0x16fc [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys15:59:14.0832 0x16fc exfat - ok15:59:14.0847 0x16fc [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys15:59:14.0882 0x16fc fastfat - ok15:59:14.0907 0x16fc [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\WINDOWS\system32\fxssvc.exe15:59:14.0971 0x16fc Fax - ok15:59:14.0978 0x16fc [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys15:59:15.0003 0x16fc fdc - ok15:59:15.0011 0x16fc [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\WINDOWS\system32\fdPHost.dll15:59:15.0040 0x16fc fdPHost - ok15:59:15.0045 0x16fc [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\WINDOWS\system32\fdrespub.dll15:59:15.0078 0x16fc FDResPub - ok15:59:15.0094 0x16fc [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\WINDOWS\system32\fhsvc.dll15:59:15.0122 0x16fc fhsvc - ok15:59:15.0134 0x16fc [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys15:59:15.0162 0x16fc FileInfo - ok15:59:15.0170 0x16fc [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys15:59:15.0206 0x16fc Filetrace - ok15:59:15.0222 0x16fc [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys15:59:15.0258 0x16fc flpydisk - ok15:59:15.0275 0x16fc [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys15:59:15.0326 0x16fc FltMgr - ok15:59:15.0374 0x16fc [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\WINDOWS\system32\FntCache.dll15:59:15.0433 0x16fc FontCache - ok15:59:15.0445 0x16fc [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe15:59:15.0470 0x16fc FontCache3.0.0.0 - ok15:59:15.0482 0x16fc [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys15:59:15.0505 0x16fc FsDepends - ok15:59:15.0512 0x16fc [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys15:59:15.0532 0x16fc Fs_Rec - ok15:59:15.0556 0x16fc [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys15:59:15.0587 0x16fc fvevol - ok15:59:15.0604 0x16fc [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys15:59:15.0621 0x16fc FxPPM - ok15:59:15.0631 0x16fc [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys15:59:15.0657 0x16fc gagp30kx - ok15:59:15.0664 0x16fc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys15:59:15.0682 0x16fc GEARAspiWDM - ok15:59:15.0691 0x16fc [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys15:59:15.0714 0x16fc gencounter - ok15:59:15.0726 0x16fc [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys15:59:15.0757 0x16fc GPIOClx0101 - ok15:59:15.0804 0x16fc [ 383DA813409316D69603C1D849834D24, E1AAD3AB567457B00B8A378D5BA37ED653EE451FF79D071A8815FB8B1EB90DAF ] gpsvc C:\WINDOWS\System32\gpsvc.dll15:59:15.0890 0x16fc gpsvc - ok15:59:15.0901 0x16fc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe15:59:15.0915 0x16fc gupdate - ok15:59:15.0921 0x16fc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe15:59:15.0939 0x16fc gupdatem - ok15:59:15.0949 0x16fc [ 498288DD5CA42C2D36D125893E968C53, 03B62FA51F9195D77170DCEFF3A93A6898AA96FB610044DDAE83767DA12745C5 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys15:59:15.0979 0x16fc HDAudBus - ok15:59:15.0992 0x16fc [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys15:59:16.0012 0x16fc HidBatt - ok15:59:16.0021 0x16fc [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys15:59:16.0050 0x16fc HidBth - ok15:59:16.0057 0x16fc [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys15:59:16.0085 0x16fc hidi2c - ok15:59:16.0095 0x16fc [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys15:59:16.0116 0x16fc HidIr - ok15:59:16.0124 0x16fc [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\WINDOWS\system32\hidserv.dll15:59:16.0144 0x16fc hidserv - ok15:59:16.0153 0x16fc [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys15:59:16.0178 0x16fc HidUsb - ok15:59:16.0193 0x16fc [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll15:59:16.0220 0x16fc hkmsvc - ok15:59:16.0237 0x16fc [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll15:59:16.0269 0x16fc HomeGroupListener - ok15:59:16.0292 0x16fc [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll15:59:16.0324 0x16fc HomeGroupProvider - ok15:59:16.0341 0x16fc [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys15:59:16.0368 0x16fc HpSAMD - ok15:59:16.0409 0x16fc [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys15:59:16.0460 0x16fc HTTP - ok15:59:16.0469 0x16fc [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys15:59:16.0489 0x16fc hwpolicy - ok15:59:16.0498 0x16fc [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys15:59:16.0521 0x16fc hyperkbd - ok15:59:16.0531 0x16fc [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys15:59:16.0554 0x16fc HyperVideo - ok15:59:16.0563 0x16fc [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys15:59:16.0603 0x16fc i8042prt - ok15:59:16.0614 0x16fc [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys15:59:16.0635 0x16fc iaLPSSi_GPIO - ok15:59:16.0647 0x16fc [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys15:59:16.0672 0x16fc iaLPSSi_I2C - ok15:59:16.0700 0x16fc [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys15:59:16.0750 0x16fc iaStorAV - ok15:59:16.0772 0x16fc [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys15:59:16.0812 0x16fc iaStorV - ok15:59:16.0884 0x16fc [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe15:59:16.0998 0x16fc IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )15:59:19.0696 0x16fc IconMan_R ( UnsignedFile.Multi.Generic ) - warning15:59:19.0696 0x16fc Force sending object to P2P due to detect: IconMan_R15:59:22.0384 0x16fc Object send P2P result: true15:59:24.0922 0x16fc IEEtwCollectorService - ok15:59:25.0067 0x16fc [ 7A5A61997B5404C8EDDFCC62378164DC, C2BCA8A2AA2DFCCF3489FC7F0F366ABBDC8606CFC6397CD7B17C8CD4A28DD17F ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys15:59:25.0294 0x16fc igfx - ok15:59:25.0345 0x16fc [ CFE7F0267B0C3077042FF291949B5546, 7B8C432632D0210119BFF57D4994F2B8F75307A9D6867353AF93BBA3F561595B ] IKEEXT C:\WINDOWS\System32\ikeext.dll15:59:25.0415 0x16fc IKEEXT - ok15:59:25.0429 0x16fc [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys15:59:25.0451 0x16fc intaud_WaveExtensible - ok15:59:25.0469 0x16fc [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys15:59:25.0504 0x16fc IntcDAud - ok15:59:25.0531 0x16fc [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe15:59:25.0580 0x16fc Intel® Capability Licensing Service Interface - ok15:59:25.0594 0x16fc [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys15:59:25.0616 0x16fc intelide - ok15:59:25.0625 0x16fc [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys15:59:25.0652 0x16fc intelpep - ok15:59:25.0667 0x16fc [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys15:59:25.0699 0x16fc intelppm - ok15:59:25.0711 0x16fc [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys15:59:25.0747 0x16fc IpFilterDriver - ok15:59:25.0788 0x16fc [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll15:59:25.0841 0x16fc iphlpsvc - ok15:59:25.0857 0x16fc [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys15:59:25.0890 0x16fc IPMIDRV - ok15:59:25.0908 0x16fc [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys15:59:25.0946 0x16fc IPNAT - ok15:59:25.0973 0x16fc [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe15:59:26.0004 0x16fc iPod Service - ok15:59:26.0015 0x16fc [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys15:59:26.0050 0x16fc IRENUM - ok15:59:26.0056 0x16fc [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv C:\WINDOWS\System32\drivers\irstrtdv.sys15:59:26.0081 0x16fc irstrtdv - ok15:59:26.0111 0x16fc [ E145E934392E7A49FDC6775AC3A347F8, 8E5DBC8C34FB3B68851489E0860BA3ACE6CDF46BB5E2AEFD1DEF6E895566068B ] irstrtsv C:\windows\SysWOW64\irstrtsv.exe15:59:26.0151 0x16fc irstrtsv - ok15:59:26.0161 0x16fc [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys15:59:26.0180 0x16fc isapnp - ok15:59:26.0199 0x16fc [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys15:59:26.0243 0x16fc iScsiPrt - ok15:59:26.0255 0x16fc [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys15:59:26.0278 0x16fc iwdbus - ok15:59:26.0290 0x16fc [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe15:59:26.0317 0x16fc jhi_service - ok15:59:26.0331 0x16fc [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys15:59:26.0359 0x16fc kbdclass - ok15:59:26.0370 0x16fc [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys15:59:26.0399 0x16fc kbdhid - ok15:59:26.0406 0x16fc [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys15:59:26.0438 0x16fc kdnic - ok15:59:26.0447 0x16fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\WINDOWS\system32\lsass.exe15:59:26.0467 0x16fc KeyIso - ok15:59:26.0476 0x16fc [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys15:59:26.0511 0x16fc KSecDD - ok15:59:26.0523 0x16fc [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys15:59:26.0561 0x16fc KSecPkg - ok15:59:26.0570 0x16fc [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys15:59:26.0592 0x16fc ksthunk - ok15:59:26.0611 0x16fc [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll15:59:26.0660 0x16fc KtmRm - ok15:59:26.0680 0x16fc [ 46378ECCB4A29AA81BF296641C2501EF, 5AB79BD824C00EF1338FDB8450692318AB14E0AE4145C30B37136767DFC1E4F9 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll15:59:26.0715 0x16fc LanmanServer - ok15:59:26.0732 0x16fc [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll15:59:26.0761 0x16fc LanmanWorkstation - ok15:59:26.0772 0x16fc [ 2D4DB08B74F50988800ACA227598E68B, 5C2251BC51E57CDC35D9C3B7EB6FB2958A4629095E3F63D488DF477E9AE68F95 ] leymc C:\WINDOWS\system32\DRIVERS\leymc.sys15:59:26.0794 0x16fc leymc - ok15:59:26.0815 0x16fc [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll15:59:26.0865 0x16fc lfsvc - ok15:59:26.0874 0x16fc [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\WINDOWS\system32\DRIVERS\LhdX64.sys15:59:26.0895 0x16fc LHDmgr - ok15:59:26.0902 0x16fc [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys15:59:26.0939 0x16fc lltdio - ok15:59:26.0956 0x16fc [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll15:59:27.0000 0x16fc lltdsvc - ok15:59:27.0011 0x16fc [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll15:59:27.0040 0x16fc lmhosts - ok15:59:27.0052 0x16fc [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe15:59:27.0091 0x16fc LMS - ok15:59:27.0106 0x16fc [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys15:59:27.0140 0x16fc LSI_SAS - ok15:59:27.0150 0x16fc [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys15:59:27.0181 0x16fc LSI_SAS2 - ok15:59:27.0195 0x16fc [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys15:59:27.0221 0x16fc LSI_SAS3 - ok15:59:27.0234 0x16fc [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys15:59:27.0262 0x16fc LSI_SSS - ok15:59:27.0292 0x16fc [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\WINDOWS\System32\lsm.dll15:59:27.0345 0x16fc LSM - ok15:59:27.0356 0x16fc [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys15:59:27.0384 0x16fc luafv - ok15:59:27.0392 0x16fc [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys15:59:27.0417 0x16fc megasas - ok15:59:27.0444 0x16fc [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys15:59:27.0491 0x16fc megasr - ok15:59:27.0505 0x16fc [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys15:59:27.0522 0x16fc MEIx64 - ok15:59:27.0535 0x16fc [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe15:59:27.0560 0x16fc Microsoft Office Groove Audit Service - ok15:59:27.0569 0x16fc [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\WINDOWS\system32\mmcss.dll15:59:27.0591 0x16fc MMCSS - ok15:59:27.0603 0x16fc [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys15:59:27.0629 0x16fc Modem - ok15:59:27.0637 0x16fc [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys15:59:27.0663 0x16fc monitor - ok15:59:27.0674 0x16fc [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys15:59:27.0705 0x16fc mouclass - ok15:59:27.0712 0x16fc [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys15:59:27.0740 0x16fc mouhid - ok15:59:27.0752 0x16fc [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys15:59:27.0777 0x16fc mountmgr - ok15:59:27.0786 0x16fc [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys15:59:27.0817 0x16fc mpsdrv - ok15:59:27.0852 0x16fc [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll15:59:27.0897 0x16fc MpsSvc - ok15:59:27.0910 0x16fc [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys15:59:27.0941 0x16fc MRxDAV - ok15:59:27.0964 0x16fc [ 0696F66E4D423793951A60562F794D14, E808E4E160C019F2F10762758F48C4565037974775CD267DF06B8B4A2CE26705 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys15:59:27.0995 0x16fc mrxsmb - ok15:59:28.0015 0x16fc [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys15:59:28.0053 0x16fc mrxsmb10 - ok15:59:28.0064 0x16fc [ DBA635C6398782C549E3BE45CF1D0411, E9806E075F401D3E7357E876C7F941F7DAFFBBEE065DC3FE556014F5D92EDAC0 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys15:59:28.0096 0x16fc mrxsmb20 - ok15:59:28.0108 0x16fc [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys15:59:28.0130 0x16fc MsBridge - ok15:59:28.0142 0x16fc [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\WINDOWS\System32\msdtc.exe15:59:28.0176 0x16fc MSDTC - ok15:59:28.0188 0x16fc [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys15:59:28.0213 0x16fc Msfs - ok15:59:28.0227 0x16fc [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys15:59:28.0249 0x16fc msgpiowin32 - ok15:59:28.0254 0x16fc [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys15:59:28.0275 0x16fc mshidkmdf - ok15:59:28.0283 0x16fc [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys15:59:28.0301 0x16fc mshidumdf - ok15:59:28.0312 0x16fc [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys15:59:28.0339 0x16fc msisadrv - ok15:59:28.0351 0x16fc [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll15:59:28.0384 0x16fc MSiSCSI - ok15:59:28.0390 0x16fc msiserver - ok15:59:28.0403 0x16fc [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys15:59:28.0437 0x16fc MSKSSRV - ok15:59:28.0454 0x16fc [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys15:59:28.0487 0x16fc MsLldp - ok15:59:28.0496 0x16fc [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys15:59:28.0519 0x16fc MSPCLOCK - ok15:59:28.0531 0x16fc [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys15:59:28.0548 0x16fc MSPQM - ok15:59:28.0568 0x16fc [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys15:59:28.0608 0x16fc MsRPC - ok15:59:28.0620 0x16fc [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys15:59:28.0644 0x16fc mssmbios - ok15:59:28.0654 0x16fc [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys15:59:28.0672 0x16fc MSTEE - ok15:59:28.0681 0x16fc [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys15:59:28.0703 0x16fc MTConfig - ok15:59:28.0713 0x16fc [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys15:59:28.0746 0x16fc Mup - ok15:59:28.0754 0x16fc [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys15:59:28.0783 0x16fc mvumis - ok15:59:28.0807 0x16fc [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\WINDOWS\system32\qagentRT.dll15:59:28.0843 0x16fc napagent - ok15:59:28.0861 0x16fc [ 78514B073CC5775800A65BFB82A0D66B, DCD18E277569F23921E899F508860F89ABD417C74A7776152A4463284A989488 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys15:59:28.0912 0x16fc NativeWifiP - ok15:59:28.0923 0x16fc [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll15:59:28.0956 0x16fc NcaSvc - ok15:59:28.0968 0x16fc [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\WINDOWS\System32\ncbservice.dll15:59:28.0994 0x16fc NcbService - ok15:59:29.0003 0x16fc [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll15:59:29.0050 0x16fc NcdAutoSetup - ok15:59:29.0095 0x16fc [ F21B77B4D74092A543807D3CEB711A88, 5C3C17A10E990070FAB317C0C5333DE768E408CAF43EC4FA9D18116C6EE3B3DC ] NDIS C:\WINDOWS\system32\drivers\ndis.sys15:59:29.0158 0x16fc NDIS - ok15:59:29.0168 0x16fc [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys15:59:29.0199 0x16fc NdisCap - ok15:59:29.0213 0x16fc [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys15:59:29.0252 0x16fc NdisImPlatform - ok15:59:29.0262 0x16fc [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys15:59:29.0292 0x16fc NdisTapi - ok15:59:29.0299 0x16fc [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys15:59:29.0329 0x16fc Ndisuio - ok15:59:29.0343 0x16fc [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys15:59:29.0362 0x16fc NdisVirtualBus - ok15:59:29.0374 0x16fc [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys15:59:29.0415 0x16fc NdisWan - ok15:59:29.0425 0x16fc [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys15:59:29.0454 0x16fc NdisWanLegacy - ok15:59:29.0472 0x16fc [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys15:59:29.0503 0x16fc NDProxy - ok15:59:29.0512 0x16fc [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys15:59:29.0550 0x16fc Ndu - ok15:59:29.0560 0x16fc [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys15:59:29.0591 0x16fc NetBIOS - ok15:59:29.0608 0x16fc [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys15:59:29.0652 0x16fc NetBT - ok15:59:29.0662 0x16fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\WINDOWS\system32\lsass.exe15:59:29.0678 0x16fc Netlogon - ok15:59:29.0690 0x16fc [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\WINDOWS\System32\netman.dll15:59:29.0724 0x16fc Netman - ok15:59:29.0752 0x16fc [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\WINDOWS\System32\netprofmsvc.dll15:59:29.0781 0x16fc netprofm - ok15:59:29.0796 0x16fc [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe15:59:29.0827 0x16fc NetTcpPortSharing - ok15:59:29.0837 0x16fc [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\WINDOWS\system32\DRIVERS\netvsc63.sys15:59:29.0859 0x16fc netvsc - ok15:59:29.0870 0x16fc [ 8CE7F624D791733E8CECFA443B2DF513, 0401C55596FA5A867C5F3833ABC3B90D493F5F83E541FFBC2D312BF0AF8536AB ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe15:59:29.0905 0x16fc NitroDriverReadSpool2 - ok15:59:29.0923 0x16fc [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\WINDOWS\System32\nlasvc.dll15:59:29.0949 0x16fc NlaSvc - ok15:59:29.0976 0x16fc [ AAAE3B793B248A3DF86C65928484AB9A, ECB9E33C1BEAAA59A77001661A313C6819362F3B047819D00D5E3D863591D1C0 ] nlsX86cc C:\windows\SysWOW64\NLSSRV32.EXE15:59:29.0993 0x16fc nlsX86cc - ok15:59:29.0999 0x16fc [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys15:59:30.0016 0x16fc Npfs - ok Link to post Share on other sites More sharing options...
vtsoxfn7 Posted July 30, 2014 Author ID:860454 Share Posted July 30, 2014 15:59:30.0021 0x16fc [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys15:59:30.0054 0x16fc npsvctrig - ok15:59:30.0061 0x16fc [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\WINDOWS\system32\nsisvc.dll15:59:30.0080 0x16fc nsi - ok15:59:30.0086 0x16fc [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys15:59:30.0101 0x16fc nsiproxy - ok15:59:30.0171 0x16fc [ 1C80517BE6836A812F6A9B99B8321351, 7DBED4633820E201C9C242D961EF6F25BA2B1D5593BA60F707CC71A4014C2D4B ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys15:59:30.0273 0x16fc Ntfs - ok15:59:30.0288 0x16fc [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys15:59:30.0311 0x16fc Null - ok15:59:30.0321 0x16fc [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys15:59:30.0353 0x16fc nvraid - ok15:59:30.0365 0x16fc [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys15:59:30.0391 0x16fc nvstor - ok15:59:30.0397 0x16fc [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys15:59:30.0420 0x16fc nv_agp - ok15:59:30.0441 0x16fc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE15:59:30.0490 0x16fc odserv - ok15:59:30.0500 0x16fc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE15:59:30.0531 0x16fc ose - ok15:59:30.0566 0x16fc [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll15:59:30.0600 0x16fc p2pimsvc - ok15:59:30.0630 0x16fc [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\WINDOWS\system32\p2psvc.dll15:59:30.0680 0x16fc p2psvc - ok15:59:30.0691 0x16fc [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys15:59:30.0724 0x16fc Parport - ok15:59:30.0735 0x16fc [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys15:59:30.0761 0x16fc partmgr - ok15:59:30.0786 0x16fc [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll15:59:30.0813 0x16fc PcaSvc - ok15:59:30.0833 0x16fc [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci C:\WINDOWS\system32\drivers\pci.sys15:59:30.0870 0x16fc pci - ok15:59:30.0876 0x16fc [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys15:59:30.0891 0x16fc pciide - ok15:59:30.0903 0x16fc [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys15:59:30.0935 0x16fc pcmcia - ok15:59:30.0946 0x16fc [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys15:59:30.0961 0x16fc pcw - ok15:59:30.0967 0x16fc [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc C:\WINDOWS\system32\drivers\pdc.sys15:59:30.0997 0x16fc pdc - ok15:59:31.0027 0x16fc [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys15:59:31.0083 0x16fc PEAUTH - ok15:59:31.0093 0x16fc [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe15:59:31.0114 0x16fc PerfHost - ok15:59:31.0175 0x16fc [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\WINDOWS\system32\pla.dll15:59:31.0264 0x16fc pla - ok15:59:31.0277 0x16fc [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll15:59:31.0299 0x16fc PlugPlay - ok15:59:31.0307 0x16fc [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll15:59:31.0334 0x16fc PNRPAutoReg - ok15:59:31.0350 0x16fc [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll15:59:31.0374 0x16fc PNRPsvc - ok15:59:31.0396 0x16fc [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll15:59:31.0435 0x16fc PolicyAgent - ok15:59:31.0449 0x16fc [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\WINDOWS\system32\umpo.dll15:59:31.0469 0x16fc Power - ok15:59:31.0560 0x16fc [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll15:59:31.0732 0x16fc PrintNotify - ok15:59:31.0747 0x16fc [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys15:59:31.0775 0x16fc Processor - ok15:59:31.0792 0x16fc [ B2A890D96C05E33FDD2BF3F3D4D0DF92, 3A29E17424429A5654D906E420D938148F09F57457356EFA72DA003B73F2D81E ] ProfSvc C:\WINDOWS\system32\profsvc.dll15:59:31.0815 0x16fc ProfSvc - ok15:59:31.0826 0x16fc [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys15:59:31.0849 0x16fc Psched - ok15:59:31.0863 0x16fc [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\WINDOWS\system32\qwave.dll15:59:31.0903 0x16fc QWAVE - ok15:59:31.0912 0x16fc [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys15:59:31.0941 0x16fc QWAVEdrv - ok15:59:31.0947 0x16fc [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys15:59:31.0972 0x16fc RasAcd - ok15:59:31.0990 0x16fc [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\WINDOWS\System32\rasauto.dll15:59:32.0022 0x16fc RasAuto - ok15:59:32.0050 0x16fc [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\WINDOWS\System32\rasmans.dll15:59:32.0096 0x16fc RasMan - ok15:59:32.0106 0x16fc [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys15:59:32.0138 0x16fc RasPppoe - ok15:59:32.0158 0x16fc [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys15:59:32.0201 0x16fc rdbss - ok15:59:32.0212 0x16fc [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys15:59:32.0244 0x16fc rdpbus - ok15:59:32.0257 0x16fc [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys15:59:32.0293 0x16fc RDPDR - ok15:59:32.0307 0x16fc [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys15:59:32.0331 0x16fc RdpVideoMiniport - ok15:59:32.0348 0x16fc [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys15:59:32.0385 0x16fc rdyboost - ok15:59:32.0422 0x16fc [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys15:59:32.0494 0x16fc ReFS - ok15:59:32.0509 0x16fc [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll15:59:32.0546 0x16fc RemoteAccess - ok15:59:32.0557 0x16fc [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll15:59:32.0601 0x16fc RemoteRegistry - ok15:59:32.0615 0x16fc [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys15:59:32.0650 0x16fc RFCOMM - ok15:59:32.0661 0x16fc [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll15:59:32.0686 0x16fc RpcEptMapper - ok15:59:32.0694 0x16fc [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\WINDOWS\system32\locator.exe15:59:32.0713 0x16fc RpcLocator - ok15:59:32.0741 0x16fc [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\WINDOWS\system32\rpcss.dll15:59:32.0783 0x16fc RpcSs - ok15:59:32.0792 0x16fc [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys15:59:32.0831 0x16fc rspndr - ok15:59:32.0848 0x16fc [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys15:59:32.0879 0x16fc RSUSBVSTOR - ok15:59:32.0903 0x16fc [ 243E5A4B340B76B132F0C6545690B601, 73497A2BD843A2B640E1055EE1987A6541DF60B0F6E1CFD4F3557EC4B698FC2C ] RtkBtFilter C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys15:59:32.0945 0x16fc RtkBtFilter - ok15:59:33.0013 0x16fc [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu C:\WINDOWS\system32\DRIVERS\rtwlanu.sys15:59:33.0110 0x16fc RtlWlanu - ok15:59:33.0123 0x16fc [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys15:59:33.0149 0x16fc s3cap - ok15:59:33.0157 0x16fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\WINDOWS\system32\lsass.exe15:59:33.0175 0x16fc SamSs - ok15:59:33.0189 0x16fc [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys15:59:33.0214 0x16fc sbp2port - ok15:59:33.0227 0x16fc [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll15:59:33.0265 0x16fc SCardSvr - ok15:59:33.0276 0x16fc [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll15:59:33.0309 0x16fc ScDeviceEnum - ok15:59:33.0317 0x16fc [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys15:59:33.0349 0x16fc scfilter - ok15:59:33.0390 0x16fc [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule C:\WINDOWS\system32\schedsvc.dll15:59:33.0444 0x16fc Schedule - ok15:59:33.0463 0x16fc [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll15:59:33.0493 0x16fc SCPolicySvc - ok15:59:33.0509 0x16fc [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys15:59:33.0555 0x16fc sdbus - ok15:59:33.0571 0x16fc [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys15:59:33.0598 0x16fc sdstor - ok15:59:33.0607 0x16fc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys15:59:33.0628 0x16fc secdrv - ok15:59:33.0641 0x16fc [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\WINDOWS\system32\seclogon.dll15:59:33.0662 0x16fc seclogon - ok15:59:33.0670 0x16fc [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\WINDOWS\System32\sens.dll15:59:33.0698 0x16fc SENS - ok15:59:33.0716 0x16fc [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] SensorsAlsDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys15:59:33.0742 0x16fc SensorsAlsDriver - ok15:59:33.0752 0x16fc [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] SensorsHIDClassDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys15:59:33.0777 0x16fc SensorsHIDClassDriver - ok15:59:33.0795 0x16fc [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] SensorsServiceDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys15:59:33.0823 0x16fc SensorsServiceDriver - ok15:59:33.0840 0x16fc [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll15:59:33.0865 0x16fc SensrSvc - ok15:59:33.0873 0x16fc [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys15:59:33.0900 0x16fc SerCx - ok15:59:33.0911 0x16fc [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys15:59:33.0939 0x16fc SerCx2 - ok15:59:33.0948 0x16fc [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys15:59:33.0979 0x16fc Serenum - ok15:59:33.0995 0x16fc [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys15:59:34.0025 0x16fc Serial - ok15:59:34.0037 0x16fc [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys15:59:34.0055 0x16fc sermouse - ok15:59:34.0081 0x16fc [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\WINDOWS\system32\sessenv.dll15:59:34.0124 0x16fc SessionEnv - ok15:59:34.0130 0x16fc [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys15:59:34.0150 0x16fc sfloppy - ok15:59:34.0171 0x16fc [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll15:59:34.0208 0x16fc SharedAccess - ok15:59:34.0229 0x16fc [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll15:59:34.0277 0x16fc ShellHWDetection - ok15:59:34.0285 0x16fc [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys15:59:34.0300 0x16fc SiSRaid2 - ok15:59:34.0314 0x16fc [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys15:59:34.0340 0x16fc SiSRaid4 - ok15:59:34.0349 0x16fc [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\WINDOWS\System32\smphost.dll15:59:34.0378 0x16fc smphost - ok15:59:34.0395 0x16fc [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe15:59:34.0423 0x16fc SNMPTRAP - ok15:59:34.0441 0x16fc [ 33977549C2CED09936E05BEE7659EAFF, EB95C72ED0EAC59A50E6882B2501049191A796542C42414FAF0028907C669B21 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys15:59:34.0479 0x16fc spaceport - ok15:59:34.0489 0x16fc [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys15:59:34.0514 0x16fc SpbCx - ok15:59:34.0541 0x16fc [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler C:\WINDOWS\System32\spoolsv.exe15:59:34.0592 0x16fc Spooler - ok15:59:34.0801 0x16fc [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe15:59:35.0128 0x16fc sppsvc - ok15:59:35.0180 0x16fc [ 4070099946C0ED03E2C484BD4F136150, B6097D41E2BEDFCC9861B1F348A8B544DDA9044D7AB053DA59502DF8B2D1B967 ] SPUVCbv C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys15:59:35.0267 0x16fc SPUVCbv - ok15:59:35.0293 0x16fc [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys15:59:35.0354 0x16fc srv - ok15:59:35.0384 0x16fc [ FD163F487CBA9C98AFFEB546C80F49A2, 18DAAD173C0517F7BBF5D0C914302D98931E3BA6DAA36DC91D8DB0743EC40563 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys15:59:35.0425 0x16fc srv2 - ok15:59:35.0443 0x16fc [ 716059F37BCCB1ABEDE99EBE82E8E362, 05F27B0FABBBC0E324F06D20ABEF51EDA3316C9F7F85C1AD24639CD6DE1BC8AC ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys15:59:35.0491 0x16fc srvnet - ok15:59:35.0505 0x16fc [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll15:59:35.0538 0x16fc SSDPSRV - ok15:59:35.0549 0x16fc [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll15:59:35.0593 0x16fc SstpSvc - ok15:59:35.0606 0x16fc [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys15:59:35.0643 0x16fc ssudmdm - ok15:59:35.0652 0x16fc [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys15:59:35.0681 0x16fc stexstor - ok15:59:35.0710 0x16fc [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\WINDOWS\System32\wiaservc.dll15:59:35.0766 0x16fc stisvc - ok15:59:35.0778 0x16fc [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys15:59:35.0802 0x16fc storahci - ok15:59:35.0812 0x16fc [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys15:59:35.0842 0x16fc storflt - ok15:59:35.0850 0x16fc [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys15:59:35.0883 0x16fc stornvme - ok15:59:35.0897 0x16fc [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\WINDOWS\system32\storsvc.dll15:59:35.0924 0x16fc StorSvc - ok15:59:35.0934 0x16fc [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys15:59:35.0959 0x16fc storvsc - ok15:59:35.0967 0x16fc [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\WINDOWS\system32\svsvc.dll15:59:36.0011 0x16fc svsvc - ok15:59:36.0018 0x16fc [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\WINDOWS\System32\drivers\swenum.sys15:59:36.0036 0x16fc swenum - ok15:59:36.0068 0x16fc [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\WINDOWS\System32\swprv.dll15:59:36.0131 0x16fc swprv - ok15:59:36.0154 0x16fc [ 9428093A8084B2F410D0EEB8F29AF105, 254A7715139F245513DB5DD067F0F3609A7F10357D84EE3408187348B41376CE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys15:59:36.0194 0x16fc SynTP - ok15:59:36.0239 0x16fc [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\WINDOWS\system32\sysmain.dll15:59:36.0297 0x16fc SysMain - ok15:59:36.0321 0x16fc [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll15:59:36.0356 0x16fc SystemEventsBroker - ok15:59:36.0367 0x16fc [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll15:59:36.0398 0x16fc TabletInputService - ok15:59:36.0416 0x16fc [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll15:59:36.0455 0x16fc TapiSrv - ok15:59:36.0542 0x16fc [ 4B666AE119D2ADBAC816BEA7DB4D6881, FCF90241548B893B01CE016D1F0B3D1564B6A4B39ADFBAE077A52F5D8240C8C4 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys15:59:36.0657 0x16fc Tcpip - ok15:59:36.0745 0x16fc [ 4B666AE119D2ADBAC816BEA7DB4D6881, FCF90241548B893B01CE016D1F0B3D1564B6A4B39ADFBAE077A52F5D8240C8C4 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys15:59:36.0849 0x16fc TCPIP6 - ok15:59:36.0865 0x16fc [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys15:59:36.0895 0x16fc tcpipreg - ok15:59:36.0907 0x16fc [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys15:59:36.0943 0x16fc tdx - ok15:59:36.0950 0x16fc [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys15:59:36.0977 0x16fc terminpt - ok15:59:37.0018 0x16fc [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService C:\WINDOWS\System32\termsrv.dll15:59:37.0085 0x16fc TermService - ok15:59:37.0097 0x16fc [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\WINDOWS\system32\themeservice.dll15:59:37.0147 0x16fc Themes - ok15:59:37.0156 0x16fc [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\WINDOWS\system32\mmcss.dll15:59:37.0178 0x16fc THREADORDER - ok15:59:37.0192 0x16fc [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll15:59:37.0224 0x16fc TimeBroker - ok15:59:37.0238 0x16fc [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys15:59:37.0271 0x16fc TPM - ok15:59:37.0283 0x16fc [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\WINDOWS\System32\trkwks.dll15:59:37.0306 0x16fc TrkWks - ok15:59:37.0319 0x16fc [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe15:59:37.0350 0x16fc TrustedInstaller - ok15:59:37.0367 0x16fc [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys15:59:37.0392 0x16fc TsUsbFlt - ok15:59:37.0399 0x16fc [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys15:59:37.0422 0x16fc TsUsbGD - ok15:59:37.0435 0x16fc [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys15:59:37.0478 0x16fc tunnel - ok15:59:37.0488 0x16fc [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys15:59:37.0520 0x16fc uagp35 - ok15:59:37.0532 0x16fc [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys15:59:37.0560 0x16fc UASPStor - ok15:59:37.0578 0x16fc [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys15:59:37.0608 0x16fc UCX01000 - ok15:59:37.0622 0x16fc [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys15:59:37.0667 0x16fc udfs - ok15:59:37.0675 0x16fc [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys15:59:37.0698 0x16fc UEFI - ok15:59:37.0710 0x16fc [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe15:59:37.0747 0x16fc UI0Detect - ok15:59:37.0759 0x16fc [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys15:59:37.0786 0x16fc uliagpkx - ok15:59:37.0795 0x16fc [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys15:59:37.0820 0x16fc umbus - ok15:59:37.0829 0x16fc [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys15:59:37.0850 0x16fc UmPass - ok15:59:37.0864 0x16fc [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\WINDOWS\System32\umrdp.dll15:59:37.0899 0x16fc UmRdpService - ok15:59:37.0918 0x16fc [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe15:59:37.0961 0x16fc UNS - ok15:59:37.0980 0x16fc [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\WINDOWS\System32\upnphost.dll15:59:38.0029 0x16fc upnphost - ok15:59:38.0038 0x16fc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys15:59:38.0063 0x16fc USBAAPL64 - ok15:59:38.0073 0x16fc [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys15:59:38.0103 0x16fc usbccgp - ok15:59:38.0116 0x16fc [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys15:59:38.0146 0x16fc usbcir - ok15:59:38.0157 0x16fc [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys15:59:38.0216 0x16fc usbehci - ok15:59:38.0241 0x16fc [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys15:59:38.0292 0x16fc usbhub - ok15:59:38.0316 0x16fc [ CFC52C49BEFE4D70D87FFA900EAB9777, 09A2F5D8AB07C3AE3F2B092F4DD7AE5838736CDC263016F188B442B32EC928F8 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys15:59:38.0362 0x16fc USBHUB3 - ok15:59:38.0371 0x16fc [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys15:59:38.0396 0x16fc usbohci - ok15:59:38.0404 0x16fc [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys15:59:38.0429 0x16fc usbprint - ok15:59:38.0437 0x16fc [ F3F90825C416B264D016AA9D02C244C4, EEBB594BFF2FB52521995211858C9DB90CD317C5C0E2FB61BF837078BC438FD3 ] usbrndis6 C:\WINDOWS\system32\DRIVERS\usb80236.sys15:59:38.0464 0x16fc usbrndis6 - ok15:59:38.0478 0x16fc [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS15:59:38.0506 0x16fc USBSTOR - ok15:59:38.0513 0x16fc [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys15:59:38.0537 0x16fc usbuhci - ok15:59:38.0559 0x16fc [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS15:59:38.0583 0x16fc USBXHCI - ok15:59:38.0590 0x16fc [ 3CAAB947B1F247A570DE15983BEDEBCF, 81480D999F67A1755D5C21CE046FB439F0FBD743F73D23C19BC8C4DEB78A4F91 ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys15:59:38.0612 0x16fc usb_rndisx - ok15:59:38.0621 0x16fc [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\WINDOWS\system32\lsass.exe15:59:38.0637 0x16fc VaultSvc - ok15:59:38.0646 0x16fc [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys15:59:38.0672 0x16fc vdrvroot - ok15:59:38.0716 0x16fc [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\WINDOWS\System32\vds.exe15:59:38.0792 0x16fc vds - ok15:59:38.0806 0x16fc [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys15:59:38.0841 0x16fc VerifierExt - ok15:59:38.0871 0x16fc [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys15:59:38.0937 0x16fc vhdmp - ok15:59:38.0949 0x16fc [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys15:59:38.0971 0x16fc viaide - ok15:59:38.0981 0x16fc [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys15:59:39.0005 0x16fc vmbus - ok15:59:39.0013 0x16fc [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys15:59:39.0034 0x16fc VMBusHID - ok15:59:39.0058 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll15:59:39.0102 0x16fc vmicguestinterface - ok15:59:39.0123 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll15:59:39.0159 0x16fc vmicheartbeat - ok15:59:39.0181 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll15:59:39.0210 0x16fc vmickvpexchange - ok15:59:39.0227 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll15:59:39.0260 0x16fc vmicrdv - ok15:59:39.0282 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll15:59:39.0315 0x16fc vmicshutdown - ok15:59:39.0335 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll15:59:39.0364 0x16fc vmictimesync - ok15:59:39.0384 0x16fc [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\WINDOWS\System32\ICSvc.dll15:59:39.0406 0x16fc vmicvss - ok15:59:39.0415 0x16fc [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys15:59:39.0435 0x16fc volmgr - ok15:59:39.0451 0x16fc [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys15:59:39.0490 0x16fc volmgrx - ok15:59:39.0508 0x16fc [ 4BB9BC49DEE1A319EC58274A7BBED663, 624491089623A5B68C01A6A000E60D450E8E467619ACEBB90C6FDED0CF670F95 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys15:59:39.0542 0x16fc volsnap - ok15:59:39.0551 0x16fc [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\WINDOWS\System32\drivers\vpci.sys15:59:39.0569 0x16fc vpci - ok15:59:39.0576 0x16fc [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys15:59:39.0599 0x16fc vsmraid - ok15:59:39.0639 0x16fc [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\WINDOWS\system32\vssvc.exe15:59:39.0701 0x16fc VSS - ok15:59:39.0717 0x16fc [ 08
Recommended Posts