Jump to content

Recommended Posts

I made the mistake this past weekend of beginning to install the WMP x264 codec (I was prompted to when a video file would not play on my laptop).  I opened the install file but cancelled out of it without beginning the actual install.  In the two days since, I have experience an odd screen blip every few minutes (almost as if something is trying to refresh).  Other than the obnoxious blip, it also closes down Windows explorer and cancels any file transfers that are in progress.  I then became aware of the codec pack virus and found Malwarebytes anti-malware download.  I have run it once and it quarantined a number of files but the blip/Windows Explorer crash continues.  Nothing shows up when I run my anti-virus scan either.  I had found a couple of other help threads regarding this virus on the forum but they appeared to be unique to each scenario.  Is this something that anyone could help me with?

 

Thanks in advance!

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Thank you for your help.

 

The FRST log is as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 08:25:30
Running from C:\Users\Tim\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.7\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe 
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-24] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll  <===== ATTENTION
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll  <===== ATTENTION
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=dsp&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.599\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.599\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.599\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.2 192.168.16.2 192.168.15.2
Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://www.espn.com/
CHR StartupUrls: "hxxp://www.espn.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]
CHR Extension: (Google Cast) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-11]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-01-05]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]
CHR Extension: (AVG SafeGuard) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1807896 2014-06-24] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 08:25 - 2014-07-29 08:25 - 00027490 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 08:24 - 2014-07-29 08:25 - 00000000 ____D () C:\FRST
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-27 10:25 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 08:25 - 2014-07-29 08:25 - 00027490 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 08:25 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST
2014-07-29 08:25 - 2013-11-22 08:54 - 01515472 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-29 08:25 - 2012-12-20 20:51 - 00084384 _____ () C:\Users\Tim\AppData\Local\BTServer.log
2014-07-29 08:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-28 22:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 22:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job
2014-07-28 22:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job
2014-07-28 22:38 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-28 22:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 18:58 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 16:36 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent
2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy
2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 16:41 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 16:41 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood
2014-07-27 10:46 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-07-27 10:46 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive
2014-07-27 10:45 - 2013-09-29 23:55 - 00030786 _____ () C:\WINDOWS\PFRO.log
2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-27 10:45 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-27 10:45 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-27 10:45 - 2013-08-08 20:24 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Search Protection
2014-07-27 10:45 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek
2014-07-27 10:44 - 2014-02-09 01:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DigitalSites
2014-07-27 10:44 - 2013-07-18 22:42 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\BabSolution
2014-07-27 10:44 - 2013-07-18 22:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DSite
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files
2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG
2014-07-27 07:19 - 2013-08-14 19:33 - 00000000 _____ () C:\END
2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-1001
2014-07-26 09:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics
2014-07-25 18:40 - 2013-08-22 10:46 - 00310714 _____ () C:\WINDOWS\setupact.log
2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful
2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job
 
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Tim\AppData\Local\Temp\htmlayout.dll
C:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-22 12:32
 
==================== End Of Log ============================
 
 
 
 
 
 
And the Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Tim at 2014-07-29 08:26:09
Running from C:\Users\Tim\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.599 - AVG Technologies)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.0.2827 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.0.2827 - MPC-HC Team) <==== ATTENTION
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)
Search Protection (HKCU\...\Search Protection) (Version: 9.4.0.2 - Spigot, Inc.) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony Pictures Download Manager (HKCU\...\2506994508.sonypicturesstore.com) (Version:  - sonypicturesstore.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll No File
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
27-07-2014 20:41:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {127CDD3B-0B04-48BC-B6FF-A205FDBC7307} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {185ACDE8-CDD5-4C0A-93E0-D9A83A389768} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1B0F3725-D62F-41D4-982A-3571D5CC11DC} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {1EB134D1-BE02-4319-8BBE-7839BE3850D0} - System32\Tasks\DSite => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35971A4E-E8E8-459B-8560-15E667EAA3F7} - \EPUpdater No Task File <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B2A8DB8-F480-4A51-9D99-5B15FE5689B8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {4D7F358E-3559-4F38-9080-E899F9B7672F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4EB1D0CB-194B-4919-BEF9-F3D579654A27} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {55410713-D490-454B-B48E-80575AF80DF5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-14] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AE55946-3A61-45AD-AE43-E22D27677BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {999B97B2-324F-4F28-8528-485B1412B781} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C208A2DF-7FEB-41C1-97D7-00EF3E92801F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {C5E91138-4C07-4969-895C-E167F436C43C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4D70300-DA85-4204-BA9F-F64EC7D26AFE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-24] (Synaptics Incorporated)
Task: {D6EDCD5B-5860-4840-B017-F1FBB4863049} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D71F0B38-9CED-4039-8B35-59ABEB221796} - System32\Tasks\Digital Sites => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D9A42156-0B29-4164-B9F6-472FB888F322} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB31FA52-4F06-498F-9C63-87A77B55A62E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF5D4ED3-B477-4D0B-AB69-A94A31E7B40F} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-12 17:06 - 2012-08-31 20:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-06-24 22:36 - 2014-06-24 22:36 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2012-12-12 17:11 - 2012-12-12 17:11 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-12 17:04 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-12-12 17:11 - 2012-12-12 17:11 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-12-12 17:10 - 2012-12-12 17:10 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2013-07-24 19:26 - 2014-06-24 22:36 - 02567192 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-05-23 22:22 - 2014-05-23 22:22 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-24 22:36 - 2014-06-24 22:36 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2014-07-26 23:21 - 2014-07-26 23:21 - 00809472 _____ () C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll
2014-07-27 10:46 - 2014-07-27 10:46 - 00098816 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32api.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00110080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pywintypes27.dll
2014-07-27 10:46 - 2014-07-27 10:46 - 00364544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pythoncom27.dll
2014-07-27 10:46 - 2014-07-27 10:46 - 00045568 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_socket.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 01160704 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_ssl.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00320512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32com.shell.shell.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00713216 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_hashlib.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 01175040 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._core_.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00805888 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._gdi_.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00811008 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._windows_.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 01062400 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._controls_.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00735232 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._misc_.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00128512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_elementtree.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00127488 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pyexpat.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00557056 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\pysqlite2._sqlite.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00007168 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\hashobjs_ext.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00087552 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_ctypes.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00119808 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32file.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00108544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32security.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00018432 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32event.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00038912 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32inet.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00070656 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._html2.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00167936 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32gui.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00011264 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32crypt.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00027136 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\_multiprocessing.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00122368 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._wizard.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00010240 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\select.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00024064 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32pipe.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00686080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\unicodedata.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00025600 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32pdh.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00525640 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\windows._lib_cacheinvalidation.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00035840 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32process.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00017408 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32profile.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00022528 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\win32ts.pyd
2014-07-27 10:46 - 2014-07-27 10:46 - 00078336 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33162\wx._animate.pyd
2012-12-12 17:10 - 2012-12-12 17:10 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2012-12-12 17:10 - 2012-12-12 17:10 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2012-12-12 17:03 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libexif.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKCU\...\StartupApproved\Run: => "DW7"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2014 08:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0x1e44
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 08:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0x2574
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 08:23:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0x7bc
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 08:22:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33250968
 
Error: (07/29/2014 08:22:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33250968
 
Error: (07/29/2014 08:22:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/29/2014 08:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33249750
 
Error: (07/29/2014 08:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33249750
 
Error: (07/29/2014 08:22:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/28/2014 11:08:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5625
 
 
System errors:
=============
Error: (07/20/2014 10:23:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (07/15/2014 07:18:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (07/12/2014 09:53:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:30 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:18 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:12 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:52:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 8071.27 MB
Available physical RAM: 5015.04 MB
Total Pagefile: 9607.27 MB
Available Pagefile: 5932.67 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:92.91 GB) (Free:23.64 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: CE05E53F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

Step 1

Please uninstall some programs:

  • Windows 8 w8.png: Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.
  • Select Programs and Features from the menu.
  • Search and select the following programs one by one and click on Uninstall:


    Media Player Classic - Home Cinema v1.5.0.2827
    Search Protection

  • Reboot your computer.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3


frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Link to post
Share on other sites

Report from AdwCleaner (Step 2) from your post:

 

# AdwCleaner v3.301 - Report created 29/07/2014 at 13:23:53
# Updated 28/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tim - TIMMMAAAAAY
# Running from : C:\Users\Tim\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Tim\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Tim\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Tim\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tim\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Tim\AppData\Roaming\DSite
Folder Deleted : C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5353d88ae768be43
Key Deleted : HKLM\SOFTWARE\5353d88ae768be43
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Soft-Now bundle
Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
*************************
 
AdwCleaner[R0].txt - [8728 octets] - [29/07/2014 13:21:48]
AdwCleaner[s0].txt - [8232 octets] - [29/07/2014 13:23:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8292 octets] ##########
Link to post
Share on other sites

Report from FRST (Step 3) from your post:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 13:27:35
Running from C:\Users\Tim\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe 
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll  <===== ATTENTION
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.2 192.168.16.2 192.168.15.2
Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 13:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-29 13:21 - 2014-07-29 13:24 - 00000000 ____D () C:\AdwCleaner
2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe
2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-07-29 08:25 - 2014-07-29 13:27 - 00020647 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 08:24 - 2014-07-29 13:27 - 00000000 ____D () C:\FRST
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-27 10:25 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 13:27 - 2014-07-29 08:25 - 00020647 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 13:27 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST
2014-07-29 13:26 - 2012-12-20 20:51 - 00101001 _____ () C:\Users\Tim\AppData\Local\BTServer.log
2014-07-29 13:25 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-07-29 13:25 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive
2014-07-29 13:25 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 13:24 - 2014-07-29 13:21 - 00000000 ____D () C:\AdwCleaner
2014-07-29 13:24 - 2013-11-22 08:54 - 01580077 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-29 13:24 - 2013-09-29 23:55 - 00031948 _____ () C:\WINDOWS\PFRO.log
2014-07-29 13:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-29 13:24 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-29 13:24 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-29 13:24 - 2013-07-24 19:26 - 00000000 ____D () C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar
2014-07-29 13:24 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek
2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe
2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 13:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-29 12:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 12:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job
2014-07-29 12:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job
2014-07-29 12:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job
2014-07-29 08:34 - 2013-08-22 10:46 - 00310753 _____ () C:\WINDOWS\setupact.log
2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-07-28 22:38 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 16:36 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent
2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy
2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood
2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files
2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG
2014-07-26 23:21 - 2014-07-26 23:21 - 00000000 ____D () C:\Users\Tim\AppData\Local\YrxcPack
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-1001
2014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics
2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful
2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job
 
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Tim\AppData\Local\Temp\htmlayout.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-22 12:32
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

After Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Fixlog.txt from Step 1 of previous post:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Tim at 2014-07-29 17:13:04 Run:1
Running from C:\Users\Tim\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [YrxcPack] => regsvr32.exe C:\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll  <===== ATTENTION
C:\Users\Tim\AppData\Local\YrxcPack\
Reboot:
*****************
 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YrxcPack => value deleted successfully.
C:\Users\Tim\AppData\Local\YrxcPack => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

FRST.txt from Step 2 of your previous post:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 17:17:20
Running from C:\Users\Tim\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe 
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.2 192.168.16.2 192.168.15.2
Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 13:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-29 13:21 - 2014-07-29 13:24 - 00000000 ____D () C:\AdwCleaner
2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe
2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-07-29 08:25 - 2014-07-29 17:17 - 00020329 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 08:24 - 2014-07-29 17:17 - 00000000 ____D () C:\FRST
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-27 10:25 - 2014-07-28 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 17:17 - 2014-07-29 08:25 - 00020329 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 17:17 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST
2014-07-29 17:16 - 2012-12-20 20:51 - 00009325 _____ () C:\Users\Tim\AppData\Local\BTServer.log
2014-07-29 17:15 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive
2014-07-29 17:14 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-07-29 17:14 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 17:13 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-29 17:13 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-29 17:13 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek
2014-07-29 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-29 16:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 16:40 - 2013-11-22 08:54 - 01594434 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-29 16:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job
2014-07-29 16:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job
2014-07-29 16:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job
2014-07-29 13:31 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-29 13:24 - 2014-07-29 13:21 - 00000000 ____D () C:\AdwCleaner
2014-07-29 13:24 - 2013-09-29 23:55 - 00031948 _____ () C:\WINDOWS\PFRO.log
2014-07-29 13:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-29 13:24 - 2013-07-24 19:26 - 00000000 ____D () C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar
2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe
2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 08:34 - 2013-08-22 10:46 - 00310753 _____ () C:\WINDOWS\setupact.log
2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 16:36 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent
2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy
2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood
2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files
2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-1001
2014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics
2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful
2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job
 
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Tim\AppData\Local\Temp\htmlayout.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-22 12:32
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

daumenhoch.gifgood job!

Let's do a final check up:

Step 1

Scan with mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

I am currently encountering problems trying to update the databases for Malwarebytes Anti-Malware.  I click the update button and it searches for a couple of minutes then gives me the message that the databases are out of date.  I then click the Update Now button and the same thing happens.  I am close to leaving work and will not have constant internet access.  I will continue trying to update the databases and hope that I can move onto your other steps.  I will post back here again when I am able!

Link to post
Share on other sites

Malwarebytes log from Step 1:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/29/2014
Scan Time: 5:32:14 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.29.07
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312510
Time Elapsed: 11 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
I will continue the next steps as I am able to!
Link to post
Share on other sites

Sorry for the delay...

 

Eset scanner log from step 2:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=be733cf0a24b1a43b98623847c9e5d00
# engine=19409
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-30 02:50:09
# local_time=2014-07-29 10:50:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 0 60494395 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4694738 30648302 0 0
# scanned=191938
# found=17
# cleaned=0
# scan_time=2482
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir"
sh=90DC74663B061C57279869D5166A4823EBE42F0B ft=1 fh=39111451eb2e0a1b vn="a variant of Win32/Packed.Themida.AAJ trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Tim\AppData\Local\YrxcPack\PCCS_ABAPI.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=7C9E6334CA2C8919DC343FDFB6EFD110482CB64B ft=1 fh=c71c00110f54a538 vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll"
sh=21C8BE4BE4CDC31FBDED0DAEC50E27C29C4198C3 ft=1 fh=054f9b991de7d1fb vn="a variant of Win32/Injector.BIWG trojan" ac=I fn="C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp584F.exe"
sh=EE7FCBBB5384145B90FBC405A62BC33328D7F97B ft=1 fh=a1e91ba2ae8a9207 vn="a variant of Win32/Injector.BITS trojan" ac=I fn="C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpAB9D.exe"
sh=7C9E6334CA2C8919DC343FDFB6EFD110482CB64B ft=1 fh=c71c00110f54a538 vn="a variant of Win64/Sathurbot.A trojan" ac=I fn="C:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dll"
sh=21C8BE4BE4CDC31FBDED0DAEC50E27C29C4198C3 ft=1 fh=054f9b991de7d1fb vn="a variant of Win32/Injector.BIWG trojan" ac=I fn="C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp584F.exe"
sh=EE7FCBBB5384145B90FBC405A62BC33328D7F97B ft=1 fh=a1e91ba2ae8a9207 vn="a variant of Win32/Injector.BITS trojan" ac=I fn="C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpAB9D.exe"
sh=D8430F4EA0815FB5AEF336B53F1612121B66D66E ft=1 fh=54dcaf6623a1c1ec vn="a variant of Win32/DomaIQ.BF potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=A7B0AA1B7F54D5CBA81BC92D34F6C444F457F615 ft=1 fh=f6fcc07cacecb5af vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe"
sh=D8557AC708E828868CED73454624143C1752AEC5 ft=1 fh=32c6bcee0f301040 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Temp\oi_5kqnQTE0sa\OIAssistWTD.exe"
sh=B5A959465A82776804C7CBBDCE7C3C7158B1F5FE ft=1 fh=3a9864896d9bd40a vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\Users\Tim\AppData\Local\Temp\~nsu.tmp\Au_.exe"
sh=D8557AC708E828868CED73454624143C1752AEC5 ft=1 fh=32c6bcee0f301040 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Tim\Downloads\install files\b84a291d6f2dd32622e3a7e1bb64aa0b_WinZip180.exe"
Link to post
Share on other sites

FRST.txt from Step 3:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Tim (administrator) on TIMMMAAAAAY on 29-07-2014 22:53:57
Running from C:\Users\Tim\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(David Ayton) C:\Program Files (x86)\CDisplay\CDisplay.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe 
HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)
HKLM\...\Run: [Lenovo Transition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2012-12-12] (Lenovo)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-12-12] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-08] (Spotify Ltd)
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {26744d86-ad5c-11e3-bea8-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a7e89f04-aa99-11e3-bea7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2566500704-406659886-728432584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ba26493a-0c11-11e4-beb7-2016d853353c} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={91352836-87B3-47B3-AF58-95C0F78CEE0C}&mid=a9d7237727404506aa5c250a4bfead3a-fc68406238f59e739c052d82acd2244b1a52f26c〈=en&ds=hk018&coid=avgtbdishk&pr=sa&d=2013-11-04 19:05:39&v=17.1.2.1&pid=%CMPID%&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {31D663F1-F699-4F8E-95F6-1B73E2ECD6A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {64CC2BFC-40E9-4C39-B624-30D68CEC567C} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.12 68.105.29.12
Tcpip\..\Interfaces\{2BE6D3F4-68B8-4748-8922-BE810BA8E0B2}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2E13D959-9E84-4373-B3CB-297BA1A8CF9E}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6E68B98B-B820-418A-9AED-37B320FB2749}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4E1A2E9-B72A-4C4C-97A5-4E0036420035}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-08-31] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-12-12] (Lenovo)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2012-12-12] (Lenovo)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 17:45 - 2014-07-29 17:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-29 17:44 - 2014-07-29 17:44 - 02347384 _____ (ESET) C:\Users\Tim\Desktop\esetsmartinstaller_enu.exe
2014-07-29 13:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-29 13:21 - 2014-07-29 13:24 - 00000000 ____D () C:\AdwCleaner
2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe
2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-07-29 08:25 - 2014-07-29 22:54 - 00022282 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 08:24 - 2014-07-29 22:53 - 00000000 ____D () C:\FRST
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 07:17 - 2014-07-28 07:21 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-28 07:16 - 2014-07-28 07:25 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-27 10:25 - 2014-07-29 17:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-27 10:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-27 10:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-25 11:04 - 2014-07-25 11:07 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:12 - 2014-07-21 22:25 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-14 22:36 - 2014-07-14 22:51 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-13 22:02 - 2014-07-14 20:59 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 15:06 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 15:06 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 15:06 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 15:06 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 15:06 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 15:06 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 15:06 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 15:06 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 15:06 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 15:06 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 15:06 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 15:06 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 15:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 15:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 15:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 15:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 15:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 15:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 15:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 15:05 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 15:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 15:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 15:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 15:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 15:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 15:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 15:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 15:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 15:04 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 15:04 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 15:04 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 15:04 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 15:04 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 15:04 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 15:04 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 08:36 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 08:36 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 08:30 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 22:54 - 2014-07-29 08:25 - 00022282 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-29 22:53 - 2014-07-29 08:24 - 00000000 ____D () C:\FRST
2014-07-29 22:52 - 2012-12-20 20:51 - 00013749 _____ () C:\Users\Tim\AppData\Local\BTServer.log
2014-07-29 22:39 - 2014-02-09 01:39 - 00000308 _____ () C:\WINDOWS\Tasks\Digital Sites.job
2014-07-29 22:39 - 2013-07-18 22:39 - 00000302 _____ () C:\WINDOWS\Tasks\DSite.job
2014-07-29 22:36 - 2014-01-11 22:06 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job
2014-07-29 22:21 - 2013-11-22 08:54 - 01619086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-29 22:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-29 18:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-29 17:45 - 2014-07-29 17:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-29 17:44 - 2014-07-29 17:44 - 02347384 _____ (ESET) C:\Users\Tim\Desktop\esetsmartinstaller_enu.exe
2014-07-29 17:32 - 2014-07-27 10:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 17:20 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-29 17:15 - 2012-12-21 22:35 - 00000000 ___RD () C:\Users\Tim\Google Drive
2014-07-29 17:14 - 2013-11-22 08:59 - 00000000 __RDO () C:\Users\Tim\SkyDrive
2014-07-29 17:14 - 2012-12-20 21:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 17:13 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-29 17:13 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-29 17:13 - 2012-12-12 17:06 - 00000000 ____D () C:\ProgramData\Realtek
2014-07-29 16:58 - 2012-12-20 21:02 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 13:24 - 2014-07-29 13:21 - 00000000 ____D () C:\AdwCleaner
2014-07-29 13:24 - 2013-09-29 23:55 - 00031948 _____ () C:\WINDOWS\PFRO.log
2014-07-29 13:24 - 2013-07-24 19:26 - 00000000 ____D () C:\Users\Tim\AppData\Local\AVG SafeGuard toolbar
2014-07-29 13:20 - 2014-07-29 13:20 - 01365551 _____ () C:\Users\Tim\Desktop\AdwCleaner.exe
2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 13:18 - 2014-01-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 08:34 - 2013-08-22 10:46 - 00310753 _____ () C:\WINDOWS\setupact.log
2014-07-29 08:26 - 2014-07-29 08:26 - 00037027 _____ () C:\Users\Tim\Desktop\Addition.txt
2014-07-28 22:27 - 2014-07-28 22:27 - 02093568 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-28 07:29 - 2013-01-01 23:39 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\uTorrent
2014-07-28 07:25 - 2014-07-28 07:16 - 385828066 _____ () C:\Users\Tim\Downloads\True.Blood.S07E06.HDTV.x264-2HD.mp4
2014-07-28 07:21 - 2014-07-28 07:17 - 301114199 _____ () C:\Users\Tim\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-07-27 19:49 - 2014-02-08 04:38 - 00000000 ____D () C:\Users\Tim\Downloads\Sons of Anarchy
2014-07-27 16:42 - 2014-01-09 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 10:55 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Tim\Downloads\True Blood
2014-07-27 10:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-27 10:24 - 2014-07-27 10:24 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 10:24 - 2014-07-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-27 10:22 - 2012-12-29 10:06 - 00000000 ____D () C:\Users\Tim\Downloads\install files
2014-07-27 07:39 - 2013-07-26 19:39 - 00000064 _____ () C:\Users\Tim\AppData\Roaming\WB.CFG
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieUserList
2014-07-26 23:20 - 2014-07-26 23:20 - 00000000 __SHD () C:\Users\Tim\AppData\Local\EmieSiteList
2014-07-26 11:38 - 2012-12-20 20:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2566500704-406659886-728432584-1001
2014-07-25 23:36 - 2013-01-30 21:08 - 00000000 ____D () C:\Users\Tim\Downloads\comics
2014-07-25 11:07 - 2014-07-25 11:04 - 00000000 ____D () C:\Users\Tim\Downloads\Smith and Myers (Acoustic Sessions) EP (Digital)
2014-07-21 22:25 - 2014-07-21 22:12 - 300013285 _____ () C:\Users\Tim\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-07-19 10:08 - 2014-05-12 19:32 - 00000000 ____D () C:\Users\Tim\Downloads\Penny Dreadful
2014-07-16 16:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-16 07:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-15 07:23 - 2013-05-16 08:09 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 07:20 - 2013-07-30 22:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-15 07:18 - 2013-08-22 10:44 - 00487744 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-15 07:17 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 07:17 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 22:51 - 2014-07-14 22:36 - 582793391 _____ () C:\Users\Tim\Downloads\the.strain.s01e01.hdtv.x264-2hd.mp4
2014-07-14 20:59 - 2014-07-13 22:02 - 1550180333 _____ () C:\Users\Tim\Downloads\Doctor Who 2005 - 2013 Christmas Special (The Time of The Doctor) [720p].mp4
2014-07-14 20:49 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 20:48 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-14 20:48 - 2012-12-21 23:10 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-14 20:47 - 2014-07-14 20:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-14 20:47 - 2012-12-21 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 13:26 - 2012-12-21 21:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iTunes
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 03:47 - 2014-07-12 03:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-10 22:24 - 2013-08-08 20:24 - 00000890 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-07-09 22:26 - 2014-07-09 22:26 - 00000800 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2014-07-08 22:59 - 2012-12-21 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-04 08:03 - 2013-04-13 07:51 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 21:56 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-06-29 06:36 - 2014-01-11 22:06 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job
 
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Tim\AppData\Local\Temp\htmlayout.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Tim\AppData\Local\Temp\SearchProtectionSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-22 12:32
 
==================== End Of Log ============================
Link to post
Share on other sites

And Addition.txt from Step 3:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Tim at 2014-07-29 22:54:31
Running from C:\Users\Tim\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.9 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.47.51 - Conexant)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony Pictures Download Manager (HKCU\...\2506994508.sonypicturesstore.com) (Version:  - sonypicturesstore.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll No File
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2566500704-406659886-728432584-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
27-07-2014 20:41:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {127CDD3B-0B04-48BC-B6FF-A205FDBC7307} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {185ACDE8-CDD5-4C0A-93E0-D9A83A389768} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1B0F3725-D62F-41D4-982A-3571D5CC11DC} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {1EB134D1-BE02-4319-8BBE-7839BE3850D0} - System32\Tasks\DSite => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35971A4E-E8E8-459B-8560-15E667EAA3F7} - \EPUpdater No Task File <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B2A8DB8-F480-4A51-9D99-5B15FE5689B8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {4D7F358E-3559-4F38-9080-E899F9B7672F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4EB1D0CB-194B-4919-BEF9-F3D579654A27} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {55410713-D490-454B-B48E-80575AF80DF5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-14] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AE55946-3A61-45AD-AE43-E22D27677BAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {999B97B2-324F-4F28-8528-485B1412B781} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C208A2DF-7FEB-41C1-97D7-00EF3E92801F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.)
Task: {C5E91138-4C07-4969-895C-E167F436C43C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4D70300-DA85-4204-BA9F-F64EC7D26AFE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-24] (Synaptics Incorporated)
Task: {D6EDCD5B-5860-4840-B017-F1FBB4863049} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D71F0B38-9CED-4039-8B35-59ABEB221796} - System32\Tasks\Digital Sites => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D9A42156-0B29-4164-B9F6-472FB888F322} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB31FA52-4F06-498F-9C63-87A77B55A62E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF5D4ED3-B477-4D0B-AB69-A94A31E7B40F} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Tim\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\Tim\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001Core.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2566500704-406659886-728432584-1001UA.job => C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-12 17:06 - 2012-08-31 20:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2012-12-12 17:11 - 2012-12-12 17:11 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-12 17:04 - 2010-10-26 00:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-12-12 17:11 - 2012-12-12 17:11 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2012-12-12 17:10 - 2012-12-12 17:10 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2014-07-26 23:19 - 2014-07-26 23:19 - 02604032 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll
2014-07-26 23:19 - 2014-07-26 23:19 - 02180096 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2012-07-16 04:49 - 2012-07-16 04:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 17:11 - 2012-12-12 17:11 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2012-12-12 17:11 - 2012-12-12 17:11 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2012-12-12 17:11 - 2012-12-12 17:11 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2014-07-29 17:15 - 2014-07-29 17:15 - 00098816 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32api.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00110080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pywintypes27.dll
2014-07-29 17:15 - 2014-07-29 17:15 - 00364544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pythoncom27.dll
2014-07-29 17:15 - 2014-07-29 17:15 - 00045568 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_socket.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 01160704 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_ssl.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00320512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32com.shell.shell.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00713216 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_hashlib.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 01175040 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._core_.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00805888 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._gdi_.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00811008 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._windows_.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 01062400 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._controls_.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00735232 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._misc_.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00128512 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_elementtree.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00127488 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pyexpat.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00557056 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\pysqlite2._sqlite.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00007168 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\hashobjs_ext.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00087552 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_ctypes.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00119808 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32file.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00108544 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32security.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00018432 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32event.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00038912 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32inet.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00070656 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._html2.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00167936 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32gui.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00011264 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32crypt.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00027136 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\_multiprocessing.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00122368 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._wizard.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00010240 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\select.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00024064 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32pipe.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00686080 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\unicodedata.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00025600 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32pdh.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00525640 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\windows._lib_cacheinvalidation.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00035840 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32process.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00017408 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32profile.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00022528 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\win32ts.pyd
2014-07-29 17:15 - 2014-07-29 17:15 - 00078336 _____ () C:\Users\Tim\AppData\Local\Temp\_MEI33082\wx._animate.pyd
2012-12-12 17:10 - 2012-12-12 17:10 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2012-12-12 17:10 - 2012-12-12 17:10 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 17:00 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2012-12-12 17:03 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2002-05-14 19:26 - 2002-05-14 19:26 - 00158208 _____ () C:\Program Files (x86)\CDisplay\UNRAR.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Tim\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKCU\...\StartupApproved\Run: => "DW7"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2014 10:52:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/29/2014 10:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0xc54
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 10:51:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/29/2014 10:50:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/29/2014 10:50:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0x674
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 10:49:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/29/2014 10:49:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0x1688
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 10:48:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (07/29/2014 10:48:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: CryptoProvider.dll_unloaded, version: 1.0.0.1, time stamp: 0x53c3c81f
Exception code: 0xc0000005
Fault offset: 0x00000000000139e8
Faulting process id: 0x1644
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (07/29/2014 10:47:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (07/20/2014 10:23:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (07/15/2014 07:18:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (07/12/2014 09:53:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:30 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:18 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:12 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:53:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
Error: (07/12/2014 09:52:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR8, has a bad block.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 8071.27 MB
Available physical RAM: 5936.62 MB
Total Pagefile: 9607.27 MB
Available Pagefile: 7198.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:92.91 GB) (Free:23.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: CE05E53F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

 

Step 1

Please download tdsskiller.pngTDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).

    Copy and paste its contents in your next reply.

Link to post
Share on other sites

In parts due to length:

 

15:58:05.0766 0x0f00  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

15:58:05.0766 0x0f00  UEFI system

15:58:06.0110 0x0f00  ============================================================

15:58:06.0110 0x0f00  Current date / time: 2014/07/30 15:58:06.0110

15:58:06.0110 0x0f00  SystemInfo:

15:58:06.0110 0x0f00  

15:58:06.0110 0x0f00  OS Version: 6.3.9600 ServicePack: 0.0

15:58:06.0110 0x0f00  Product type: Workstation

15:58:06.0110 0x0f00  ComputerName: TIMMMAAAAAY

15:58:06.0110 0x0f00  UserName: Tim

15:58:06.0110 0x0f00  Windows directory: C:\WINDOWS

15:58:06.0110 0x0f00  System windows directory: C:\WINDOWS

15:58:06.0110 0x0f00  Running under WOW64

15:58:06.0110 0x0f00  Processor architecture: Intel x64

15:58:06.0110 0x0f00  Number of processors: 4

15:58:06.0110 0x0f00  Page size: 0x1000

15:58:06.0110 0x0f00  Boot type: Normal boot

15:58:06.0110 0x0f00  ============================================================

15:58:06.0110 0x0f00  BG loaded

15:58:06.0219 0x0f00  System UUID: {53A15526-03E1-59ED-438E-71E7244C5E7D}

15:58:06.0813 0x0f00  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:58:06.0813 0x0f00  ============================================================

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0:

15:58:06.0813 0x0f00  GPT partitions:

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {36FB0CB4-1667-4BCB-B5FE-B326A4F99186}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3AAB3093-37A3-4794-B9C6-764EBCCD63C5}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {80F24A1A-6C4B-4BA1-ADF5-DA09975ACD33}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {835E70B1-1E37-4E71-B37F-B9D661B39DAB}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EC416C69-C753-4303-9B2C-6D05CD5901E9}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0xB9D1800

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AC95342E-35B9-4165-BCE2-7E85DBBF231E}, Name: Basic data partition, StartLBA 0xBE7C000, BlocksNum 0x800000

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {15DD30FC-A5DD-4DB7-846D-A3D369B56D07}, Name: Basic data partition, StartLBA 0xC67C000, BlocksNum 0x1000000

15:58:06.0813 0x0f00  \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1CAD5B5D-089D-4088-A01E-42FC234314EA}, Name: Basic data partition, StartLBA 0xD67C000, BlocksNum 0x1800000

15:58:06.0813 0x0f00  MBR partitions:

15:58:06.0813 0x0f00  ============================================================

15:58:06.0813 0x0f00  C: <-> \Device\Harddisk0\DR0\Partition5

15:58:06.0813 0x0f00  D: <-> \Device\Harddisk0\DR0\Partition6

15:58:06.0813 0x0f00  ============================================================

15:58:06.0813 0x0f00  Initialize success

15:58:06.0813 0x0f00  ============================================================

15:59:02.0903 0x16fc  ============================================================

15:59:02.0903 0x16fc  Scan started

15:59:02.0903 0x16fc  Mode: Manual; SigCheck; TDLFS; 

15:59:02.0903 0x16fc  ============================================================

15:59:02.0903 0x16fc  KSN ping started

15:59:05.0434 0x16fc  KSN ping finished: true

15:59:05.0789 0x16fc  ================ Scan system memory ========================

15:59:05.0789 0x16fc  System memory - ok

15:59:05.0790 0x16fc  ================ Scan services =============================

15:59:05.0861 0x16fc  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys

15:59:05.0994 0x16fc  1394ohci - ok

15:59:06.0011 0x16fc  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys

15:59:06.0038 0x16fc  3ware - ok

15:59:06.0067 0x16fc  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys

15:59:06.0135 0x16fc  ACPI - ok

15:59:06.0146 0x16fc  [ A273E88FAC37A4F819ED99FE4B642F4D, 994DC229B7B4379852928DF0B22E8E575AB239FD8904AF580AA36A44ED717CD9 ] acpials         C:\WINDOWS\system32\DRIVERS\acpials.sys

15:59:06.0166 0x16fc  acpials - ok

15:59:06.0175 0x16fc  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys

15:59:06.0202 0x16fc  acpiex - ok

15:59:06.0210 0x16fc  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys

15:59:06.0237 0x16fc  acpipagr - ok

15:59:06.0247 0x16fc  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys

15:59:06.0272 0x16fc  AcpiPmi - ok

15:59:06.0279 0x16fc  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys

15:59:06.0304 0x16fc  acpitime - ok

15:59:06.0315 0x16fc  [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys

15:59:06.0347 0x16fc  ACPIVPC - ok

15:59:06.0356 0x16fc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:59:06.0382 0x16fc  AdobeARMservice - ok

15:59:06.0410 0x16fc  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS

15:59:06.0463 0x16fc  ADP80XX - ok

15:59:06.0479 0x16fc  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll

15:59:06.0502 0x16fc  AeLookupSvc - ok

15:59:06.0524 0x16fc  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys

15:59:06.0557 0x16fc  AFD - ok

15:59:06.0568 0x16fc  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys

15:59:06.0593 0x16fc  agp440 - ok

15:59:06.0604 0x16fc  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys

15:59:06.0635 0x16fc  ahcache - ok

15:59:06.0644 0x16fc  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe

15:59:06.0684 0x16fc  ALG - ok

15:59:06.0694 0x16fc  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys

15:59:06.0724 0x16fc  AmdK8 - ok

15:59:06.0738 0x16fc  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys

15:59:06.0761 0x16fc  AmdPPM - ok

15:59:06.0771 0x16fc  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys

15:59:06.0804 0x16fc  amdsata - ok

15:59:06.0818 0x16fc  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys

15:59:06.0855 0x16fc  amdsbs - ok

15:59:06.0865 0x16fc  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys

15:59:06.0888 0x16fc  amdxata - ok

15:59:06.0912 0x16fc  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

15:59:06.0947 0x16fc  AntiVirSchedulerService - ok

15:59:06.0964 0x16fc  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

15:59:06.0997 0x16fc  AntiVirService - ok

15:59:07.0032 0x16fc  [ 1BF085C13A8F62E056E6201AFCF5E675, 8768E18A536ACCF3A0F0E31F9B5FF30054ACCF1CC0E77AC7A386EDBDFC663C63 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

15:59:07.0090 0x16fc  AntiVirWebService - ok

15:59:07.0104 0x16fc  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys

15:59:07.0138 0x16fc  AppID - ok

15:59:07.0150 0x16fc  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll

15:59:07.0178 0x16fc  AppIDSvc - ok

15:59:07.0188 0x16fc  [ 8D6F535461F6CFF75A8ADDF83024C904, F2A97EC4A6284F28B685A3CE2D450F61E75EE8692D718A6AA352D5734BBBAD7B ] Appinfo         C:\WINDOWS\System32\appinfo.dll

15:59:07.0215 0x16fc  Appinfo - ok

15:59:07.0225 0x16fc  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:59:07.0251 0x16fc  Apple Mobile Device - ok

15:59:07.0281 0x16fc  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll

15:59:07.0338 0x16fc  AppReadiness - ok

15:59:07.0385 0x16fc  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll

15:59:07.0447 0x16fc  AppXSvc - ok

15:59:07.0459 0x16fc  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys

15:59:07.0492 0x16fc  arcsas - ok

15:59:07.0499 0x16fc  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys

15:59:07.0525 0x16fc  atapi - ok

15:59:07.0541 0x16fc  [ 886767FD022213F7885416134E9082E5, E248D82210FBEBF62C23EBEC74A976B2D1A4E62D3B7638D95B2574B77BA05DD0 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll

15:59:07.0563 0x16fc  AudioEndpointBuilder - ok

15:59:07.0592 0x16fc  [ 79B134ECE836B406B212E28C24011538, 1B875DD23CCAD8A2759DCDBCDCF3DE14231B9DB5EEC8E84FE081E41A52A047A1 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll

15:59:07.0635 0x16fc  Audiosrv - ok

15:59:07.0652 0x16fc  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys

15:59:07.0680 0x16fc  avgntflt - ok

15:59:07.0687 0x16fc  [ 7688C67BDF55500C1FDC8291230C397D, 68A4C3D7F7043C73113B1EE7A3DD8E98BC1D6F54CA7E4E1BFB2333A75CDE2DE0 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx64.sys

15:59:07.0711 0x16fc  avgtp - ok

15:59:07.0724 0x16fc  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys

15:59:07.0749 0x16fc  avipbb - ok

15:59:07.0757 0x16fc  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys

15:59:07.0784 0x16fc  avkmgr - ok

15:59:07.0797 0x16fc  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll

15:59:07.0826 0x16fc  AxInstSV - ok

15:59:07.0850 0x16fc  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys

15:59:07.0898 0x16fc  b06bdrv - ok

15:59:07.0905 0x16fc  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys

15:59:07.0935 0x16fc  BasicDisplay - ok

15:59:07.0944 0x16fc  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys

15:59:07.0966 0x16fc  BasicRender - ok

15:59:07.0977 0x16fc  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys

15:59:07.0995 0x16fc  bcmfn2 - ok

15:59:08.0010 0x16fc  [ 5BD3A2351BEFCAC8757626271F8EFA89, 6508673210129CF7EFCA93EC7874208FAD361E37814EB4FE9E0EC034E73D5F16 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll

15:59:08.0047 0x16fc  BDESVC - ok

15:59:08.0053 0x16fc  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

15:59:08.0077 0x16fc  Beep - ok

15:59:08.0106 0x16fc  [ BBE15881FE11BE37112F8320C41DAFB9, 5CE92563628812FF6E00556D8E2DAD6ADCAAF0F4C3B90123F1D98ED6E3BB6DAD ] BFE             C:\WINDOWS\System32\bfe.dll

15:59:08.0148 0x16fc  BFE - ok

15:59:08.0189 0x16fc  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll

15:59:08.0247 0x16fc  BITS - ok

15:59:08.0270 0x16fc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:59:08.0301 0x16fc  Bonjour Service - ok

15:59:08.0318 0x16fc  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys

15:59:08.0348 0x16fc  bowser - ok

15:59:08.0367 0x16fc  [ F2559A492AF8D653D1F47ADABA4C3E97, 77347915FB433023769699DFC9511F54E69C7FC7AB75F57FDC1A58E64A7126DE ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll

15:59:08.0397 0x16fc  BrokerInfrastructure - ok

15:59:08.0409 0x16fc  [ D528D6A92D187777691993DD757AF19A, 2C79978310193431E5FC462368424A172858D5351C92D4815C2A7E35B5DDE50C ] Browser         C:\WINDOWS\System32\browser.dll

15:59:08.0445 0x16fc  Browser - ok

15:59:08.0458 0x16fc  [ FEA76BD5593F021E0422A3A1CE6DC07B, DBD0AFE012AFBB89C6CF2266A0B2EC89DE907E3A158F9722FCD5AD85A612D892 ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe

15:59:08.0470 0x16fc  BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )

15:59:11.0068 0x16fc  Detect skipped due to KSN trusted

15:59:11.0068 0x16fc  BTDevManager - ok

15:59:11.0081 0x16fc  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys

15:59:11.0115 0x16fc  BthAvrcpTg - ok

15:59:11.0131 0x16fc  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys

15:59:11.0164 0x16fc  BthEnum - ok

15:59:11.0177 0x16fc  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys

15:59:11.0208 0x16fc  BthHFEnum - ok

15:59:11.0224 0x16fc  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys

15:59:11.0253 0x16fc  bthhfhid - ok

15:59:11.0269 0x16fc  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys

15:59:11.0315 0x16fc  BthLEEnum - ok

15:59:11.0331 0x16fc  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys

15:59:11.0365 0x16fc  BTHMODEM - ok

15:59:11.0380 0x16fc  [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys

15:59:11.0418 0x16fc  BthPan - ok

15:59:11.0481 0x16fc  [ 92370F46AF28D54B67C135FA8C2AFCFC, B1C0DBF27D392DEA8786AB9479C6CCD5A5DBDF3BE25ABA5FC7C6DB6D3EEE739B ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys

15:59:11.0567 0x16fc  BTHPORT - ok

15:59:11.0590 0x16fc  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll

15:59:11.0612 0x16fc  bthserv - ok

15:59:11.0624 0x16fc  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys

15:59:11.0670 0x16fc  BTHUSB - ok


15:59:11.0679 0x16fc  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys

15:59:11.0720 0x16fc  cdfs - ok

15:59:11.0735 0x16fc  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys

15:59:11.0797 0x16fc  cdrom - ok

15:59:11.0812 0x16fc  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll

15:59:11.0860 0x16fc  CertPropSvc - ok

15:59:11.0872 0x16fc  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys

15:59:11.0900 0x16fc  circlass - ok

15:59:11.0919 0x16fc  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys

15:59:11.0964 0x16fc  CLFS - ok

15:59:11.0996 0x16fc  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys

15:59:12.0022 0x16fc  CmBatt - ok

15:59:12.0046 0x16fc  [ 1CD3A907D64D08F49208DA00B69BF35E, ABBD70FFCA0DE2274D855AFC08BF7BC0AA6D44EFC9FDBF7DF44B73CD5C210E28 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys

15:59:12.0108 0x16fc  CNG - ok

15:59:12.0202 0x16fc  [ B4C97854D48060EF8891B53AF3990D15, 5BD03C79954566DDDB58A73B0C735112CB24F1C090E0AB553595DC65D02CFFCC ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys

15:59:12.0348 0x16fc  CnxtHdAudService - ok

15:59:12.0364 0x16fc  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys

15:59:12.0409 0x16fc  CompositeBus - ok

15:59:12.0415 0x16fc  COMSysApp - ok

15:59:12.0425 0x16fc  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys

15:59:12.0450 0x16fc  condrv - ok

15:59:12.0508 0x16fc  [ 034643AFE2973A175E782AE530A0683C, C488572B971144D8A10F6EC8480175868913942896144D38BF49E3D8D1BC54F3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

15:59:12.0565 0x16fc  cphs - ok

15:59:12.0591 0x16fc  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll

15:59:12.0621 0x16fc  CryptSvc - ok

15:59:12.0640 0x16fc  [ 48AED45DF009081AF3F5144F7D624674, 4425C15EB9E1177EE5134A33F63DAF7FF876577946DBF1EAD92C5614025113BB ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe

15:59:12.0675 0x16fc  CxAudMsg - ok

15:59:12.0694 0x16fc  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys

15:59:12.0823 0x16fc  dam - ok

15:59:12.0874 0x16fc  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

15:59:13.0042 0x16fc  DcomLaunch - ok

15:59:13.0069 0x16fc  [ AF3FF97AC2A73E70F8A8D11FB694175B, 3AA25BF9DED08056F52ACF246118C13C8816B5E8AA4D8606DB7DAB4E4E6A9169 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll

15:59:13.0133 0x16fc  defragsvc - ok

15:59:13.0166 0x16fc  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll

15:59:13.0229 0x16fc  DeviceAssociationService - ok

15:59:13.0257 0x16fc  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll

15:59:13.0333 0x16fc  DeviceInstall - ok

15:59:13.0345 0x16fc  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys

15:59:13.0394 0x16fc  Dfsc - ok

15:59:13.0423 0x16fc  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys

15:59:13.0462 0x16fc  dg_ssudbus - ok

15:59:13.0480 0x16fc  [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll

15:59:13.0531 0x16fc  Dhcp - ok

15:59:13.0555 0x16fc  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys

15:59:13.0608 0x16fc  disk - ok

15:59:13.0619 0x16fc  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys

15:59:13.0649 0x16fc  dmvsc - ok

15:59:13.0667 0x16fc  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

15:59:13.0699 0x16fc  Dnscache - ok

15:59:13.0717 0x16fc  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll

15:59:13.0766 0x16fc  dot3svc - ok

15:59:13.0786 0x16fc  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll

15:59:13.0828 0x16fc  DPS - ok

15:59:13.0838 0x16fc  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

15:59:13.0864 0x16fc  drmkaud - ok

15:59:13.0878 0x16fc  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll

15:59:13.0919 0x16fc  DsmSvc - ok

15:59:14.0009 0x16fc  [ C7D252742946DD395670649742FBD73D, 333CC984CF318D36EA8C5867077A1732A214445EB6B7CF7AC2E8F1C8259CD9C7 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys

15:59:14.0159 0x16fc  DXGKrnl - ok

15:59:14.0175 0x16fc  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll

15:59:14.0211 0x16fc  Eaphost - ok

15:59:14.0336 0x16fc  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys

15:59:14.0533 0x16fc  ebdrv - ok

15:59:14.0550 0x16fc  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe

15:59:14.0573 0x16fc  EFS - ok

15:59:14.0586 0x16fc  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys

15:59:14.0615 0x16fc  EhStorClass - ok

15:59:14.0629 0x16fc  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys

15:59:14.0668 0x16fc  EhStorTcgDrv - ok

15:59:14.0679 0x16fc  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys

15:59:14.0703 0x16fc  ErrDev - ok

15:59:14.0734 0x16fc  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll

15:59:14.0778 0x16fc  EventSystem - ok

15:59:14.0793 0x16fc  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys

15:59:14.0832 0x16fc  exfat - ok

15:59:14.0847 0x16fc  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys

15:59:14.0882 0x16fc  fastfat - ok

15:59:14.0907 0x16fc  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe

15:59:14.0971 0x16fc  Fax - ok

15:59:14.0978 0x16fc  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys

15:59:15.0003 0x16fc  fdc - ok

15:59:15.0011 0x16fc  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll

15:59:15.0040 0x16fc  fdPHost - ok

15:59:15.0045 0x16fc  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll

15:59:15.0078 0x16fc  FDResPub - ok

15:59:15.0094 0x16fc  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll

15:59:15.0122 0x16fc  fhsvc - ok

15:59:15.0134 0x16fc  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys

15:59:15.0162 0x16fc  FileInfo - ok

15:59:15.0170 0x16fc  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys

15:59:15.0206 0x16fc  Filetrace - ok

15:59:15.0222 0x16fc  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys

15:59:15.0258 0x16fc  flpydisk - ok

15:59:15.0275 0x16fc  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys

15:59:15.0326 0x16fc  FltMgr - ok

15:59:15.0374 0x16fc  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll

15:59:15.0433 0x16fc  FontCache - ok

15:59:15.0445 0x16fc  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:59:15.0470 0x16fc  FontCache3.0.0.0 - ok

15:59:15.0482 0x16fc  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys

15:59:15.0505 0x16fc  FsDepends - ok

15:59:15.0512 0x16fc  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:59:15.0532 0x16fc  Fs_Rec - ok

15:59:15.0556 0x16fc  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys

15:59:15.0587 0x16fc  fvevol - ok

15:59:15.0604 0x16fc  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys

15:59:15.0621 0x16fc  FxPPM - ok

15:59:15.0631 0x16fc  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys

15:59:15.0657 0x16fc  gagp30kx - ok

15:59:15.0664 0x16fc  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:59:15.0682 0x16fc  GEARAspiWDM - ok

15:59:15.0691 0x16fc  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys

15:59:15.0714 0x16fc  gencounter - ok

15:59:15.0726 0x16fc  [ EF3AE7773394DF49CE74AF78A1C8D23D, CB12FF004C460A89F12AFF2467512B479A07CA10D4280CD4E624A5A9CDAB9C1B ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys

15:59:15.0757 0x16fc  GPIOClx0101 - ok

15:59:15.0804 0x16fc  [ 383DA813409316D69603C1D849834D24, E1AAD3AB567457B00B8A378D5BA37ED653EE451FF79D071A8815FB8B1EB90DAF ] gpsvc           C:\WINDOWS\System32\gpsvc.dll

15:59:15.0890 0x16fc  gpsvc - ok

15:59:15.0901 0x16fc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:59:15.0915 0x16fc  gupdate - ok

15:59:15.0921 0x16fc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:59:15.0939 0x16fc  gupdatem - ok

15:59:15.0949 0x16fc  [ 498288DD5CA42C2D36D125893E968C53, 03B62FA51F9195D77170DCEFF3A93A6898AA96FB610044DDAE83767DA12745C5 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys

15:59:15.0979 0x16fc  HDAudBus - ok

15:59:15.0992 0x16fc  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys

15:59:16.0012 0x16fc  HidBatt - ok

15:59:16.0021 0x16fc  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys

15:59:16.0050 0x16fc  HidBth - ok

15:59:16.0057 0x16fc  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys

15:59:16.0085 0x16fc  hidi2c - ok

15:59:16.0095 0x16fc  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys

15:59:16.0116 0x16fc  HidIr - ok

15:59:16.0124 0x16fc  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll

15:59:16.0144 0x16fc  hidserv - ok

15:59:16.0153 0x16fc  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys

15:59:16.0178 0x16fc  HidUsb - ok

15:59:16.0193 0x16fc  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll

15:59:16.0220 0x16fc  hkmsvc - ok

15:59:16.0237 0x16fc  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll

15:59:16.0269 0x16fc  HomeGroupListener - ok

15:59:16.0292 0x16fc  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll

15:59:16.0324 0x16fc  HomeGroupProvider - ok

15:59:16.0341 0x16fc  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys

15:59:16.0368 0x16fc  HpSAMD - ok

15:59:16.0409 0x16fc  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys

15:59:16.0460 0x16fc  HTTP - ok

15:59:16.0469 0x16fc  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys

15:59:16.0489 0x16fc  hwpolicy - ok

15:59:16.0498 0x16fc  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys

15:59:16.0521 0x16fc  hyperkbd - ok

15:59:16.0531 0x16fc  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys

15:59:16.0554 0x16fc  HyperVideo - ok

15:59:16.0563 0x16fc  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys

15:59:16.0603 0x16fc  i8042prt - ok

15:59:16.0614 0x16fc  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys

15:59:16.0635 0x16fc  iaLPSSi_GPIO - ok

15:59:16.0647 0x16fc  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys

15:59:16.0672 0x16fc  iaLPSSi_I2C - ok

15:59:16.0700 0x16fc  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys

15:59:16.0750 0x16fc  iaStorAV - ok

15:59:16.0772 0x16fc  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys

15:59:16.0812 0x16fc  iaStorV - ok

15:59:16.0884 0x16fc  [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

15:59:16.0998 0x16fc  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )

15:59:19.0696 0x16fc  IconMan_R ( UnsignedFile.Multi.Generic ) - warning

15:59:19.0696 0x16fc  Force sending object to P2P due to detect: IconMan_R

15:59:22.0384 0x16fc  Object send P2P result: true

15:59:24.0922 0x16fc  IEEtwCollectorService - ok

15:59:25.0067 0x16fc  [ 7A5A61997B5404C8EDDFCC62378164DC, C2BCA8A2AA2DFCCF3489FC7F0F366ABBDC8606CFC6397CD7B17C8CD4A28DD17F ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys

15:59:25.0294 0x16fc  igfx - ok

15:59:25.0345 0x16fc  [ CFE7F0267B0C3077042FF291949B5546, 7B8C432632D0210119BFF57D4994F2B8F75307A9D6867353AF93BBA3F561595B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll

15:59:25.0415 0x16fc  IKEEXT - ok


15:59:25.0429 0x16fc  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys

15:59:25.0451 0x16fc  intaud_WaveExtensible - ok

15:59:25.0469 0x16fc  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys

15:59:25.0504 0x16fc  IntcDAud - ok

15:59:25.0531 0x16fc  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

15:59:25.0580 0x16fc  Intel® Capability Licensing Service Interface - ok

15:59:25.0594 0x16fc  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys

15:59:25.0616 0x16fc  intelide - ok

15:59:25.0625 0x16fc  [ 139CFCDCD36B1B1782FD8C0014AC9B0E, E0D7E0E9B46A8CECE138D689820023BFA650FB689E4FD62855BED37E04F2D9FF ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys

15:59:25.0652 0x16fc  intelpep - ok

15:59:25.0667 0x16fc  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys

15:59:25.0699 0x16fc  intelppm - ok

15:59:25.0711 0x16fc  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:59:25.0747 0x16fc  IpFilterDriver - ok

15:59:25.0788 0x16fc  [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll

15:59:25.0841 0x16fc  iphlpsvc - ok

15:59:25.0857 0x16fc  [ FD9C9E9E3F0ED51502C7E8C066BE26B9, 290E74380F1543DD22C9F3821513B3E2FB42E995724238D8779CBBCB4FC386C8 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys

15:59:25.0890 0x16fc  IPMIDRV - ok

15:59:25.0908 0x16fc  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys

15:59:25.0946 0x16fc  IPNAT - ok

15:59:25.0973 0x16fc  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

15:59:26.0004 0x16fc  iPod Service - ok

15:59:26.0015 0x16fc  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys

15:59:26.0050 0x16fc  IRENUM - ok

15:59:26.0056 0x16fc  [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv        C:\WINDOWS\System32\drivers\irstrtdv.sys

15:59:26.0081 0x16fc  irstrtdv - ok

15:59:26.0111 0x16fc  [ E145E934392E7A49FDC6775AC3A347F8, 8E5DBC8C34FB3B68851489E0860BA3ACE6CDF46BB5E2AEFD1DEF6E895566068B ] irstrtsv        C:\windows\SysWOW64\irstrtsv.exe

15:59:26.0151 0x16fc  irstrtsv - ok

15:59:26.0161 0x16fc  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys

15:59:26.0180 0x16fc  isapnp - ok

15:59:26.0199 0x16fc  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys

15:59:26.0243 0x16fc  iScsiPrt - ok

15:59:26.0255 0x16fc  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys

15:59:26.0278 0x16fc  iwdbus - ok

15:59:26.0290 0x16fc  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

15:59:26.0317 0x16fc  jhi_service - ok

15:59:26.0331 0x16fc  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys

15:59:26.0359 0x16fc  kbdclass - ok

15:59:26.0370 0x16fc  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys

15:59:26.0399 0x16fc  kbdhid - ok

15:59:26.0406 0x16fc  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys

15:59:26.0438 0x16fc  kdnic - ok

15:59:26.0447 0x16fc  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe

15:59:26.0467 0x16fc  KeyIso - ok

15:59:26.0476 0x16fc  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys

15:59:26.0511 0x16fc  KSecDD - ok

15:59:26.0523 0x16fc  [ F88CC88F4A6D8476F1664E805CA18CC2, 2C61EE5EEA4FD45AA3FA927CC16E34EF90BD44324EAB14198AF65C3A27617991 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys

15:59:26.0561 0x16fc  KSecPkg - ok

15:59:26.0570 0x16fc  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys

15:59:26.0592 0x16fc  ksthunk - ok

15:59:26.0611 0x16fc  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll

15:59:26.0660 0x16fc  KtmRm - ok

15:59:26.0680 0x16fc  [ 46378ECCB4A29AA81BF296641C2501EF, 5AB79BD824C00EF1338FDB8450692318AB14E0AE4145C30B37136767DFC1E4F9 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll

15:59:26.0715 0x16fc  LanmanServer - ok

15:59:26.0732 0x16fc  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll

15:59:26.0761 0x16fc  LanmanWorkstation - ok

15:59:26.0772 0x16fc  [ 2D4DB08B74F50988800ACA227598E68B, 5C2251BC51E57CDC35D9C3B7EB6FB2958A4629095E3F63D488DF477E9AE68F95 ] leymc           C:\WINDOWS\system32\DRIVERS\leymc.sys

15:59:26.0794 0x16fc  leymc - ok

15:59:26.0815 0x16fc  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll

15:59:26.0865 0x16fc  lfsvc - ok

15:59:26.0874 0x16fc  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\WINDOWS\system32\DRIVERS\LhdX64.sys

15:59:26.0895 0x16fc  LHDmgr - ok

15:59:26.0902 0x16fc  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys

15:59:26.0939 0x16fc  lltdio - ok

15:59:26.0956 0x16fc  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll

15:59:27.0000 0x16fc  lltdsvc - ok

15:59:27.0011 0x16fc  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll

15:59:27.0040 0x16fc  lmhosts - ok

15:59:27.0052 0x16fc  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:59:27.0091 0x16fc  LMS - ok

15:59:27.0106 0x16fc  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys

15:59:27.0140 0x16fc  LSI_SAS - ok

15:59:27.0150 0x16fc  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys

15:59:27.0181 0x16fc  LSI_SAS2 - ok

15:59:27.0195 0x16fc  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys

15:59:27.0221 0x16fc  LSI_SAS3 - ok

15:59:27.0234 0x16fc  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys

15:59:27.0262 0x16fc  LSI_SSS - ok

15:59:27.0292 0x16fc  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll

15:59:27.0345 0x16fc  LSM - ok

15:59:27.0356 0x16fc  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys

15:59:27.0384 0x16fc  luafv - ok

15:59:27.0392 0x16fc  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys

15:59:27.0417 0x16fc  megasas - ok

15:59:27.0444 0x16fc  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys

15:59:27.0491 0x16fc  megasr - ok

15:59:27.0505 0x16fc  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys

15:59:27.0522 0x16fc  MEIx64 - ok

15:59:27.0535 0x16fc  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

15:59:27.0560 0x16fc  Microsoft Office Groove Audit Service - ok

15:59:27.0569 0x16fc  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll

15:59:27.0591 0x16fc  MMCSS - ok

15:59:27.0603 0x16fc  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys

15:59:27.0629 0x16fc  Modem - ok

15:59:27.0637 0x16fc  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys

15:59:27.0663 0x16fc  monitor - ok

15:59:27.0674 0x16fc  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys

15:59:27.0705 0x16fc  mouclass - ok

15:59:27.0712 0x16fc  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys

15:59:27.0740 0x16fc  mouhid - ok

15:59:27.0752 0x16fc  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys

15:59:27.0777 0x16fc  mountmgr - ok

15:59:27.0786 0x16fc  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys

15:59:27.0817 0x16fc  mpsdrv - ok

15:59:27.0852 0x16fc  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll

15:59:27.0897 0x16fc  MpsSvc - ok

15:59:27.0910 0x16fc  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys

15:59:27.0941 0x16fc  MRxDAV - ok

15:59:27.0964 0x16fc  [ 0696F66E4D423793951A60562F794D14, E808E4E160C019F2F10762758F48C4565037974775CD267DF06B8B4A2CE26705 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:59:27.0995 0x16fc  mrxsmb - ok

15:59:28.0015 0x16fc  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys

15:59:28.0053 0x16fc  mrxsmb10 - ok

15:59:28.0064 0x16fc  [ DBA635C6398782C549E3BE45CF1D0411, E9806E075F401D3E7357E876C7F941F7DAFFBBEE065DC3FE556014F5D92EDAC0 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys

15:59:28.0096 0x16fc  mrxsmb20 - ok

15:59:28.0108 0x16fc  [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys

15:59:28.0130 0x16fc  MsBridge - ok

15:59:28.0142 0x16fc  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe

15:59:28.0176 0x16fc  MSDTC - ok

15:59:28.0188 0x16fc  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

15:59:28.0213 0x16fc  Msfs - ok

15:59:28.0227 0x16fc  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys

15:59:28.0249 0x16fc  msgpiowin32 - ok

15:59:28.0254 0x16fc  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys

15:59:28.0275 0x16fc  mshidkmdf - ok

15:59:28.0283 0x16fc  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys

15:59:28.0301 0x16fc  mshidumdf - ok

15:59:28.0312 0x16fc  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys

15:59:28.0339 0x16fc  msisadrv - ok

15:59:28.0351 0x16fc  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll

15:59:28.0384 0x16fc  MSiSCSI - ok

15:59:28.0390 0x16fc  msiserver - ok

15:59:28.0403 0x16fc  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:59:28.0437 0x16fc  MSKSSRV - ok

15:59:28.0454 0x16fc  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys

15:59:28.0487 0x16fc  MsLldp - ok

15:59:28.0496 0x16fc  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:59:28.0519 0x16fc  MSPCLOCK - ok

15:59:28.0531 0x16fc  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

15:59:28.0548 0x16fc  MSPQM - ok

15:59:28.0568 0x16fc  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys

15:59:28.0608 0x16fc  MsRPC - ok

15:59:28.0620 0x16fc  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys

15:59:28.0644 0x16fc  mssmbios - ok

15:59:28.0654 0x16fc  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys

15:59:28.0672 0x16fc  MSTEE - ok

15:59:28.0681 0x16fc  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys

15:59:28.0703 0x16fc  MTConfig - ok

15:59:28.0713 0x16fc  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys

15:59:28.0746 0x16fc  Mup - ok

15:59:28.0754 0x16fc  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys

15:59:28.0783 0x16fc  mvumis - ok

15:59:28.0807 0x16fc  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll

15:59:28.0843 0x16fc  napagent - ok

15:59:28.0861 0x16fc  [ 78514B073CC5775800A65BFB82A0D66B, DCD18E277569F23921E899F508860F89ABD417C74A7776152A4463284A989488 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys

15:59:28.0912 0x16fc  NativeWifiP - ok

15:59:28.0923 0x16fc  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll

15:59:28.0956 0x16fc  NcaSvc - ok


15:59:28.0968 0x16fc  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll

15:59:28.0994 0x16fc  NcbService - ok

15:59:29.0003 0x16fc  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll

15:59:29.0050 0x16fc  NcdAutoSetup - ok

15:59:29.0095 0x16fc  [ F21B77B4D74092A543807D3CEB711A88, 5C3C17A10E990070FAB317C0C5333DE768E408CAF43EC4FA9D18116C6EE3B3DC ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys

15:59:29.0158 0x16fc  NDIS - ok

15:59:29.0168 0x16fc  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys

15:59:29.0199 0x16fc  NdisCap - ok

15:59:29.0213 0x16fc  [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys

15:59:29.0252 0x16fc  NdisImPlatform - ok

15:59:29.0262 0x16fc  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:59:29.0292 0x16fc  NdisTapi - ok

15:59:29.0299 0x16fc  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:59:29.0329 0x16fc  Ndisuio - ok

15:59:29.0343 0x16fc  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys

15:59:29.0362 0x16fc  NdisVirtualBus - ok

15:59:29.0374 0x16fc  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:59:29.0415 0x16fc  NdisWan - ok

15:59:29.0425 0x16fc  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:59:29.0454 0x16fc  NdisWanLegacy - ok

15:59:29.0472 0x16fc  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

15:59:29.0503 0x16fc  NDProxy - ok

15:59:29.0512 0x16fc  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys

15:59:29.0550 0x16fc  Ndu - ok

15:59:29.0560 0x16fc  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

15:59:29.0591 0x16fc  NetBIOS - ok

15:59:29.0608 0x16fc  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

15:59:29.0652 0x16fc  NetBT - ok

15:59:29.0662 0x16fc  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe

15:59:29.0678 0x16fc  Netlogon - ok

15:59:29.0690 0x16fc  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll

15:59:29.0724 0x16fc  Netman - ok

15:59:29.0752 0x16fc  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll

15:59:29.0781 0x16fc  netprofm - ok

15:59:29.0796 0x16fc  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:59:29.0827 0x16fc  NetTcpPortSharing - ok

15:59:29.0837 0x16fc  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys

15:59:29.0859 0x16fc  netvsc - ok

15:59:29.0870 0x16fc  [ 8CE7F624D791733E8CECFA443B2DF513, 0401C55596FA5A867C5F3833ABC3B90D493F5F83E541FFBC2D312BF0AF8536AB ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

15:59:29.0905 0x16fc  NitroDriverReadSpool2 - ok

15:59:29.0923 0x16fc  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll

15:59:29.0949 0x16fc  NlaSvc - ok

15:59:29.0976 0x16fc  [ AAAE3B793B248A3DF86C65928484AB9A, ECB9E33C1BEAAA59A77001661A313C6819362F3B047819D00D5E3D863591D1C0 ] nlsX86cc        C:\windows\SysWOW64\NLSSRV32.EXE

15:59:29.0993 0x16fc  nlsX86cc - ok

15:59:29.0999 0x16fc  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

15:59:30.0016 0x16fc  Npfs - ok

 


 




 



 








 


Link to post
Share on other sites

15:59:30.0021 0x16fc  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys

15:59:30.0054 0x16fc  npsvctrig - ok

15:59:30.0061 0x16fc  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll

15:59:30.0080 0x16fc  nsi - ok

15:59:30.0086 0x16fc  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys

15:59:30.0101 0x16fc  nsiproxy - ok

15:59:30.0171 0x16fc  [ 1C80517BE6836A812F6A9B99B8321351, 7DBED4633820E201C9C242D961EF6F25BA2B1D5593BA60F707CC71A4014C2D4B ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

15:59:30.0273 0x16fc  Ntfs - ok

15:59:30.0288 0x16fc  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys

15:59:30.0311 0x16fc  Null - ok

15:59:30.0321 0x16fc  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys

15:59:30.0353 0x16fc  nvraid - ok

15:59:30.0365 0x16fc  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys

15:59:30.0391 0x16fc  nvstor - ok

15:59:30.0397 0x16fc  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys

15:59:30.0420 0x16fc  nv_agp - ok

15:59:30.0441 0x16fc  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:59:30.0490 0x16fc  odserv - ok

15:59:30.0500 0x16fc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:59:30.0531 0x16fc  ose - ok

15:59:30.0566 0x16fc  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll

15:59:30.0600 0x16fc  p2pimsvc - ok

15:59:30.0630 0x16fc  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll

15:59:30.0680 0x16fc  p2psvc - ok

15:59:30.0691 0x16fc  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys

15:59:30.0724 0x16fc  Parport - ok

15:59:30.0735 0x16fc  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys

15:59:30.0761 0x16fc  partmgr - ok

15:59:30.0786 0x16fc  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll

15:59:30.0813 0x16fc  PcaSvc - ok

15:59:30.0833 0x16fc  [ 275AFE3FA35E8D78BE97695DF49817C6, 447CEBB16285AE073B4251D2DA71399306EF2DCB7F56286ABE2F0BD6C83EB489 ] pci             C:\WINDOWS\system32\drivers\pci.sys

15:59:30.0870 0x16fc  pci - ok

15:59:30.0876 0x16fc  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys

15:59:30.0891 0x16fc  pciide - ok

15:59:30.0903 0x16fc  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys

15:59:30.0935 0x16fc  pcmcia - ok

15:59:30.0946 0x16fc  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys

15:59:30.0961 0x16fc  pcw - ok

15:59:30.0967 0x16fc  [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys

15:59:30.0997 0x16fc  pdc - ok

15:59:31.0027 0x16fc  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys

15:59:31.0083 0x16fc  PEAUTH - ok

15:59:31.0093 0x16fc  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe

15:59:31.0114 0x16fc  PerfHost - ok

15:59:31.0175 0x16fc  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll

15:59:31.0264 0x16fc  pla - ok

15:59:31.0277 0x16fc  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll

15:59:31.0299 0x16fc  PlugPlay - ok

15:59:31.0307 0x16fc  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll

15:59:31.0334 0x16fc  PNRPAutoReg - ok

15:59:31.0350 0x16fc  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll

15:59:31.0374 0x16fc  PNRPsvc - ok

15:59:31.0396 0x16fc  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll

15:59:31.0435 0x16fc  PolicyAgent - ok

15:59:31.0449 0x16fc  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll

15:59:31.0469 0x16fc  Power - ok

15:59:31.0560 0x16fc  [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll

15:59:31.0732 0x16fc  PrintNotify - ok

15:59:31.0747 0x16fc  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys

15:59:31.0775 0x16fc  Processor - ok

15:59:31.0792 0x16fc  [ B2A890D96C05E33FDD2BF3F3D4D0DF92, 3A29E17424429A5654D906E420D938148F09F57457356EFA72DA003B73F2D81E ] ProfSvc         C:\WINDOWS\system32\profsvc.dll

15:59:31.0815 0x16fc  ProfSvc - ok

15:59:31.0826 0x16fc  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys

15:59:31.0849 0x16fc  Psched - ok

15:59:31.0863 0x16fc  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll

15:59:31.0903 0x16fc  QWAVE - ok

15:59:31.0912 0x16fc  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys

15:59:31.0941 0x16fc  QWAVEdrv - ok

15:59:31.0947 0x16fc  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:59:31.0972 0x16fc  RasAcd - ok

15:59:31.0990 0x16fc  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll

15:59:32.0022 0x16fc  RasAuto - ok

15:59:32.0050 0x16fc  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll

15:59:32.0096 0x16fc  RasMan - ok

15:59:32.0106 0x16fc  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:59:32.0138 0x16fc  RasPppoe - ok

15:59:32.0158 0x16fc  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:59:32.0201 0x16fc  rdbss - ok

15:59:32.0212 0x16fc  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys

15:59:32.0244 0x16fc  rdpbus - ok

15:59:32.0257 0x16fc  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys

15:59:32.0293 0x16fc  RDPDR - ok

15:59:32.0307 0x16fc  [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys

15:59:32.0331 0x16fc  RdpVideoMiniport - ok

15:59:32.0348 0x16fc  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys

15:59:32.0385 0x16fc  rdyboost - ok

15:59:32.0422 0x16fc  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys

15:59:32.0494 0x16fc  ReFS - ok

15:59:32.0509 0x16fc  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

15:59:32.0546 0x16fc  RemoteAccess - ok

15:59:32.0557 0x16fc  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

15:59:32.0601 0x16fc  RemoteRegistry - ok

15:59:32.0615 0x16fc  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys

15:59:32.0650 0x16fc  RFCOMM - ok

15:59:32.0661 0x16fc  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll

15:59:32.0686 0x16fc  RpcEptMapper - ok

15:59:32.0694 0x16fc  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe

15:59:32.0713 0x16fc  RpcLocator - ok

15:59:32.0741 0x16fc  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll

15:59:32.0783 0x16fc  RpcSs - ok

15:59:32.0792 0x16fc  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys

15:59:32.0831 0x16fc  rspndr - ok

15:59:32.0848 0x16fc  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys

15:59:32.0879 0x16fc  RSUSBVSTOR - ok

15:59:32.0903 0x16fc  [ 243E5A4B340B76B132F0C6545690B601, 73497A2BD843A2B640E1055EE1987A6541DF60B0F6E1CFD4F3557EC4B698FC2C ] RtkBtFilter     C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys

15:59:32.0945 0x16fc  RtkBtFilter - ok

15:59:33.0013 0x16fc  [ B0A0260A3C03156937ECDB67CE5C6FE5, 88102D22976398599FA6165E9DBC1213EF2A001C99602E2195C9A7BAB0A127D7 ] RtlWlanu        C:\WINDOWS\system32\DRIVERS\rtwlanu.sys

15:59:33.0110 0x16fc  RtlWlanu - ok

15:59:33.0123 0x16fc  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys

15:59:33.0149 0x16fc  s3cap - ok

15:59:33.0157 0x16fc  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe

15:59:33.0175 0x16fc  SamSs - ok

15:59:33.0189 0x16fc  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys

15:59:33.0214 0x16fc  sbp2port - ok

15:59:33.0227 0x16fc  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll

15:59:33.0265 0x16fc  SCardSvr - ok

15:59:33.0276 0x16fc  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll

15:59:33.0309 0x16fc  ScDeviceEnum - ok

15:59:33.0317 0x16fc  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys

15:59:33.0349 0x16fc  scfilter - ok

15:59:33.0390 0x16fc  [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule        C:\WINDOWS\system32\schedsvc.dll

15:59:33.0444 0x16fc  Schedule - ok

15:59:33.0463 0x16fc  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll

15:59:33.0493 0x16fc  SCPolicySvc - ok

15:59:33.0509 0x16fc  [ FDEC5799BA499D18AFA3A540538866E7, 551EE0945FE4EC213FFF623E524500B57531EFEA2D76FA7ED1D2D605E7E2168F ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys

15:59:33.0555 0x16fc  sdbus - ok

15:59:33.0571 0x16fc  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys

15:59:33.0598 0x16fc  sdstor - ok

15:59:33.0607 0x16fc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys

15:59:33.0628 0x16fc  secdrv - ok

15:59:33.0641 0x16fc  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll

15:59:33.0662 0x16fc  seclogon - ok

15:59:33.0670 0x16fc  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll

15:59:33.0698 0x16fc  SENS - ok

15:59:33.0716 0x16fc  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] SensorsAlsDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

15:59:33.0742 0x16fc  SensorsAlsDriver - ok

15:59:33.0752 0x16fc  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] SensorsHIDClassDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

15:59:33.0777 0x16fc  SensorsHIDClassDriver - ok

15:59:33.0795 0x16fc  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] SensorsServiceDriver C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

15:59:33.0823 0x16fc  SensorsServiceDriver - ok

15:59:33.0840 0x16fc  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll

15:59:33.0865 0x16fc  SensrSvc - ok

15:59:33.0873 0x16fc  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys

15:59:33.0900 0x16fc  SerCx - ok

15:59:33.0911 0x16fc  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys

15:59:33.0939 0x16fc  SerCx2 - ok

15:59:33.0948 0x16fc  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys

15:59:33.0979 0x16fc  Serenum - ok

15:59:33.0995 0x16fc  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys

15:59:34.0025 0x16fc  Serial - ok

15:59:34.0037 0x16fc  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys

15:59:34.0055 0x16fc  sermouse - ok

15:59:34.0081 0x16fc  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll

15:59:34.0124 0x16fc  SessionEnv - ok

15:59:34.0130 0x16fc  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys

15:59:34.0150 0x16fc  sfloppy - ok

15:59:34.0171 0x16fc  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

15:59:34.0208 0x16fc  SharedAccess - ok

15:59:34.0229 0x16fc  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

15:59:34.0277 0x16fc  ShellHWDetection - ok

15:59:34.0285 0x16fc  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys

15:59:34.0300 0x16fc  SiSRaid2 - ok

15:59:34.0314 0x16fc  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys

15:59:34.0340 0x16fc  SiSRaid4 - ok

15:59:34.0349 0x16fc  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll

15:59:34.0378 0x16fc  smphost - ok

15:59:34.0395 0x16fc  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe

15:59:34.0423 0x16fc  SNMPTRAP - ok

15:59:34.0441 0x16fc  [ 33977549C2CED09936E05BEE7659EAFF, EB95C72ED0EAC59A50E6882B2501049191A796542C42414FAF0028907C669B21 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys

15:59:34.0479 0x16fc  spaceport - ok

15:59:34.0489 0x16fc  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys

15:59:34.0514 0x16fc  SpbCx - ok

15:59:34.0541 0x16fc  [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler         C:\WINDOWS\System32\spoolsv.exe

15:59:34.0592 0x16fc  Spooler - ok

15:59:34.0801 0x16fc  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe

15:59:35.0128 0x16fc  sppsvc - ok

15:59:35.0180 0x16fc  [ 4070099946C0ED03E2C484BD4F136150, B6097D41E2BEDFCC9861B1F348A8B544DDA9044D7AB053DA59502DF8B2D1B967 ] SPUVCbv         C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys

15:59:35.0267 0x16fc  SPUVCbv - ok

15:59:35.0293 0x16fc  [ 2B78788A1485F9B99A578A299DF42C02, A87183A9B13585C9E850437A45237105D39D7F3212ADB079D6AB430B67A59643 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys

15:59:35.0354 0x16fc  srv - ok

15:59:35.0384 0x16fc  [ FD163F487CBA9C98AFFEB546C80F49A2, 18DAAD173C0517F7BBF5D0C914302D98931E3BA6DAA36DC91D8DB0743EC40563 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys

15:59:35.0425 0x16fc  srv2 - ok

15:59:35.0443 0x16fc  [ 716059F37BCCB1ABEDE99EBE82E8E362, 05F27B0FABBBC0E324F06D20ABEF51EDA3316C9F7F85C1AD24639CD6DE1BC8AC ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys

15:59:35.0491 0x16fc  srvnet - ok

15:59:35.0505 0x16fc  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

15:59:35.0538 0x16fc  SSDPSRV - ok

15:59:35.0549 0x16fc  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll

15:59:35.0593 0x16fc  SstpSvc - ok

15:59:35.0606 0x16fc  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys

15:59:35.0643 0x16fc  ssudmdm - ok

15:59:35.0652 0x16fc  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys

15:59:35.0681 0x16fc  stexstor - ok

15:59:35.0710 0x16fc  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll

15:59:35.0766 0x16fc  stisvc - ok

15:59:35.0778 0x16fc  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys

15:59:35.0802 0x16fc  storahci - ok

15:59:35.0812 0x16fc  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys

15:59:35.0842 0x16fc  storflt - ok

15:59:35.0850 0x16fc  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys

15:59:35.0883 0x16fc  stornvme - ok

15:59:35.0897 0x16fc  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll

15:59:35.0924 0x16fc  StorSvc - ok

15:59:35.0934 0x16fc  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys

15:59:35.0959 0x16fc  storvsc - ok

15:59:35.0967 0x16fc  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll

15:59:36.0011 0x16fc  svsvc - ok

15:59:36.0018 0x16fc  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys

15:59:36.0036 0x16fc  swenum - ok

15:59:36.0068 0x16fc  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll

15:59:36.0131 0x16fc  swprv - ok

15:59:36.0154 0x16fc  [ 9428093A8084B2F410D0EEB8F29AF105, 254A7715139F245513DB5DD067F0F3609A7F10357D84EE3408187348B41376CE ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:59:36.0194 0x16fc  SynTP - ok

15:59:36.0239 0x16fc  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll

15:59:36.0297 0x16fc  SysMain - ok

15:59:36.0321 0x16fc  [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll

15:59:36.0356 0x16fc  SystemEventsBroker - ok

15:59:36.0367 0x16fc  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll

15:59:36.0398 0x16fc  TabletInputService - ok

15:59:36.0416 0x16fc  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

15:59:36.0455 0x16fc  TapiSrv - ok

15:59:36.0542 0x16fc  [ 4B666AE119D2ADBAC816BEA7DB4D6881, FCF90241548B893B01CE016D1F0B3D1564B6A4B39ADFBAE077A52F5D8240C8C4 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys

15:59:36.0657 0x16fc  Tcpip - ok

15:59:36.0745 0x16fc  [ 4B666AE119D2ADBAC816BEA7DB4D6881, FCF90241548B893B01CE016D1F0B3D1564B6A4B39ADFBAE077A52F5D8240C8C4 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:59:36.0849 0x16fc  TCPIP6 - ok

15:59:36.0865 0x16fc  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys

15:59:36.0895 0x16fc  tcpipreg - ok

15:59:36.0907 0x16fc  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys

15:59:36.0943 0x16fc  tdx - ok

15:59:36.0950 0x16fc  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys

15:59:36.0977 0x16fc  terminpt - ok

15:59:37.0018 0x16fc  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll

15:59:37.0085 0x16fc  TermService - ok

15:59:37.0097 0x16fc  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll

15:59:37.0147 0x16fc  Themes - ok

15:59:37.0156 0x16fc  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll

15:59:37.0178 0x16fc  THREADORDER - ok

15:59:37.0192 0x16fc  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll

15:59:37.0224 0x16fc  TimeBroker - ok

15:59:37.0238 0x16fc  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys

15:59:37.0271 0x16fc  TPM - ok

15:59:37.0283 0x16fc  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll

15:59:37.0306 0x16fc  TrkWks - ok

15:59:37.0319 0x16fc  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe

15:59:37.0350 0x16fc  TrustedInstaller - ok

15:59:37.0367 0x16fc  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys

15:59:37.0392 0x16fc  TsUsbFlt - ok

15:59:37.0399 0x16fc  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys

15:59:37.0422 0x16fc  TsUsbGD - ok

15:59:37.0435 0x16fc  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys

15:59:37.0478 0x16fc  tunnel - ok

15:59:37.0488 0x16fc  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys

15:59:37.0520 0x16fc  uagp35 - ok

15:59:37.0532 0x16fc  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys

15:59:37.0560 0x16fc  UASPStor - ok

15:59:37.0578 0x16fc  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys

15:59:37.0608 0x16fc  UCX01000 - ok

15:59:37.0622 0x16fc  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys

15:59:37.0667 0x16fc  udfs - ok

15:59:37.0675 0x16fc  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys

15:59:37.0698 0x16fc  UEFI - ok

15:59:37.0710 0x16fc  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe

15:59:37.0747 0x16fc  UI0Detect - ok

15:59:37.0759 0x16fc  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys

15:59:37.0786 0x16fc  uliagpkx - ok

15:59:37.0795 0x16fc  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys

15:59:37.0820 0x16fc  umbus - ok

15:59:37.0829 0x16fc  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys

15:59:37.0850 0x16fc  UmPass - ok

15:59:37.0864 0x16fc  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll

15:59:37.0899 0x16fc  UmRdpService - ok

15:59:37.0918 0x16fc  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:59:37.0961 0x16fc  UNS - ok

15:59:37.0980 0x16fc  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll

15:59:38.0029 0x16fc  upnphost - ok

15:59:38.0038 0x16fc  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys

15:59:38.0063 0x16fc  USBAAPL64 - ok

15:59:38.0073 0x16fc  [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys

15:59:38.0103 0x16fc  usbccgp - ok

15:59:38.0116 0x16fc  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys

15:59:38.0146 0x16fc  usbcir - ok

15:59:38.0157 0x16fc  [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys

15:59:38.0216 0x16fc  usbehci - ok

15:59:38.0241 0x16fc  [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys

15:59:38.0292 0x16fc  usbhub - ok

15:59:38.0316 0x16fc  [ CFC52C49BEFE4D70D87FFA900EAB9777, 09A2F5D8AB07C3AE3F2B092F4DD7AE5838736CDC263016F188B442B32EC928F8 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys

15:59:38.0362 0x16fc  USBHUB3 - ok

15:59:38.0371 0x16fc  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys

15:59:38.0396 0x16fc  usbohci - ok

15:59:38.0404 0x16fc  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys

15:59:38.0429 0x16fc  usbprint - ok

15:59:38.0437 0x16fc  [ F3F90825C416B264D016AA9D02C244C4, EEBB594BFF2FB52521995211858C9DB90CD317C5C0E2FB61BF837078BC438FD3 ] usbrndis6       C:\WINDOWS\system32\DRIVERS\usb80236.sys

15:59:38.0464 0x16fc  usbrndis6 - ok

15:59:38.0478 0x16fc  [ EA23453240137F6773174E0D93F61A69, 579AD09FB428C2BB8B4055128620A7AADD1B606C1EA44B87A01D69A84232A5D9 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS

15:59:38.0506 0x16fc  USBSTOR - ok

15:59:38.0513 0x16fc  [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys

15:59:38.0537 0x16fc  usbuhci - ok

15:59:38.0559 0x16fc  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS

15:59:38.0583 0x16fc  USBXHCI - ok

15:59:38.0590 0x16fc  [ 3CAAB947B1F247A570DE15983BEDEBCF, 81480D999F67A1755D5C21CE046FB439F0FBD743F73D23C19BC8C4DEB78A4F91 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys

15:59:38.0612 0x16fc  usb_rndisx - ok

15:59:38.0621 0x16fc  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe

15:59:38.0637 0x16fc  VaultSvc - ok

15:59:38.0646 0x16fc  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys

15:59:38.0672 0x16fc  vdrvroot - ok

15:59:38.0716 0x16fc  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe

15:59:38.0792 0x16fc  vds - ok

15:59:38.0806 0x16fc  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys

15:59:38.0841 0x16fc  VerifierExt - ok

15:59:38.0871 0x16fc  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys

15:59:38.0937 0x16fc  vhdmp - ok

15:59:38.0949 0x16fc  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys

15:59:38.0971 0x16fc  viaide - ok

15:59:38.0981 0x16fc  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys

15:59:39.0005 0x16fc  vmbus - ok

15:59:39.0013 0x16fc  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys

15:59:39.0034 0x16fc  VMBusHID - ok

15:59:39.0058 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll

15:59:39.0102 0x16fc  vmicguestinterface - ok

15:59:39.0123 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll

15:59:39.0159 0x16fc  vmicheartbeat - ok

15:59:39.0181 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll

15:59:39.0210 0x16fc  vmickvpexchange - ok

15:59:39.0227 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll

15:59:39.0260 0x16fc  vmicrdv - ok

15:59:39.0282 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll

15:59:39.0315 0x16fc  vmicshutdown - ok

15:59:39.0335 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll

15:59:39.0364 0x16fc  vmictimesync - ok

15:59:39.0384 0x16fc  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll

15:59:39.0406 0x16fc  vmicvss - ok

15:59:39.0415 0x16fc  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys

15:59:39.0435 0x16fc  volmgr - ok

15:59:39.0451 0x16fc  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys

15:59:39.0490 0x16fc  volmgrx - ok

15:59:39.0508 0x16fc  [ 4BB9BC49DEE1A319EC58274A7BBED663, 624491089623A5B68C01A6A000E60D450E8E467619ACEBB90C6FDED0CF670F95 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys

15:59:39.0542 0x16fc  volsnap - ok

15:59:39.0551 0x16fc  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys

15:59:39.0569 0x16fc  vpci - ok

15:59:39.0576 0x16fc  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys

15:59:39.0599 0x16fc  vsmraid - ok

15:59:39.0639 0x16fc  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe

15:59:39.0701 0x16fc  VSS - ok

15:59:39.0717 0x16fc  [ 08