Jump to content

Unable to use Mozilla and computer running slowly.


kelro
 Share

Recommended Posts

I've know for a while that my computer had a virus and submitted tickets with no reply. At that stage, Chameleon was not working and I was completely unable to launch MBAM. However, I uninstalled and re-installed the latest version and can now run scans.

 

These scans fail to find anything but I am sure that there is for the computer is running very slowly and I am unable to use Mozilla.

 

http://gyazo.com/9c6eddb7b8eaff5c42ba954ff4039622

 

When I search for anything, but for an exmaple I have used facebook, I get this error. (IMG above)
Even if I add the exception, I get the same error - again and again.

 

Any advice to rid me of the cause of this problem would be much appreciated.

 

 

 

 

I recently opened another thread. That is NOT a duplicate. These are two DIFFERENT computers so please do not close one of them.

 

Thanks in advance.

Link to post
Share on other sites

Hello kelro! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

FRST.txt below
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by kelly_000 (ATTENTION: The logged in user is not administrator) on LAPTOP on 21-11-2014 15:22:02
Running from C:\Users\kelly_000\AppData\Local\Microsoft\Windows\INetCache\IE\UQSLHZ30
Loaded Profile: kelly_000 (Available profiles: Alex & kelly_000)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nota Inc.) C:\Program Files\Gyazo\GyStation.exe
(GoPro) C:\Program Files\GoPro\Tools\Importer\GoPro Importer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Web2Rule] => C:\Program Files\Web2Rule\Web2Rule.exe
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [7642432 2014-08-27] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\Run: [smileboxTray] => C:\Users\kelly_000\AppData\Roaming\Smilebox\SmileboxTray.exe [338216 2014-02-20] (Smilebox, Inc.)
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\Run: [Gyazo] => C:\Program Files\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kelly_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\kelly_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicyUsers\S-1-5-21-4264348289-3241612886-2336119300-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://preview.msn.com/en-gb/?FORM=MF123V&OCID=MF123V
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x436B4587E8D8CF01
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\kelly_000\AppData\Roaming\Mozilla\Firefox\Profiles\wpzp23iv.default
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF NetworkProxy: "http", "204.228.129.46"
FF NetworkProxy: "http_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Extension: MEGA - C:\Users\kelly_000\AppData\Roaming\Mozilla\Firefox\Profiles\wpzp23iv.default\Extensions\firefox@mega.co.nz.xpi [2014-09-01]
FF Extension: Adblock Plus - C:\Users\kelly_000\AppData\Roaming\Mozilla\Firefox\Profiles\wpzp23iv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-07]

Chrome:
=======
CHR Profile: C:\Users\kelly_000\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1674928 2014-10-29] (Microsoft Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [655864 2014-08-27] ()
R2 lmhosts; C:\WINDOWS\system32\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [78216 2013-07-17] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [93648 2013-07-17] (BitDefender LLC)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-19] (Malwarebytes Corporation)
R1 nm3; C:\WINDOWS\system32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\system32\DRIVERS\yk63x86.sys [249288 2013-06-18] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 15:22 - 2014-11-21 15:22 - 00000000 ____D () C:\FRST
2014-11-19 21:12 - 2014-11-19 21:12 - 00000000 ____D () C:\Users\kelly_000\AppData\Roaming\Gyazo
2014-11-19 21:11 - 2014-11-19 21:11 - 00000956 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-11-19 21:11 - 2014-11-19 21:11 - 00000956 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-11-19 21:11 - 2014-11-19 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-19 21:11 - 2014-11-19 21:11 - 00000000 ____D () C:\Program Files\Gyazo
2014-11-19 20:14 - 2014-11-19 20:14 - 00000000 ____D () C:\Users\kelly_000\AppData\Roaming\GoPro
2014-11-18 18:41 - 2014-11-09 23:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 18:41 - 2014-11-09 23:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-17 19:29 - 2014-11-19 19:25 - 00269289 _____ () C:\Users\kelly_000\Documents\tyler.odp
2014-11-16 17:05 - 2014-11-16 20:21 - 00053871 _____ () C:\Users\kelly_000\Documents\Toureen.odp
2014-11-15 09:30 - 2014-11-15 09:30 - 00000000 __SHD () C:\Users\kelly_000\AppData\Local\EmieBrowserModeList
2014-11-14 16:47 - 2014-11-14 16:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-12 23:03 - 2014-11-12 23:08 - 59030729 _____ () C:\Users\kelly_000\Downloads\to-what-extent-can-success-in-business-be-achieved-without-active-research-sqbh2ikpgp93_zip (1)
2014-11-12 23:03 - 2014-11-12 23:03 - 00000000 _____ () C:\Users\kelly_000\Downloads\to-what-extent-can-success-in-business-be-achieved-without-active-research-sqbh2ikpgp93_zip.z5o350m.partial
2014-11-12 22:43 - 2014-10-31 03:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 22:43 - 2014-10-10 02:28 - 00148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 22:43 - 2014-10-10 02:28 - 00022848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 22:43 - 2014-10-10 02:12 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 22:43 - 2014-10-08 06:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 22:43 - 2014-10-08 06:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 22:43 - 2014-10-08 06:48 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 22:43 - 2014-10-08 06:39 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 22:43 - 2014-10-08 05:48 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 22:43 - 2014-10-08 05:16 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 22:43 - 2014-10-07 03:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 22:43 - 2014-10-07 03:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 22:43 - 2014-10-07 03:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 22:43 - 2014-10-07 03:33 - 00213344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 22:43 - 2014-10-07 03:33 - 00107376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 22:43 - 2014-10-07 02:45 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 22:43 - 2014-10-07 01:36 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 22:43 - 2014-10-07 01:31 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 22:40 - 2014-10-31 02:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 22:40 - 2014-10-31 02:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 22:40 - 2014-10-31 02:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 22:39 - 2014-10-31 03:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 22:39 - 2014-10-31 03:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 22:39 - 2014-10-31 03:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 22:39 - 2014-10-31 03:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 22:39 - 2014-10-31 03:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 22:39 - 2014-10-31 03:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 22:39 - 2014-10-31 03:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 22:39 - 2014-10-31 03:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 22:39 - 2014-10-31 03:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 22:39 - 2014-10-31 03:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 22:39 - 2014-10-31 03:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 22:39 - 2014-10-31 03:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 22:39 - 2014-10-31 03:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 22:39 - 2014-10-31 03:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 22:39 - 2014-10-31 03:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 22:39 - 2014-10-31 03:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 22:39 - 2014-10-31 03:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 22:39 - 2014-10-31 03:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 22:39 - 2014-10-31 03:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 22:39 - 2014-10-31 03:12 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 22:39 - 2014-10-31 03:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 22:39 - 2014-10-31 03:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 22:39 - 2014-10-31 03:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 22:39 - 2014-10-31 02:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 22:39 - 2014-10-31 02:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 22:39 - 2014-10-31 02:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 22:39 - 2014-10-31 02:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 22:39 - 2014-10-31 02:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 22:39 - 2014-10-31 02:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 22:39 - 2014-10-31 02:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 22:39 - 2014-10-31 02:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 22:39 - 2014-10-31 02:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 22:39 - 2014-10-31 02:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 22:39 - 2014-10-31 02:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 22:39 - 2014-10-31 02:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 22:39 - 2014-10-31 02:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 22:39 - 2014-10-31 02:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 22:39 - 2014-10-31 02:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 22:39 - 2014-10-31 02:39 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 22:39 - 2014-10-31 02:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 22:39 - 2014-10-31 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 22:39 - 2014-10-31 02:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 22:39 - 2014-10-31 02:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 22:38 - 2014-09-22 02:40 - 00219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 22:38 - 2014-09-22 02:40 - 00084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 22:38 - 2014-09-22 02:39 - 00029688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 22:38 - 2014-09-02 22:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 22:37 - 2014-10-23 05:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 22:37 - 2014-10-17 06:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 22:37 - 2014-09-27 05:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 22:37 - 2014-09-27 03:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 22:37 - 2014-09-27 03:12 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 22:37 - 2014-08-23 05:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 22:36 - 2014-09-10 06:18 - 00333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 22:36 - 2014-09-08 02:33 - 01858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 22:36 - 2014-09-08 02:33 - 00286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 22:36 - 2014-09-07 22:07 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 22:36 - 2014-09-04 22:29 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 22:36 - 2014-09-04 22:20 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 22:36 - 2014-09-04 02:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 22:36 - 2014-09-04 00:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 22:36 - 2014-09-04 00:11 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll
2014-11-12 22:36 - 2014-08-30 23:00 - 00120640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 22:36 - 2014-08-30 22:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 22:36 - 2014-08-30 20:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 22:36 - 2014-08-30 20:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 22:36 - 2014-08-28 02:16 - 05783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 22:36 - 2014-08-28 00:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 22:36 - 2014-08-23 05:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 22:36 - 2014-08-23 04:47 - 02151936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 22:36 - 2014-08-02 00:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 22:35 - 2014-11-04 23:40 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-12 22:35 - 2014-11-04 00:09 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-12 22:35 - 2014-10-31 03:13 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-12 22:35 - 2014-10-31 03:10 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-12 22:35 - 2014-10-31 02:52 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-12 22:35 - 2014-10-18 08:49 - 00048496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 22:35 - 2014-10-18 07:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 22:35 - 2014-10-18 07:25 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 22:35 - 2014-10-18 06:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 22:35 - 2014-10-18 06:16 - 02946560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 22:35 - 2014-10-18 06:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 22:35 - 2014-10-18 06:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 22:35 - 2014-10-18 06:12 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 22:35 - 2014-10-18 06:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 22:35 - 2014-10-18 06:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 22:35 - 2014-10-18 06:08 - 01653248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 22:35 - 2014-10-13 02:37 - 00108864 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 22:35 - 2014-10-11 00:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 22:35 - 2014-10-08 06:44 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 22:35 - 2014-10-08 06:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 22:35 - 2014-10-08 05:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-11 07:35 - 2014-11-11 07:36 - 00000000 ____D () C:\Users\kelly_000\AppData\Local\GoPro
2014-11-10 21:51 - 2014-11-10 21:51 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\GoPro
2014-11-10 21:49 - 2014-11-10 21:50 - 00000000 ____D () C:\Users\Alex\AppData\Local\GoPro
2014-11-10 21:48 - 2014-11-10 21:48 - 00001086 _____ () C:\Users\Alex\Desktop\GoPro Studio.lnk
2014-11-10 21:48 - 2014-11-10 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2014-11-10 21:47 - 2014-11-19 20:11 - 00000000 ____D () C:\Users\Public\CineForm
2014-11-10 21:47 - 2014-11-10 21:47 - 00000000 ____D () C:\Program Files\DIFX
2014-11-10 21:47 - 2014-11-10 21:47 - 00000000 ____D () C:\Program Files\CineForm
2014-11-05 13:34 - 2014-11-10 21:47 - 00004306 _____ () C:\WINDOWS\DPINST.LOG
2014-11-05 13:33 - 2014-11-10 21:47 - 00000000 ____D () C:\Program Files\GoPro
2014-11-05 13:33 - 2014-11-05 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 13:33 - 2014-11-05 13:33 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-30 22:50 - 2014-11-19 21:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 22:50 - 2014-10-30 22:50 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 22:50 - 2014-10-30 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-30 22:50 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-30 22:50 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-30 22:50 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-29 12:59 - 2014-10-29 12:59 - 00595456 _____ () C:\Users\kelly_000\Documents\buschgardens.mht
2014-10-29 11:53 - 2014-10-29 11:53 - 00057185 _____ () C:\Users\kelly_000\Documents\2014-2015_Youth_Compassion Group.htm
2014-10-29 11:53 - 2014-10-29 11:53 - 00000000 ____D () C:\Users\kelly_000\Documents\2014-2015_Youth_Compassion Group_files
2014-10-27 18:41 - 2014-10-28 17:47 - 00018857 _____ () C:\Users\kelly_000\Documents\Bal Form OXFORD.xlsx
2014-10-27 18:01 - 2014-10-27 18:01 - 00019031 _____ () C:\Users\kelly_000\Downloads\BAL Template.xlsx
2014-10-25 07:22 - 2014-10-25 07:24 - 00000000 ____D () C:\Users\kelly_000\Desktop\Cam Space
2014-10-24 08:54 - 2014-10-24 08:54 - 00000311 _____ () C:\Users\kelly_000\Desktop\Packages.rar - Shortcut.lnk
2014-10-24 08:47 - 2014-10-24 08:47 - 00000569 _____ () C:\Users\kelly_000\Desktop\Packages - Shortcut.lnk
2014-10-24 06:55 - 2014-10-24 07:21 - 00000000 ____D () C:\Users\kelly_000\Desktop\Mac Req
2014-10-24 06:54 - 2014-11-05 12:45 - 00003265 _____ () C:\WINDOWS\setupact.log
2014-10-24 06:54 - 2014-10-24 06:54 - 00000000 _____ () C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 15:21 - 2013-06-13 12:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-21 15:16 - 2014-10-06 16:55 - 01228102 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 14:56 - 2014-03-05 08:19 - 00000000 __RDO () C:\Users\kelly_000\SkyDrive
2014-11-21 14:56 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-20 18:50 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-11-20 18:48 - 2013-04-14 14:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-19 16:59 - 2014-10-05 17:28 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-19 16:58 - 2013-08-22 07:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 23:50 - 2014-07-10 16:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-18 23:50 - 2013-08-22 08:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-18 23:50 - 2013-08-22 08:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-18 23:50 - 2013-08-22 08:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-18 23:50 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-11-18 23:50 - 2013-08-22 08:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-18 23:49 - 2013-07-25 06:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-18 23:44 - 2012-12-12 15:14 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-18 23:44 - 2012-07-26 06:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-16 07:34 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-15 11:02 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-15 09:16 - 2013-08-22 07:22 - 03877408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-15 09:13 - 2014-10-16 21:24 - 00004232 _____ () C:\WINDOWS\PFRO.log
2014-11-14 16:46 - 2013-12-11 19:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 09:47 - 2013-12-11 19:26 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-11-14 09:46 - 2013-03-13 19:46 - 00000000 ____D () C:\Program Files\Java
2014-11-13 17:59 - 2013-01-19 16:09 - 00002104 _____ () C:\WINDOWS\Sandboxie.ini
2014-11-10 21:47 - 2013-08-22 06:21 - 00000000 ___RD () C:\Users\Public
2014-11-05 12:46 - 2013-11-14 05:40 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-05 12:39 - 2013-12-07 16:37 - 00002252 ____H () C:\Users\kelly_000\Documents\Default.rdp
2014-10-31 07:41 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\Branding
2014-10-30 22:50 - 2014-06-01 14:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-30 22:40 - 2013-07-15 18:56 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\GSA Search Engine Ranker
2014-10-30 22:39 - 2013-04-16 21:15 - 00000000 ____D () C:\Program Files\Web2Rule
2014-10-30 00:55 - 2014-08-18 07:26 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-30 00:55 - 2014-08-18 07:26 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-29 13:15 - 2014-08-30 18:42 - 00000000 ____D () C:\Users\kelly_000\Desktop\Memory Stick
2014-10-27 18:23 - 2014-10-02 19:15 - 00000000 ____D () C:\Users\kelly_000\Desktop\Flight Details
2014-10-27 17:45 - 2013-08-22 08:17 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================


Addition.txt below

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
Ran by kelly_000 at 2014-11-21 15:24:30
Running from C:\Users\kelly_000\AppData\Local\Microsoft\Windows\INetCache\IE\UQSLHZ30
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{30EA2BAC-C89C-4EAE-BDCF-8C7C8DDB79B1}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
Ad-Aware Security Add-on (HKLM\...\adawaretb) (Version: 3.8.0.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Balsamiq Mockups For Desktop (HKLM\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.22 - Balsamiq SRL)
Balsamiq Mockups For Desktop (Version: 2.2.22 - Balsamiq SRL) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.3 3.4.3 (HKLM\...\BookSmart® 3.4.3 3.4.3) (Version:  - Blurb, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
GoPro Studio 2.5.2 (HKLM\...\GoPro Studio) (Version: 2.5.2 - GoPro, Inc.)
GSplit 3 (HKLM\...\GSplit3Set) (Version: 3.0.1.0 - G.D.G. Software)
Gyazo 2.3 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
ISO Creator 1.0 (HKLM\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nessy Fingers - Single User Version (HKLM\...\{AE155431-38F0-4B7E-B67E-ABEC8E1EB31B}) (Version: 1.3.0 - Net Educational Systems © 2010)
NinjaTrader 7 (HKLM\...\{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}) (Version: 7.0.1011 - NinjaTrader)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
paigham-Bot (HKLM\...\{C721151D-205C-4775-9158-4D4A90279B70}) (Version: 1.3.8 - Great Business Reviews)
ph (Version: 1.0.0 - Your Company Name) Hidden
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pidgin (HKLM\...\Pidgin) (Version: 2.10.7 - )
pidgin-otr 4.0.0-1 (HKLM\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PowerISO (HKLM\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Rank Cracker (HKLM\...\{C09ADF8F-B7C3-4041-9CB3-445B5215F517}) (Version: 1.0.4 - MatthewWoodward.co.uk)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{AA5009F6-E65C-4DBD-92B8-988F0ADD1E99}) (Version: 2.2.30085 - SlimWare Utilities, Inc.)
Smilebox (HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\Smilebox) (Version: 1.0.0.25280 - Smilebox, Inc.)
SoftPerfect WiFi Guard version 1.0.4 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.4 - SoftPerfect Research)
SW Update (HKLM\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Vegas Pro 11.0 (HKLM\...\{B5B98340-0296-11E2-8B8E-F04DA23A5C58}) (Version: 11.0.700 - Sony)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:13 - 2013-08-22 06:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2014-10-21 22:41 - 2014-10-21 22:41 - 01800192 _____ () C:\Program Files\GoPro\Tools\Importer\GPSDKAnalyticsNet.dll
2014-03-19 10:39 - 2014-03-19 10:39 - 00081456 _____ () C:\Program Files\Samsung\S Agent\ToastDLL.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Alex\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\kelly_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "Web2Rule"
HKLM\...\StartupApproved\Run: => "APSDaemon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "Ad-Aware Browsing Protection"
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4264348289-3241612886-2336119300-1004\...\StartupApproved\Run: => "SmileboxTray"

========================= Accounts: ==========================

Administrator (S-1-5-21-4264348289-3241612886-2336119300-500 - Administrator - Disabled)
Alex (S-1-5-21-4264348289-3241612886-2336119300-1001 - Administrator - Enabled) => C:\Users\Alex
ETB User (S-1-5-21-4264348289-3241612886-2336119300-1006 - Administrator - Enabled)
Guest (S-1-5-21-4264348289-3241612886-2336119300-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4264348289-3241612886-2336119300-1003 - Limited - Enabled)
kelly_000 (S-1-5-21-4264348289-3241612886-2336119300-1004 - Limited - Enabled) => C:\Users\kelly_000

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2014 02:57:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea066
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process ID: 0xaf0
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (11/21/2014 08:13:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea066
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process ID: 0x12a8
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (11/21/2014 08:05:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea066
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process ID: 0x1780
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (11/20/2014 06:30:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea066
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process ID: 0x1340
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (11/20/2014 02:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15422

Error: (11/20/2014 02:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15422

Error: (11/20/2014 02:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2014 01:05:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: df0

Start Time: 01d004afdc1ccc4d

Termination Time: 140

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e54a1262-70b5-11e4-b042-00137794c3d6

Faulting package full name:

Faulting package-relative application ID:

Error: (11/20/2014 00:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17278, time stamp: 0x53eea066
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process ID: 0x9e8
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report ID: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5

Error: (11/20/2014 00:35:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d7c

Start Time: 01d004bdaf6dae26

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

Report Id: a4335334-70b1-11e4-b042-00137794c3d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (11/20/2014 06:50:14 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/19/2014 05:08:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

Error: (11/19/2014 05:08:47 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An TLS 1.2 connection request was received from a remote client application, but none of the cypher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/19/2014 05:05:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service did not respond on starting.

Error: (11/18/2014 11:51:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LavasoftAdAwareService11 service.

Error: (11/18/2014 11:51:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (11/17/2014 09:47:49 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/16/2014 07:50:43 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/15/2014 11:22:42 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/14/2014 08:42:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703fa: Microsoft.ZuneVideo.

Microsoft Office Sessions:
=========================
Error: (11/21/2014 02:57:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea066unknown0.0.0.0000000000000000000000000af001d0059b601b4c67C:\Windows\System32\skydrive.exeunknownbd8ad7ea-718e-11e4-b042-00137794c3d6

Error: (11/21/2014 08:13:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea066unknown0.0.0.000000000000000000000000012a801d00562fc3591ecC:\Windows\System32\skydrive.exeunknown3a8902e6-7156-11e4-b042-00137794c3d6

Error: (11/21/2014 08:05:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea066unknown0.0.0.0000000000000000000000000178001d00561dd4add0fC:\Windows\System32\skydrive.exeunknown2f49f6e7-7155-11e4-b042-00137794c3d6

Error: (11/20/2014 06:30:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea066unknown0.0.0.0000000000000000000000000134001d004eff320bedfC:\Windows\System32\skydrive.exeunknown56bc0dfc-70e3-11e4-b042-00137794c3d6

Error: (11/20/2014 02:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15422

Error: (11/20/2014 02:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15422

Error: (11/20/2014 02:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2014 01:05:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17416df001d004afdc1ccc4d140C:\Program Files\Internet Explorer\iexplore.exee54a1262-70b5-11e4-b042-00137794c3d6

Error: (11/20/2014 00:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.1727853eea066unknown0.0.0.00000000000000000000000009e801d004c0bb60761fC:\Windows\System32\skydrive.exeunknown136709d9-70b4-11e4-b042-00137794c3d6

Error: (11/20/2014 00:35:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605d7c01d004bdaf6dae264294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exea4335334-70b1-11e4-b042-00137794c3d6microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:
===================================
  Date: 2014-06-13 11:00:51.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-13 11:00:51.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-13 11:00:51.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-13 11:00:49.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-13 11:00:49.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-11 20:27:19.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-11 20:27:19.068
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-11 20:27:18.974
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-11 08:13:30.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-06-11 08:13:30.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 2008.6 MB
Available physical RAM: 1132.76 MB
Total Pagefile: 2712.6 MB
Available Pagefile: 1682.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1863.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:9.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================




 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log

 

I will do that as soon as my Internet connection is stable. I am currently being DDOS'd. Could this be as a result of the virus on this computer or my other one on the same network?

What would you suggest is the best next step to take?

Thanks again.

Link to post
Share on other sites

# AdwCleaner v4.101 - Report created 23/11/2014 at 17:05:19
# Updated 09/11/2014 by Xplode
# Database : 2014-11-23.4 [Live]
# Operating System : Windows 8.1 Pro  (32 bits)
# Username : Alex - LAPTOP
# Running from : C:\Users\kelly_000\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Alex\Desktop\Genesis
Folder Deleted : C:\Users\Alex\Documents\Online
Folder Deleted : C:\Users\kelly_000\AppData\LocalLow\adawaretb

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

*************************

AdwCleaner[R0].txt - [2028 octets] - [23/11/2014 16:34:50]
AdwCleaner[s0].txt - [1987 octets] - [23/11/2014 17:05:19]

########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [2047 octets] ##########
 

The JRT.txt is no where to be found and it didn't open when I restarted. Should I run the scan again?

 

Link to post
Share on other sites

Found the JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8.1 Pro x86
Ran by Alex on 23/11/2014 at 16:19:58.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4264348289-3241612886-2336119300-1001
Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4264348289-3241612886-2336119300-1004
Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4264348289-3241612886-2336119300-1005

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ad-aware browsing protection"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\Users\Alex\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\toolbar cleaner"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\bvydsf94.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\bvydsf94.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\bvydsf94.default\minidumps [25 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/11/2014 at 16:22:42.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • In your next reply, post the following log files:
    • Malwarebytes' Anti-Malware log
    • ESET Online Scanner log
Link to post
Share on other sites

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/11/2014
Scan Time: 19:32:31
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.24.07
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390504
Time Elapsed: 2 hr, 16 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


ESET
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\kelly_000\AppData\Local\Microsoft\Windows\INetCache\IE\1B3V6BV3\ccsetup419pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\kelly_000\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

I will go ahead and take over this topic.

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Dec 11 23:01:56 2014

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

Unfortunately nothing found. The problem has now got worse. I am only able to download files when in Safe Mode and Task Manager shows 5 instances of Internet Explorer that, when I click End Task reappear immediately.

16:47:58.0482 0x0cf4  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
16:47:58.0607 0x0cf4  ============================================================
16:47:58.0607 0x0cf4  Current date / time: 2014/12/20 16:47:58.0607
16:47:58.0607 0x0cf4  SystemInfo:
16:47:58.0607 0x0cf4  
16:47:58.0607 0x0cf4  OS Version: 6.3.9600 ServicePack: 0.0
16:47:58.0607 0x0cf4  Product type: Workstation
16:47:58.0607 0x0cf4  ComputerName: LAPTOP
16:47:58.0607 0x0cf4  UserName: Alex
16:47:58.0607 0x0cf4  Windows directory: C:\WINDOWS
16:47:58.0607 0x0cf4  System windows directory: C:\WINDOWS
16:47:58.0607 0x0cf4  Processor architecture: Intel x86
16:47:58.0607 0x0cf4  Number of processors: 2
16:47:58.0607 0x0cf4  Page size: 0x1000
16:47:58.0607 0x0cf4  Boot type: Normal boot
16:47:58.0607 0x0cf4  ============================================================
16:47:58.0607 0x0cf4  BG loaded
16:48:03.0564 0x0cf4  System UUID: {0F194E7A-3D33-CFC3-BDC7-A6B3D9F1C5E9}
16:48:06.0049 0x0cf4  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:06.0143 0x0cf4  ============================================================
16:48:06.0143 0x0cf4  \Device\Harddisk0\DR0:
16:48:06.0190 0x0cf4  MBR partitions:
16:48:06.0190 0x0cf4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
16:48:06.0190 0x0cf4  ============================================================
16:48:08.0160 0x0cf4  C: <-> \Device\Harddisk0\DR0\Partition1
16:48:08.0160 0x0cf4  ============================================================
16:48:08.0160 0x0cf4  Initialize success
16:48:08.0160 0x0cf4  ============================================================
16:48:41.0817 0x0400  ============================================================
16:48:41.0817 0x0400  Scan started
16:48:41.0817 0x0400  Mode: Manual; SigCheck; TDLFS;
16:48:41.0817 0x0400  ============================================================
16:48:41.0817 0x0400  KSN ping started
16:48:44.0146 0x0400  KSN ping finished: true
16:49:14.0381 0x0400  ================ Scan system memory ========================
16:49:14.0381 0x0400  System memory - ok
16:49:14.0381 0x0400  ================ Scan services =============================
16:49:23.0649 0x0400  [ F7B9F821CF1C31B266F60A5733F8119A, F6CD1745CCE5F3023AA71BEBDD90ABF53AAB7BAC30FE6D28EB0CE73A46346875 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
16:49:25.0539 0x0400  1394ohci - ok
16:49:25.0821 0x0400  [ 57F7923ACC5009218F6591B3C0F62E07, 2C55C3C05063A87AA3B8B4E229F473104DE3643B1905214F75643332F60AD77F ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
16:49:25.0852 0x0400  3ware - ok
16:49:26.0774 0x0400  [ 97E855ABBF94A5B979BB3070833AE71C, 1BE118C8E9DE6C37D4B64980824B01552B18F468E710C5313CBBBAC4458F3CED ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
16:49:27.0258 0x0400  ACPI - ok
16:49:27.0383 0x0400  [ DCA3C5F55150B3AEB8B75A5E8D1156DC, 5BECBA14872511E9195B66F5BA290C80978C0DFFB08FABB8C5502D6F4B2927B9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
16:49:27.0415 0x0400  acpiex - ok
16:49:27.0649 0x0400  [ EE103776F838AE570EDBB2C1FB1356AF, 893FE536EEC3E9FBF08FBF3491DD96939DD92879E321A24E1AB4C6F7C5C84961 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
16:49:28.0696 0x0400  acpipagr - ok
16:49:28.0884 0x0400  [ AC1BAD06E47D090C553FDEEAD1A7C463, FF4A46E0811B6857DDF1C8FB35E1D99CF2C13D7139FEC574B797F09CA0DC95CA ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
16:49:29.0821 0x0400  AcpiPmi - ok
16:49:30.0040 0x0400  [ 519FA16CFE54F107861501D852322AEF, AC81AEAABF7C97F90769A8EE789449DB413815C2634999AE0C5825BF40656505 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
16:49:30.0993 0x0400  acpitime - ok
16:49:31.0993 0x0400  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:49:32.0150 0x0400  AdobeFlashPlayerUpdateSvc - ok
16:49:33.0212 0x0400  [ D614199DF507F1047D2C9ADB89BDD49E, F858794161F40660CDFEDA895A3B924364F74F8D6165947A7605A3C695D9EE7D ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
16:49:40.0541 0x0400  ADP80XX - ok
16:49:40.0854 0x0400  [ 38ED16BD714BD8AB7A1D78568E2C5B22, D03E82A895DC9F47488D4DDF4C47D241364F2FAFCA9C76576C934403BEFC046B ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
16:49:42.0119 0x0400  AeLookupSvc - ok
16:49:43.0010 0x0400  [ D75FB05E8DBF21FA0EF313C7503243F1, A9D9B5A6B26D114319B16605D47BDD27D4B13B72D2661DDDCD711AC48D46DB4E ] AFD             C:\WINDOWS\system32\drivers\afd.sys
16:49:44.0338 0x0400  AFD - ok
16:49:45.0041 0x0400  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:49:45.0557 0x0400  AgereSoftModem - ok
16:49:45.0807 0x0400  [ 7A706DCF874214097A30694D3B686866, C565B0A0F59A79259D0D3958FF3FAAE252FCC2BF3964C426B37F8C3830A0C216 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
16:49:46.0012 0x0400  agp440 - ok
16:49:46.0231 0x0400  [ 25815816E0032A26D2FE5FDA7F9A2BB7, F10F59CE1EB099BA7D6923BA7C8712E1D2E03C31A194F47A6B4CC824B479104B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
16:49:46.0887 0x0400  ahcache - ok
16:49:46.0934 0x0400  [ F0393267267B7E0EFD1E987781783B9F, 90BC0B0FA5DE930650104C9D3ED76A90EDB99DCAD097FAF964B1705BD2BE6825 ] ALG             C:\WINDOWS\System32\alg.exe
16:49:47.0325 0x0400  ALG - ok
16:49:47.0575 0x0400  [ E7E154969EEDB8E8FC2C80DF690A175A, 3015D83058BF9B018473823B596F4F9F1A348E3ED2724C51CB9776E76082C479 ] amdagp          C:\WINDOWS\system32\drivers\amdagp.sys
16:49:47.0793 0x0400  amdagp - ok
16:49:48.0021 0x0400  [ D9707ECC59834964EBA0D9D6C87305F6, EEC61004B16B4E1582D55D00C7A6DF497E72EC2B81A301B383584F5D6DFADCF0 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
16:49:48.0459 0x0400  AmdK8 - ok
16:49:48.0537 0x0400  [ 7E4E0841365A02F77BD8497CCE347179, 915506A214730851CD789A4E0D1AC6501706D56929CD8AFB30BF77E4618AE574 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
16:49:48.0893 0x0400  AmdPPM - ok
16:49:49.0096 0x0400  [ 5558A0EB3082EAC88C0578ABCE0C707D, 46DDFFE4E3DC5E98B06CA6DCF508C8B7BBCD1C9BED8DFA74B48AA08498E76EF2 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
16:49:49.0206 0x0400  amdsata - ok
16:49:49.0315 0x0400  [ FB1A73A850C812F63BA9D174AB97BFB6, D15ECB48ECC459E564386101178E4E698B84B7763ABBC022F6D617CC5623F755 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
16:49:49.0690 0x0400  amdsbs - ok
16:49:49.0737 0x0400  [ 43352B9C7917984404F893AD10468F63, 26270C5FBECF1D2E91ABB589196F3B57C46D5C941594D12EEA1A6BAD60B2E28A ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
16:49:49.0831 0x0400  amdxata - ok
16:49:50.0018 0x0400  [ 744F52D39EE8B38B85A047B6AFFE8696, 67594BD57863C48559B690D0C6FB2376B9ACBF7645232EE259464D54B786C5A8 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
16:49:50.0483 0x0400  AppID - ok
16:49:50.0546 0x0400  [ 74A94E7CE70DAABD1929F605392F3632, 4434B89229E220B35E071E63A478C67F9607AF5F17A4C2C0FEB8DA5E8E77C11E ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
16:49:51.0046 0x0400  AppIDSvc - ok
16:49:51.0374 0x0400  [ 9D5E46CD2BC57BE26F9A1E58F61D5D3E, 8411A17227201A3FF302C761716F3D8816E166369256764C4D9046796191202F ] Appinfo         C:\WINDOWS\System32\appinfo.dll
16:49:51.0764 0x0400  Appinfo - ok
16:49:52.0905 0x0400  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:49:52.0937 0x0400  Apple Mobile Device - ok
16:49:53.0452 0x0400  [ D45B9E7A13866AEEF0AAD9E60A24C604, 87911A658343575579F63A50CF93A8A69EEB64AC9E1EF692787CB1509E89CAF4 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
16:49:53.0640 0x0400  AppMgmt - ok
16:49:53.0874 0x0400  [ 0016BF6CCFCBEE39188861476B700D8B, 8E90B8BA4C94E7CF4E970C2ACE34FD510E2A1643AC041F4C51D8CF1EE1A0DA4E ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
16:49:54.0640 0x0400  AppReadiness - ok
16:49:55.0265 0x0400  [ D07789299DA4D79B123336534E960F62, E98CD0B2B80A71D8B7BCD152196B4D8B2B56EE39C798C35CB33C6D82C5C314A5 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
16:49:55.0702 0x0400  AppXSvc - ok
16:49:55.0765 0x0400  [ 0554DE27A3B4527C000073CEA0E84D1B, 526AA2C3B88AB21331C6DAA40F0443AE3437D673DECC330E7433F9FDC7ADDB54 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
16:49:55.0905 0x0400  arcsas - ok
16:49:56.0093 0x0400  [ 437EAC134721F0BA2D856FA3B2622F7B, 0B07CEB94C9F5FA86996A031E054AD3C7177C6185D946398A9FF9E57CF10D0AE ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:56.0405 0x0400  AsyncMac - ok
16:49:56.0577 0x0400  [ 72FCAE2CE6DFEAB2AB072435017F3417, 1081DAD1DEC8956D7A0D2CE9AF5DCDC56620436B161A7D749EDE769AAE73F2D6 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
16:49:56.0671 0x0400  atapi - ok
16:49:57.0101 0x0400  [ D49C81814DBA6E1E01031A4FFC7637AF, 5F511BEE6888F8C661AA706C2638363841675EEF6240C85F5CAFAEC8D39249DB ] athr            C:\WINDOWS\system32\DRIVERS\athwn.sys
16:49:57.0601 0x0400  athr - ok
16:49:57.0804 0x0400  [ 54678389CB17820F846B9FD35A6BD913, 587F6168C084674E2FA82606D4E19A5456F2094BA587E43BD906C64379130BE4 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
16:49:57.0962 0x0400  AudioEndpointBuilder - ok
16:49:58.0040 0x0400  [ 652B38B656F0C91E0160AF96039E38FC, 3C57F12BA34ADE9117B5237C612AD62C32BE63645E4F6638AEDA3C32691A4C63 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
16:49:58.0243 0x0400  Audiosrv - ok
16:49:58.0384 0x0400  [ E8EB0D954F852612B5558A2FA48141EF, 9EAFADF021D18BF7EBB9A0F3D7896EE4C4D144FE471447BECE1555FB3FF4148E ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
16:49:58.0509 0x0400  AxInstSV - ok
16:49:58.0712 0x0400  [ 235EAE5E6E5F3F0DD49DA9204F86976E, 6F29B9E36C54717E94DBF346FEF5145A2CAEBA4C1BB336E4023C5A7FE09B5290 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
16:49:59.0009 0x0400  BasicDisplay - ok
16:49:59.0290 0x0400  [ 363392A3AF1630C9D3A7B9A31267B5B3, C1F084BFCC05EE56585860DF4729198C72475AC75A2A38FD4D1551D8CA3A9EA3 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
16:49:59.0507 0x0400  BasicRender - ok
16:49:59.0616 0x0400  [ 596DB7E4D0DB6AC32DF142C861001979, D7E2C2334F286778A485391C0E0BA19DE2A7D2C3B94A74563C57D55EB0A8E858 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
16:49:59.0710 0x0400  bcmfn2 - ok
16:49:59.0882 0x0400  [ BB66D3F11B9D1A71C14AA9175BA308E1, C110DA0892A6C4507D22537CD83DC8D923935624507F8C04B89D41367DD61ADC ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
16:50:00.0116 0x0400  BDESVC - ok
16:50:00.0210 0x0400  [ 56C52B62E1955E8BE0B8BF2297D5F948, F7ABFA2B132DA9983A64E66FD260056EC52C5D1338900192230010A4A1E0C77F ] BdfNdisf        C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys
16:50:00.0476 0x0400  BdfNdisf - ok
16:50:00.0507 0x0400  [ A858ED8F06ADD083907FB20AB4A4E82D, 8C74F8E417E961402D0B91C19DA61BD7A732A5D7E8419F9831E00D7085263964 ] bdfwfpf         C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys
16:50:00.0554 0x0400  bdfwfpf - ok
16:50:00.0632 0x0400  [ 38058AF65F15D0E9E1A5A9B8E75B0757, C7855B39DEAF8AE6E87FBF44FADD3344D69AC71AAC8737EA6FF21435685189F7 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:50:00.0882 0x0400  Beep - ok
16:50:00.0976 0x0400  [ B865A96B787A813F5D66665B2B62AB11, 667D7916EC00D5F57B3F527C68AEB0AED147D5D62B25DCA2ACD78B509C36EAA6 ] BFE             C:\WINDOWS\System32\bfe.dll
16:50:01.0148 0x0400  BFE - ok
16:50:01.0242 0x0400  [ CF61A9210872D1C98FA82593A5A3EFA1, E4732961BB3D9220E692646D1B16984B375D8BD65B1881B25F9BD35FB1B0AFD2 ] BITS            C:\WINDOWS\System32\qmgr.dll
16:50:02.0132 0x0400  BITS - ok
16:50:02.0476 0x0400  [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
16:50:02.0632 0x0400  Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
16:50:04.0945 0x0400  Detect skipped due to KSN trusted
16:50:04.0945 0x0400  Blackberry Device Manager - ok
16:50:05.0273 0x0400  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:50:05.0367 0x0400  Bonjour Service - ok
16:50:05.0382 0x0400  [ BC1FC15A5B1FAE717CE441537590FDD3, B16A29C37AAFD8BB63E96211A7B01A206E3370904F942DE0D85AAFE8EF49A8E9 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
16:50:05.0648 0x0400  bowser - ok
16:50:05.0742 0x0400  [ 0693FAE9B475E1C079C6EEB52C0AC986, 314480AF3678726D2E55E2DD942C742275F0ECF019F1189F61EE5AAA0934223B ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
16:50:06.0008 0x0400  BrokerInfrastructure - ok
16:50:06.0039 0x0400  [ 2EADB0E147F439FDEF21E3153D0EB3FF, 905048A3C3B44EB9983040046A1AC358D167308D00AF707CDAA9755AAFCABD2A ] Browser         C:\WINDOWS\System32\browser.dll
16:50:06.0289 0x0400  Browser - ok
16:50:06.0461 0x0400  [ 48590B2DBCE55AC0DF0F7A3F23204CBF, CA57095FD6979A937FC26E9E4D804C8FA7248B36D84159D746F9FC8BADF08365 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
16:50:06.0539 0x0400  BthAvrcpTg - ok
16:50:06.0726 0x0400  [ 84CF99F7190D54D4C72E0F5D008BF88C, 585A87EC0A57057727D58A8D9B9ACDE90861AFB4BF4FBEF07C451A7EDF5DB96F ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
16:50:06.0789 0x0400  BthHFEnum - ok
16:50:06.0820 0x0400  [ 1C0791BC4DC2AE0B41F8E84CD3154929, FEA1FF46493C6638E08FC2FBBFB66B9922680BB649B99695ADACF05713962A78 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
16:50:06.0883 0x0400  bthhfhid - ok
16:50:06.0914 0x0400  [ 34915F2B5A85B46E5B9033634C937CCA, 3A6B32C55712581CEAC5E7159A302D8CC36AB69E6702A77F1B4F20D5DFF13574 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
16:50:06.0992 0x0400  BTHMODEM - ok
16:50:07.0086 0x0400  [ D0AD9879CC58ABB122EC0BF0F7B3925C, 09B3ECE40AA008B4E11955CE15453AC9F9262895E0568CEE2A169A0FE9526080 ] bthserv         C:\WINDOWS\system32\bthserv.dll
16:50:07.0133 0x0400  bthserv - ok
16:50:07.0180 0x0400  [ CE232BB0965C0C0B786C3F976CCBFB7D, B3EF33018585A1B0B560E774C6127354E45805F01779C5931C345853F9EFD48C ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
16:50:07.0383 0x0400  cdfs - ok
16:50:07.0398 0x0400  [ E2FC132D48EA4E8B04432C33EFB77801, 732BCDFA8975FB54DD0EAF0D208CBD361CA2E9C68B82212481C843E2ED1C5237 ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
16:50:07.0461 0x0400  cdrom - ok
16:50:07.0508 0x0400  [ 8EA77992FACEB94182B9610FA4A06A68, 18AC5B03A3B7FA783596B8BD63DC01F9C36520AEA5264AFD99CD9207F538C931 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
16:50:07.0680 0x0400  CertPropSvc - ok
16:50:07.0851 0x0400  [ 98294CE233DE8687CEEC29BD632107D0, 91DCAD303EB49A0321E3991A7B77E77672A87B32B55656A6D9471F10F1C2EE27 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
16:50:07.0930 0x0400  circlass - ok
16:50:08.0133 0x0400  [ 7559018F0024F00AC00198F18C6A0426, 29280C458A1C0F43D410E8582811D61A2ED5D7D8104FA5B17BB15E02DB080964 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
16:50:08.0289 0x0400  CLFS - ok
16:50:08.0945 0x0400  [ C7956CBF421C955167CC574C3D0630B1, E835EF27A73683155F257EB3A53EC6DB2A4140E6B96BF3848AF5EDB973227659 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
16:50:09.0039 0x0400  ClickToRunSvc - ok
16:50:09.0117 0x0400  [ 6D46D1CCDA47E9B76F2D7FF4417D31AD, 8AA40C74C284EBF78FB60D64614BC87BD8C1592AD0EFB03D0DEE7F0265050019 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
16:50:09.0195 0x0400  CmBatt - ok
16:50:09.0430 0x0400  [ F95674904DA29C10A67FCC33C0D9AE19, 2140044BA3100D4613C6CB8D945DA0184F9733DD03924DB433ADBB7897E1C5BD ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
16:50:09.0492 0x0400  CNG - ok
16:50:09.0555 0x0400  [ EC086CEEC479CEDAD294D64D819CAABE, 07202C26C0691CE1C83112439FFDD9F4151B3FB16AE63A3B8F35D235C59D005B ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
16:50:09.0602 0x0400  cnghwassist - ok
16:50:09.0633 0x0400  [ F89853991E6A03526E17E4AE5239FD98, E10FBF25FCFA42D7D495B013B327E090517797E654FFAEA0A4D4F212A6A5D5CC ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
16:50:09.0711 0x0400  CompositeBus - ok
16:50:09.0711 0x0400  COMSysApp - ok
16:50:09.0742 0x0400  [ C8A7949EBAC42923D59B2C2630D2AD84, F5828C42AC40B873A09879F80B8C5F51ED36F9633A11A2A34846BBB890A416B9 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
16:50:09.0992 0x0400  condrv - ok
16:50:10.0055 0x0400  [ 1D0EF66A01276C2562A84E4C23C19F61, 791DC91B3348A24728165DC8E571FB02D068AF3E80D77DC32194DE083087BB48 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
16:50:10.0180 0x0400  CryptSvc - ok
16:50:10.0305 0x0400  [ 0B74231D179C53D34158554C65821D3B, 38157084D67FA80AAE526E5ABF1241FA3FA83185068B39C31670F12DD7E4B247 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
16:50:10.0461 0x0400  CSC - ok
16:50:10.0836 0x0400  [ 4192B0B338B00B6E36A942287D68CF1E, 7075263FCE163F0AC2D2F6EA4C3F12D324CDC835EC9C677BEB72A4208916E45B ] CscService      C:\WINDOWS\System32\cscsvc.dll
16:50:11.0024 0x0400  CscService - ok
16:50:11.0071 0x0400  [ 2ECC9D6E0104409B441EA7095233F323, 82F9340A98DEF7CA4DDDBF27EAF23C9E829F87863C11E81445A776B366A00CA8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
16:50:11.0133 0x0400  dam - ok
16:50:11.0196 0x0400  [ 05C0337538BEECC04FC695808EFF201C, DC32234686D38A7DD35DFE6AC9CB55F0DDAD8B463EE6B20857CC45884F00C093 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:50:11.0289 0x0400  DcomLaunch - ok
16:50:11.0336 0x0400  [ 0557BE4F764B2AA6041C26711D595126, 8256FC71122226D98D50E3581917267BEAF1A7A7AEC5C7339D2531D3A0EB0556 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
16:50:11.0493 0x0400  defragsvc - ok
16:50:11.0618 0x0400  [ CB7581E95D45B89503D6290277B3AEBA, E6645951628600EA62CE52CBF1CC2BFA46AFD429072B8CAB52530D93306CFCC0 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
16:50:11.0696 0x0400  DeviceAssociationService - ok
16:50:11.0743 0x0400  [ 7F4B79568DD6BEC3ECC80C2AE93DC749, E21DFE1B4D3B2BF3B4C65AB5D2A875453EED66AD9958CB3FD4840EA057756474 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
16:50:12.0055 0x0400  DeviceInstall - ok
16:50:12.0086 0x0400  [ 55758EBBC45E1628161121D7CFEAD4A1, 566B90D1600B5B0F71B85B7B5F775D3E77C3B8C73CE13A848784A9EC74478C80 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
16:50:12.0368 0x0400  Dfsc - ok
16:50:12.0415 0x0400  [ 560B0DCE52DFED6623B27C9BAFA6F236, BB4156BB1CCA64CCDE065870DAE56CD58BF05CEBF7C3B17C7A821FDF02A8B157 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:50:12.0493 0x0400  dg_ssudbus - ok
16:50:12.0649 0x0400  [ E28501E3A241DDC5DC65382E55661B1D, 3D7C1D55BF377C38A02CBF46C8B3E5D87B71936E0C14CF57FF626C473E313F32 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
16:50:12.0930 0x0400  Dhcp - ok
16:50:12.0993 0x0400  [ 832BDA661E26792B5512FC641A177F26, 10D4E4D2AE0974A48D6B5E8A294B4B53250B0BC6CA00EBBFE1F6119DD67509F8 ] disk            C:\WINDOWS\system32\drivers\disk.sys
16:50:13.0040 0x0400  disk - ok
16:50:13.0133 0x0400  [ 0357F5F7C542249D8EAA4E6FCC69EE91, E23B6657E1126603D195145BED77AA239625057A28378AF535E5A3A7A4D1F36D ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
16:50:13.0258 0x0400  dmvsc - ok
16:50:13.0336 0x0400  [ A47341D3C4D2FB3984BDCAF00AE4A6C7, E612CE37EF1C1F1090A95452349BA47CA9580A3928C7B3E1C5784117018F3E76 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:50:13.0586 0x0400  Dnscache - ok
16:50:13.0665 0x0400  [ EB46660185B04E24A66344699B5A3866, ADBF72CE72982D4C4F7D7DAC4DF0511FED3D7C936B9A1152E91C83ED6ADBEC51 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:50:13.0743 0x0400  dot3svc - ok
16:50:13.0946 0x0400  [ F57ECB784590B2C7A974EE22EA16BE5F, 5A252316036C9A0DAAF27008D2C139A225E21736464E32C85709C39FC63DC2B1 ] DPS             C:\WINDOWS\system32\dps.dll
16:50:14.0071 0x0400  DPS - ok
16:50:14.0102 0x0400  [ 115B0BCB58F274B46A9C6A5615C4B925, 2F66228A3BC128FDA2356CE5BE7386E91AB9CA155F4E4B45B8BC7D4D02361589 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:50:14.0149 0x0400  drmkaud - ok
16:50:14.0290 0x0400  [ 57B0E7924571AFC1F4617749D17C7BFF, 7A1E4E7B5AC1849D020B2DA67B07CAC86CD5D378727AC340376558FDCE1A1C7F ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
16:50:14.0368 0x0400  DsmSvc - ok
16:50:14.0868 0x0400  [ 27FA5460CE08F69FE536399214E0ABBB, 4B68384F6405D16776BA828BF06E59B671A7D5C007CF834179C421D08552662A ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
16:50:15.0149 0x0400  DXGKrnl - ok
16:50:15.0196 0x0400  [ BC17CF644AD174F7558D1DCB7D1D488E, 66DC5F0E4619F95674E553A09DA5558F1545B98F042D3D0298288D071F998B00 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:50:15.0352 0x0400  EapHost - ok
16:50:15.0477 0x0400  [ F33BFCBBBAACE7208DB433B6CCA98930, 46E994BE4A2EA4D324C8B78CF9276F4805EA47046CBC7AD37401AA77E13C75FB ] EFS             C:\WINDOWS\System32\lsass.exe
16:50:15.0524 0x0400  EFS - ok
16:50:15.0634 0x0400  [ AECFDE05D120822452BA8F606841B3FE, DC89D894C9C25E164DD409C31937D6E85824F504D3F834BE8B9DAC61819BC844 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
16:50:15.0680 0x0400  EhStorClass - ok
16:50:15.0727 0x0400  [ BFDF5BA2B770B358CA607109240A739D, 20007ED67456BF90F080B4FC4BBA699CB0F2F10216B63350C0B6F9F4D7C5D1CB ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
16:50:15.0790 0x0400  EhStorTcgDrv - ok
16:50:15.0993 0x0400  [ 6E7FD164E20C50F5A2D49AD0218FF4AE, 0625C6875E703AC0059B5DE55AE6BF725D337C168C499F79D2E772EBAC107EA6 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
16:50:16.0087 0x0400  ErrDev - ok
16:50:16.0165 0x0400  [ BC4E13AFEE0B35D87CE8F49EF5DF5634, EA6E7C135EE660070AD823F3D2BB940124FF7EDA599DAF7B7B86CCC58DC0BE5A ] EventSystem     C:\WINDOWS\system32\es.dll
16:50:16.0446 0x0400  EventSystem - ok
16:50:16.0790 0x0400  [ 630E4FAFAE692F2D2D3835A4F37A583C, 282C2051F4BDA060958529E4A1F799DB91CA0855B804FF2F6E19EFF913533FE1 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
16:50:16.0946 0x0400  exfat - ok
16:50:17.0149 0x0400  [ 2B731E0CF73B392B1923078F464D96DB, 741AE561704A0EF464EB6184C3353188AD6150A5B10130DF0E96D31CE821AD0C ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
16:50:17.0227 0x0400  fastfat - ok
16:50:17.0556 0x0400  [ 1FE12BBB957D8D74DDACF51F40B1358F, E8E565E332EADEDB543AE451CD446BE6CDC1079798A9598B868943A434416E84 ] Fax             C:\WINDOWS\system32\fxssvc.exe
16:50:17.0821 0x0400  Fax - ok
16:50:18.0009 0x0400  [ F2D60D87B15FF8ABBDA27371EBBEFE0B, EC2B48A3E259449E7C388C31BEF8ECF8B3CA9CB851CBE90E97673CE093CB4863 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
16:50:18.0071 0x0400  fdc - ok
16:50:18.0150 0x0400  [ D6AEDD0E959AC11665BEABA0EC470A2B, 731295F996D1AD143FF788E3041B0D8E21C5F6C3ACDAE6662A1598E86545C84B ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
16:50:18.0368 0x0400  fdPHost - ok
16:50:18.0384 0x0400  [ A04078C96EDF2D475B76B23D35967344, BB37D73D2899EF60080B5CBCA6FFB14E82933C717F9316025757EB17A0A64E00 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
16:50:18.0462 0x0400  FDResPub - ok
16:50:18.0493 0x0400  [ 472A9FFB696FD557828DEBD606FBD819, 5F8C8C5E5DF762A5E9CD4D82933F5BD881C6768194125A53FFBF81F8E8E5AC29 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
16:50:18.0540 0x0400  fhsvc - ok
16:50:18.0650 0x0400  [ 878BE2CD1B68000D4BEEE293267B19CB, 136480B18E145E681C756792B57163349D49521A6DDEA78745E896F1EAB24B17 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
16:50:18.0696 0x0400  FileInfo - ok
16:50:18.0862 0x0400  [ 5C427FD4AFAEAC08882A70EDA5013AF8, 74FDB9218D18154D6C541A835A54F17A88C6BE4EFA0A0C94BD642A752A500B0A ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
16:50:18.0980 0x0400  Filetrace - ok
16:50:19.0168 0x0400  [ BB2091E613F6F06F24FF9507E0FAA20B, EFACAE4F4E586120C30C48EA503EC679E37D3BDE9052FE7392D6C81E8AE5010C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
16:50:19.0230 0x0400  flpydisk - ok
16:50:19.0496 0x0400  [ 0E647295EA5573F06DDD42F0FDFF254A, 5051F269A431ED83B8DB70E4945C1CDC4D74481AFA71E30D389B47E1093D306F ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
16:50:19.0621 0x0400  FltMgr - ok
16:50:19.0840 0x0400  [ ED4BA3B6CD98646F392858C8110307FF, 853BD974F62DD580AB7172F99B81EBA4BFFC39C294F927DABF4BF4118F3736EB ] FontCache       C:\WINDOWS\system32\FntCache.dll
16:50:20.0152 0x0400  FontCache - ok
16:50:20.0340 0x0400  [ 7B47332931E0B083D09F1E7FBDD3F147, D7812D0109291BCB5268913498E66F817009E8262050F546AD16B5FAC47F8CCA ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:50:20.0402 0x0400  FontCache3.0.0.0 - ok
16:50:20.0637 0x0400  [ 73F944AA04157781172CAD535AB6E172, 6C2FB6C0D4A10924A845A1CF18A98206EEAAB8243A0B36AEEC78B047BFFCDDAF ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
16:50:20.0793 0x0400  FsDepends - ok
16:50:20.0902 0x0400  [ 6496F5E84CBC8C6D697939D6518D9B7A, 1E518FC7B478356E997E86FDD06A01A6833407C25F67A85CC91A49EC6F2EAEB1 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:50:21.0012 0x0400  Fs_Rec - ok
16:50:21.0090 0x0400  [ A58318CA9F98AAB207D4C84868490D1D, E57DEF96B69A7ED25EC37DE41BF5F1F3A57A5B2729BC615E9785F0EDF5E75346 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
16:50:21.0574 0x0400  fvevol - ok
16:50:21.0668 0x0400  [ B3CDDF19F6201210B8785FFD642A1632, 35A664BD1C51F9F448CADA2B82276F378BA65188D175C00515EBBD06E91641AC ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
16:50:21.0918 0x0400  FxPPM - ok
16:50:21.0949 0x0400  [ 2DC88A077B783AFD416CDEE7BDE63868, C016325071D88371753C4049749C26C8D58FE8D787533B3289DB1D523E6F076B ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
16:50:22.0027 0x0400  gagp30kx - ok
16:50:22.0246 0x0400  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:50:22.0324 0x0400  GEARAspiWDM - ok
16:50:22.0500 0x0400  [ 2156802A56276A97FB6892412A0B899D, F97F253D7EE992A427D2A4F12601893FCEA93975547A7CE5D8C2DF25ABD23A97 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
16:50:22.0773 0x0400  gencounter - ok
16:50:23.0007 0x0400  [ 73EFE8A2747BB87F66B5646AA2262AE4, 368AAFA38F214D474206B914A4258B3679CB0B1C9080D32DFB3BF890BD5611A8 ] GPIO            C:\WINDOWS\System32\drivers\iaiogpio.sys
16:50:23.0054 0x0400  GPIO - ok
16:50:23.0257 0x0400  [ FB1DB2A2663D59FEB04F4311861C7022, B9571C1B80ED150DC41E200ED20B8C289E2011548A12ECF4DB55234075B60E02 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
16:50:23.0382 0x0400  GPIOClx0101 - ok
16:50:23.0632 0x0400  [ 5BC3330FF8373962CE005942DDC2AEC5, 22977DD6D32AAB84562CFE4DCADDFFCB2CDF86E3EF667DE9F8960E554C599154 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
16:50:24.0148 0x0400  gpsvc - ok
16:50:24.0320 0x0400  [ 3B5CA8EB6748D234F117AB203491F6F9, C554FC454214599831FB73448A0044ED145CB19B8F3008A78448B25145AEDA6E ] gzflt           C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys
16:50:24.0351 0x0400  gzflt - ok
16:50:24.0491 0x0400  [ 449688B15D29787C8A440D6ECA9925B5, 7E1C88106F3F39394843B8B2B5921A8F5B215AC1538F46F151B9F4FAAC7AE1DE ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
16:50:24.0648 0x0400  HdAudAddService - ok
16:50:24.0851 0x0400  [ 7E0EDA9EE53E344D1604EB2A7E8DED47, 9335E54D0D464216AE2C15118B0C2E1D671AD9FD09ED3166B6961280EDF8C8F2 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
16:50:24.0929 0x0400  HDAudBus - ok
16:50:25.0054 0x0400  [ 5C5BF3E47BB6B07FAD8EA4565159659E, E8C52CC743408093B118D3E1E8C0E7E1E7EED7234422341C8B666C03A9FA0CC4 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
16:50:25.0257 0x0400  HidBatt - ok
16:50:25.0304 0x0400  [ 4A59C5DAF29CC28DA966C57DB863655E, 6A164BEB000AF2A8FBCBF8A15C8BF9D999CDCF90EAFDD748D4F7FAA27E67CD12 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
16:50:25.0445 0x0400  HidBth - ok
16:50:25.0476 0x0400  [ 4AC33C5E591F9845E34DA8681E558A58, 4FC04C7EF2736D63CF77756566C5710764671EC54085FC035B4752377CABDDE7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
16:50:25.0538 0x0400  hidi2c - ok
16:50:25.0726 0x0400  [ 2E6CA4DE2AEDF7ABDFEA906F11EDC8B1, 69FD8513F4E0C1E8C78D01D007D90DC33D3C4DEAED05FEECD634A15334202D62 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
16:50:25.0788 0x0400  HidIr - ok
16:50:25.0851 0x0400  [ 06692FEB8EBC5AD53AC6C610BC72F1C6, 4C2754E0F3FBCF147D7D7F9D1F433C85B6AB59922F9DA754B31CB57A90CDC175 ] hidserv         C:\WINDOWS\system32\hidserv.dll
16:50:25.0929 0x0400  hidserv - ok
16:50:25.0991 0x0400  [ 71E4AD300E86C0754D6070FB92475CF7, 110AF2389CFC8AB481B6A8706F436BB600D10063669C2A6ABB5A63FB9E3A3495 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
16:50:26.0116 0x0400  HidUsb - ok
16:50:26.0491 0x0400  [ 622B08BD041DE4B0B8F34D4F0F5A018C, 4EA4DB15CE5DD44FF30B5AE0D7EBEDAF3DDE8761D7633FED52CE7D022E0980E6 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
16:50:26.0585 0x0400  hkmsvc - ok
16:50:26.0632 0x0400  [ D331E843F66501F57978F85FE695CEEE, CB2B23E3191DDE105A47D7C7361880DE968D79D55A16B371DA16456F047B7FE2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
16:50:26.0804 0x0400  HomeGroupListener - ok
16:50:26.0882 0x0400  [ 4FC945E08AF63491AFCC902C99046735, 3F62C132B8C8A35C09D1ED7C602658EC901ED6284550B0A8E9E6FE0AACB7A511 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
16:50:27.0197 0x0400  HomeGroupProvider - ok
16:50:27.0353 0x0400  [ BA073FD7F6C94FF18F97DF8F0297ED62, 132611011C0AEB1E529453A4FA983587D7F1CE286C04AC0B952F4D964B72BEC1 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
16:50:27.0415 0x0400  HpSAMD - ok
16:50:27.0743 0x0400  [ 4196BBF0725EF4E4F220D5E1539EF553, EE78E340C8DE4256567A5D0589CE5B3C182EE80A7D6F663CB971651391BA3F92 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
16:50:27.0837 0x0400  HTTP - ok
16:50:27.0900 0x0400  [ FAEB94F3ACCDFDA16E5FA585369FDEC4, 12A41592EEC9CEB5C8C10AAF2C09E7262E2AC28B615D181F9BCCA0DEC12648F3 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
16:50:27.0962 0x0400  hwpolicy - ok
16:50:28.0040 0x0400  [ 2DDC60AD29D845A745C9ECAAE35FC477, 1A4670D10744B36FFCDC5068C824315200F9D9BD24E5F2A111B2019C13CD59BE ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
16:50:28.0134 0x0400  hyperkbd - ok
16:50:28.0181 0x0400  [ D360FFBA289307976BE1BBE7BE792F58, 6A787C493D226D6AB5A933B3EAF9D6EE4B18BDB2D07D1CAE59CE1EFA729B1B2D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
16:50:28.0244 0x0400  HyperVideo - ok
16:50:28.0322 0x0400  [ 5043E69532392A43549E5D41E22638AA, DC5186117FC60036A70CD6065810F090BD3EFFA24B59C760ECB6B7FB9C43F174 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
16:50:29.0916 0x0400  i8042prt - ok
16:50:29.0978 0x0400  [ 646D3B416BC970C3CD2F53844FD156A5, 045CBA642382B33DB1E222302B14DD46838895A73CE50426FD180B4CA918253A ] iaioi2c         C:\WINDOWS\System32\drivers\iaioi2c.sys
16:50:30.0025 0x0400  iaioi2c - ok
16:50:30.0244 0x0400  [ 387637FC01BA30E95A2330DA3FFD0919, 836A100F766044B431D2263A57CB3BB3B43AA0C3E58220F31A2EF89E1BB8CB55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
16:50:30.0322 0x0400  iaStorAV - ok
16:50:30.0447 0x0400  [ D2E7F3611BB8F1C2661B8F7858D33A35, EFA7B2E8433AB6DE739EB12792154B64DF29B61C8BB2F467C95C393A40D84E1A ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
16:50:30.0494 0x0400  iaStorV - ok
16:50:30.0494 0x0400  IEEtwCollectorService - ok
16:50:32.0603 0x0400  [ D771E3D5E0ECE091FF9244BDF1303D6F, 4404A7857AD53234EEB19E7B3516226ADF342BF722C8D81B232D2C909F85DAC5 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
16:50:33.0697 0x0400  igfx - ok
16:50:33.0989 0x0400  [ 36A36F1059D559F9D64660F6845FDD63, 529FD025F28F2C56041FDD77A5DEC6382B1F798B0EE92C46A7AB14CE04C51428 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
16:50:34.0052 0x0400  IKEEXT - ok
16:50:34.0958 0x0400  [ 8434A1BFF7BE3A29EA24FFA2FB2BB37B, E26991D8534A3BA3479D08E948949A8BDD017474B7F706B260F2DBF06F9B6EB6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHDA.sys
16:50:35.0427 0x0400  IntcAzAudAddService - ok
16:50:35.0567 0x0400  [ B0F92A795C7E48E2C5F908265C655458, 6F6606C3F36FD3E603CF9FCFDD1213A108E4B1CF9936E4FE851E6FD5FEA5FEEC ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
16:50:35.0755 0x0400  intelide - ok
16:50:35.0802 0x0400  [ 95BD617B467F746553AD1FC523F5D2B6, 2A9686DC5A0FED8B42C0D589B0D73E34965F2E3D8090CA0B19A4F65F81C1511A ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
16:50:35.0895 0x0400  intelpep - ok
16:50:36.0052 0x0400  [ 6DD61D8AFB56C9F853210C49FD4D8C16, DFE299AB383A81BDE531B93645F59076BC2D7E37038DA20649CA08230C043C55 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
16:50:36.0130 0x0400  intelppm - ok
16:50:36.0208 0x0400  [ 23B5C10891B64FB4261F9FCADF24FE28, DCE73864B0BE98DE96C0EC6C88BA62E1BC2878837D6442BCC2220A956E350D0E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:50:36.0302 0x0400  IpFilterDriver - ok
16:50:36.0536 0x0400  [ A61DD1F02DE668A6713822942B876D4C, 22B06518C2CF16D605550C3327BA2FD4AD09410082D4C23ED54AEF307D4AB20D ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
16:50:36.0864 0x0400  iphlpsvc - ok
16:50:36.0895 0x0400  [ 3DC0D272D298B3AC09794E89FFB78BCD, 3D1096655EDCD4B428EF291EF26B9F2F382DA5D812374AC5423EAEFA6984D801 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
16:50:37.0114 0x0400  IPMIDRV - ok
16:50:37.0177 0x0400  [ FA6C94C754A566EA8A61D658932F32DE, AEA11A21F850228B23714CBF981C0D038FF5CC22566594E6995BA0994343A256 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
16:50:37.0552 0x0400  IPNAT - ok
16:50:37.0755 0x0400  [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:50:37.0833 0x0400  iPod Service - ok
16:50:37.0989 0x0400  [ ADF675CF9EB57229E9D13BC2F5D4719D, 1CAE1C71951795D1E650C81D5271EF9DF3482E531AAF0E6E08BE9789DE8C1E5B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
16:50:38.0411 0x0400  IRENUM - ok
16:50:38.0630 0x0400  [ 2A0D17D431F13E87ADCB28DEEC84F252, 87C82734B58896BB71EE0707B70C4618D0E4895BE1409E9B55668F11E1715F30 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
16:50:38.0677 0x0400  isapnp - ok
16:50:38.0833 0x0400  [ 74F452379260EA77CC59905AEDBD5AE7, BCD59690F69FCADC95C7499960F723D584E6E701CB722BA53BE738402BB080E9 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
16:50:38.0911 0x0400  iScsiPrt - ok
16:50:38.0942 0x0400  [ 4504C8B75A6B2E5BE800DE03B26891D3, 4DC5DA3A2CBBB43B0E9CACE094D7EADE458347D134012F9693CAC2014EFE4145 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
16:50:38.0990 0x0400  kbdclass - ok
16:50:39.0052 0x0400  [ 8BAF1904393EACA7178A5EF962256D3F, 7CC026151E96D239C68758A016C206278ED262594C87EB7BFCD73A73631DBBC8 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
16:50:39.0099 0x0400  kbdhid - ok
16:50:39.0130 0x0400  [ 3FF50BD6E481C6690A16D0542A2D818F, C7A87459C770380DFC5CF275382B8AC9F81C65A58131A4FDB7D2C251481BA963 ] kbldfltr        C:\WINDOWS\system32\drivers\kbldfltr.sys
16:50:39.0177 0x0400  kbldfltr - ok
16:50:39.0224 0x0400  [ 7F896C99637CB0E48262F307FC0F3557, 51B1A2038443F581EAE8057FF487398CBAA4753E7AA854B191E47502F9D7D69B ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
16:50:39.0411 0x0400  kdnic - ok
16:50:39.0427 0x0400  [ F33BFCBBBAACE7208DB433B6CCA98930, 46E994BE4A2EA4D324C8B78CF9276F4805EA47046CBC7AD37401AA77E13C75FB ] KeyIso          C:\WINDOWS\system32\lsass.exe
16:50:39.0458 0x0400  KeyIso - ok
16:50:39.0630 0x0400  [ 21719E6D6B4EDEB062F0A9D8F7720FEF, 6BEF2890270D4127EAEA6C627B663495A7576A781EDB4E4623E9C68D2DE3EE22 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
16:50:39.0693 0x0400  KSecDD - ok
16:50:39.0786 0x0400  [ C4A3E653299B5F276DBDEB12C3756553, 484B9D6A75C7E5BC0EB7E13936D4F4B1D72636B7581E4B0DA39C028B0879DC7E ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
16:50:39.0833 0x0400  KSecPkg - ok
16:50:40.0286 0x0400  [ EC89E8C1334D257C27197A52099FA960, 5243DD460A78CBCCF6296C13944ADC0F7FA7BD152BCE9633EB8CA911B055C3F0 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
16:50:40.0599 0x0400  KtmRm - ok
16:50:40.0724 0x0400  [ 154876704DC6FB548E441403CFC0FC31, 7F30BB9C4A40759F6CF7905BF84073D3147A97C457862614E3B7396761A39EC2 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
16:50:41.0005 0x0400  LanmanServer - ok
16:50:41.0052 0x0400  [ B230EE02279BBD757637B3CAE1CF660B, D74B85548818E0C9DAE10076AB00198AAD3838BB3A8C0212762716E5EBC3A3C8 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
16:50:41.0177 0x0400  LanmanWorkstation - ok
16:50:41.0287 0x0400  [ D2107714729C6E2B57729AA1167B498D, 7F949ACE8F73DAEA1386A5C24F996C0A2E026AF87330C4CB4D4F749A6929E3D1 ] LavasoftAdAwareService11 C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
16:50:41.0334 0x0400  LavasoftAdAwareService11 - ok
16:50:41.0537 0x0400  [ A54EB398BC2D792A0C603A97F7975FD8, 5216624129595ADBA24AA07F68350045D4D59B5F8A6FE5FD78FA3BD72646B83B ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
16:50:41.0755 0x0400  lfsvc - ok
16:50:41.0802 0x0400  [ 369ED2626209D245BA1CEBB626F9A376, C28A0B4998DF1027AB3C234742AD51E140889CC065CF2F073665297B61A31F6F ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
16:50:41.0896 0x0400  lltdio - ok
16:50:42.0085 0x0400  [ E7857CCA67A54E265533EF68C7B90A0C, 3CC312DAFD7C539467D5833002D448D62C8B3A2F2894523CBA18C49D2129F609 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
16:50:42.0210 0x0400  lltdsvc - ok
16:50:42.0382 0x0400  [ A44270027BA1C8983CCC414183AD5726, 26F0881DF03F7C521A7CA9FE91432B40313B1ED5A9F2779F4CAA3CF6625219B7 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
16:50:42.0710 0x0400  lmhosts - ok
16:50:42.0867 0x0400  [ 876BA8550E9F1F4EF8A7D056E66678F6, 55937F75D1332923FD348B9931BC28E379DEBC13841E0EE4D1330D3D4E7707DF ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
16:50:42.0960 0x0400  LSI_SAS - ok
16:50:43.0132 0x0400  [ 6FB4E344E66F7243D23F0F52A9610790, 7AAEE5EB222539AD767B0B01FD1F821EE35263699BC4D123E95906C4AE62D3F6 ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
16:50:43.0351 0x0400  LSI_SAS2 - ok
16:50:43.0398 0x0400  [ 2E61D97CA19BBECCCF7CDE9C0C7392B5, 237A5739DE9A643CBEE7432522E43DAAB289EAA322FB2E67A66E24D2A0E859E1 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
16:50:43.0460 0x0400  LSI_SAS3 - ok
16:50:43.0570 0x0400  [ 3986C8FAA6E397725024E7189BAC69CE, FD934C8D5E51153D9E69764B628E1A983D96CF223115B4E549FA67BA819A27E8 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
16:50:43.0804 0x0400  LSI_SSS - ok
16:50:44.0179 0x0400  [ 1D5999E703FAA551DFF0E4E7F6AA2150, D73332190244FE2943CE93C298EDBB09290AFDD1B12F286F94E4B67323F1A1F9 ] LSM             C:\WINDOWS\System32\lsm.dll
16:50:44.0523 0x0400  LSM - ok
16:50:44.0586 0x0400  [ A1E31C77F407F629F430A070B8747A44, 80E50D95CBDB85DBA2462BF133140AFEAB2D047F70168E87CE95E8D90A83C99E ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
16:50:44.0679 0x0400  luafv - ok
16:50:44.0773 0x0400  [ EE038F0B57FD34B872AE2ADD7679C1E2, FC6C352A4EFE659961513B131B68871AFFAD8174672C3D5BF955D83BA1F9CEA0 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
16:50:44.0867 0x0400  megasas - ok
16:50:44.0929 0x0400  [ 2E3BE5DA8078B170DA14CE3181C5D3AC, F4E8251C554A47682F00FCE7A0F3B0D0FD0F3D74970BA501F63860A7C824407E ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
16:50:45.0039 0x0400  megasr - ok
16:50:45.0148 0x0400  [ 01946468EA6196F9C54A245354C1240A, 96BE9EF1D791417BFBD9AC9F24D38F128DEE409C95F25138B8CDAE3F86E17D4A ] MMCSS           C:\WINDOWS\system32\mmcss.dll
16:50:45.0507 0x0400  MMCSS - ok
16:50:45.0539 0x0400  [ FFE175CCDA4BC0278E88149F183B6C5E, B84F9E1E20B0C0BF64BC8DABC238776A307286ECC5AEFEDD74F6C187F5FD0671 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
16:50:45.0804 0x0400  Modem - ok
16:50:45.0820 0x0400  [ 523C526BBB796FC2087C0C8AC2B669BD, 79FAC4B32BD35E140B7FAFC5A58FA039B1FB16EF68A4DCEB25B2B153B1B0FE0D ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
16:50:45.0929 0x0400  monitor - ok
16:50:45.0992 0x0400  [ 1B621475FA22B947B60EE004A8EE11F5, EC4BBD6C586686BD3E05F861FF7D9E82E7C787DDBC9BC3CDEEE613BFCAFC34D3 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
16:50:46.0054 0x0400  mouclass - ok
16:50:46.0242 0x0400  [ 64DAA33D69C4442AD4CC52D478895355, 686CD366539D41331ACC41A66B165EF7B659CD8FC0048596E6F38D1FBF3120C8 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
16:50:46.0304 0x0400  mouhid - ok
16:50:46.0351 0x0400  [ 8CF63AB55709A9E415190219C226A855, E061AE50F74F46D9D58E406254515B104B32D7B7DE64C1045E9901942A953FCF ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
16:50:46.0414 0x0400  mountmgr - ok
16:50:46.0539 0x0400  [ DFCD29AB147716CA72416FA7D2196D46, ED60BF354347697F69A78C9FBE1ADCBE0C3EB4C2CC8DB97A7FA03A68BD796066 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:50:46.0617 0x0400  MozillaMaintenance - ok
16:50:46.0711 0x0400  [ 4B300E2D06B03410064CF443E1CE6B25, 9B75E288392DBB24C84C573823AB0C94F2CFA6AA8AF3F6D8E3ED93DA57F5ABB8 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
16:50:47.0007 0x0400  mpsdrv - ok
16:50:47.0379 0x0400  [ C67F755D89AE52C7F2249ACE98416265, EA115A4165E3657452CDF69E0C5704BB685A8E0FD451F37EA1FC3D5A8BCE5A9E ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
16:50:47.0504 0x0400  MpsSvc - ok
16:50:47.0738 0x0400  [ 53E370C8ED69C68DFD26BAE4588095F3, C72A759D0C31CF2E6C153D8D008DE03575C5D6A74067C381E580B09850890EBB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
16:50:48.0176 0x0400  MRxDAV - ok
16:50:48.0332 0x0400  [ E11D4B798CF0FF9F739CD9BDC552FF08, 0612806A35E5C054622DA20F5BEB2D4555B889391BDCF66A94D5A7B6C6ADFC3D ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:50:49.0332 0x0400  mrxsmb - ok
16:50:49.0707 0x0400  [ F37F40422662235AB5768C303E829602, B1350AE9827FCF48FDC7BCA83CE5A7E1C54550449F6F56AC39E1E1ECB9EA56DD ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
16:50:51.0202 0x0400  mrxsmb10 - ok
16:50:51.0733 0x0400  [ F35CF1EC831812B3C6B05587734DE8A3, 323B387E9A80CB36B14E390526560538847A8445657A88564E56014DADB0887A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
16:50:53.0077 0x0400  mrxsmb20 - ok
16:50:53.0577 0x0400  [ 1188DC48CB36F31A3624BB9504F77AEE, CE01C4C1DF0F49E89D1C648C7B6D1116833DE31740F5D8BE088B3EA3EA163DC2 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
16:50:54.0062 0x0400  MsBridge - ok
16:50:54.0233 0x0400  [ 18919845004A5A05D69CF5EAE19D0E68, 809FC3AF3CCA004712CE3B841E08BD0D47E2A1C0B938AD68337B642D5D43B0C3 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
16:50:54.0468 0x0400  MSDTC - ok
16:50:54.0546 0x0400  [ D99C98D630C34A448A93DE552DC7DD68, B3A216B119737476182B3CD080B3466506D673ED2889C9F8C36F0E92A4657029 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:50:54.0657 0x0400  Msfs - ok
16:50:54.0853 0x0400  [ 22FFBD5F9BCE2E970C617B95103079DC, BD431517B572EC80127881124C697434B31F016BF897382F6D2C5D0FF904C1C6 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
16:50:54.0931 0x0400  msgpiowin32 - ok
16:50:55.0087 0x0400  [ 30DA16E72C4CB4D5F06D35D0DFA16E2C, F8C4073C3AA001FD22087BEBD0CEBDFA8F0BD1965B8F3346BBAEC0E3208F927B ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
16:50:55.0150 0x0400  mshidkmdf - ok
16:50:55.0165 0x0400  [ 26B1961255650B59107FC4990B2CEF34, 273E5E0DD5708BE9E188934CF1A19E63946179280F9AC149376053AD863A8239 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
16:50:55.0212 0x0400  mshidumdf - ok
16:50:55.0290 0x0400  [ BF7ABD4461576528028FB86633A7EA24, 3AF39AEA9FEAAE7D79A3691714AD700288411DC594F38A07756F149D6D7463BE ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
16:50:55.0322 0x0400  msisadrv - ok
16:50:55.0572 0x0400  [ A876A975BAF66A8D209240F43AC07A07, 11B26C8004B8F191F9AF7A25C90500DAE344392561DDA9C5516FC0EAB6DDEE26 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
16:50:55.0782 0x0400  MSiSCSI - ok
16:50:55.0787 0x0400  msiserver - ok
16:50:55.0943 0x0400  [ 02238D563EDB7DFE17BF8AE12D9F3D30, 77BB0671B7B9150E15F7744B8F3D83375948694C1612198CB24D93842FE1A32B ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
16:50:56.0099 0x0400  MsKeyboardFilter - ok
16:50:56.0381 0x0400  [ 0B2A5AB2591D7F6E8E64A0516325F2AD, 083775925CA8B4677029B5FDF4F60F08E325CF05486FAE63D311B40C7EF3786F ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:50:56.0584 0x0400  MSKSSRV - ok
16:50:56.0599 0x0400  [ 2B1E1DA9C5FA25DB8DAC2F34BCF10196, AE346D5711E4EA9C6365D55411E907683147064B34192B88EEAA9E871DECE2B0 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
16:50:56.0693 0x0400  MsLldp - ok
16:50:56.0724 0x0400  [ 86729EC40EB28DBBAB6A672B138B4DC5, 13F097572A8BE21EC9FA44C950F143BF0AFEEF09131DCD115B951AB5EF13BA13 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:50:56.0787 0x0400  MSPCLOCK - ok
16:50:56.0865 0x0400  [ 4E5FB5BD76165A81EE181A82EB665C8A, 16C50027D92F059C07CCB28FDE339C3E35DE9BF1752B0F16577845C38B77B776 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:50:56.0943 0x0400  MSPQM - ok
16:50:56.0974 0x0400  [ C90BB8C3DC3F50FBA1A668B844C84315, 4ABA28B0047B2038E881583DB0F1A6A78FAB8ACF3759ECCB7A835D7F8944CC83 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
16:50:57.0053 0x0400  MsRPC - ok
16:50:57.0084 0x0400  [ CF61A813430B7F12452BCED287135676, D5400E8C47D6441830EA48E153BDB2CC70672176B69E90D89EC3DD6D17BCFAFA ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
16:50:57.0116 0x0400  mssmbios - ok
16:50:57.0225 0x0400  [ C323F63D61AD8CEC79B3CF4B8463B208, FE1E91267B1050EDF05E89B33AFBEE2F6A5912251024A2130D756DE53C93BD81 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
16:50:57.0272 0x0400  MSTEE - ok
16:50:57.0303 0x0400  [ 06442D8CA4425EFF66F47D8F82493450, 82D3698938B2CA169C0564F90941423FC4F87261CCD1A214517DA95605671A32 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
16:50:57.0350 0x0400  MTConfig - ok
16:50:57.0366 0x0400  [ 6CD6189DFA649EEBFCBE81CB30030355, 7F50DD0ACDFC2AFFF1FA8BA5065B7B232C491D7AE7E67AE833BB02105AB7AF77 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
16:50:57.0413 0x0400  Mup - ok
16:50:57.0647 0x0400  [ 8122A46E9A5EBD2E001FF5FB34A12A47, 8CC747B11E77AB0F15A7F08D48160FB66AD26C81021D25A10335ECE967A847F4 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
16:50:57.0709 0x0400  mvumis - ok
16:50:57.0819 0x0400  [ E5B61DB218E01A850C7A92616E97F5EB, 26EA66D8EB058EB9CE8D2913D5A1397D26653E26AB0261119B802D8DFC11AE87 ] napagent        C:\WINDOWS\system32\qagentRT.dll
16:50:58.0241 0x0400  napagent - ok
16:50:58.0366 0x0400  [ 11CC93A3FBCD7339EE316B3E7A870D77, E946781352C3F56BD9B086B11A439139554253060CAAF0E40488E149394F95F4 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
16:50:58.0491 0x0400  NativeWifiP - ok
16:50:58.0632 0x0400  [ 54C905054922B43A91521D075E34024B, 4B2DF68DF11B26D2A224930CE2B8FAF40B19D960BCFDF5D523B52A82125B487A ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
16:50:58.0694 0x0400  NcaSvc - ok
16:50:58.0757 0x0400  [ F81A77CF6B0C9513AC20A24DD2997E26, 756818D6DEB6B7D036C2BF6B442EC8C435F9FB3E384E109FCCD9740F7651B3AB ] NcbService      C:\WINDOWS\System32\ncbservice.dll
16:50:58.0866 0x0400  NcbService - ok
16:50:58.0882 0x0400  [ 10A61CCF540D1E2260D3AE76377810F5, DFF0F1EAF03518220500C70BCC52286CA599EA2E00D3AB97D88D9BF15F1E26AD ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
16:50:59.0053 0x0400  NcdAutoSetup - ok
16:50:59.0382 0x0400  [ F0FB15EEEA93526ACE6D7CF042FC3144, 6BED6893097A1D85D3FFF7F08EFBA45077F34C6CAE2ABAF9EBCAB2C9F96E75CA ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
16:50:59.0491 0x0400  NDIS - ok
16:50:59.0632 0x0400  [ 9FA562E35A0263FBD01D44559224D46B, 9C8CBDDFA09EA86B025BD7F04F63C5517296FF7EDAC9E87C096766054C448F1E ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
16:50:59.0710 0x0400  NdisCap - ok
16:50:59.0757 0x0400  [ 873FCE0E787BC74059941D597BE630E0, CDAA103A896219C75B502A67A25F2ABBB0BF5DF18D11CBF686A387D16EFBBB99 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
16:50:59.0819 0x0400  NdisImPlatform - ok
16:50:59.0991 0x0400  [ BD856EB36898EFA1B11346996ECA764C, 52CF7CC4DEB3CC0F3B09E8A4D83E20538765C44DD04FE0746BD17B09C67AC78C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:51:00.0147 0x0400  NdisTapi - ok
16:51:00.0179 0x0400  [ 1D34650E97E74DF51BD86E0A102DB241, B4B6A2C073348C3829E5CD0565A0B44CA6A0AD05E3744767FA8D89134ED8002E ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:51:00.0241 0x0400  Ndisuio - ok
16:51:00.0272 0x0400  [ 53D21FFC20728406A20BCCF145DC2AD4, 116B06A3827C6EB584C8DC13FE2554EFC1CE5A96BA298C4C7766B700E56C282F ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
16:51:00.0335 0x0400  NdisVirtualBus - ok
16:51:00.0366 0x0400  [ 11312D35028616E585DCF02AFAFA56DC, E7B0503FAA2B93F6751FD792D2F424B40E2F9A20D9E827253563B916A1CFAC06 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:51:00.0460 0x0400  NdisWan - ok
16:51:00.0476 0x0400  [ 11312D35028616E585DCF02AFAFA56DC, E7B0503FAA2B93F6751FD792D2F424B40E2F9A20D9E827253563B916A1CFAC06 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:51:00.0507 0x0400  NdisWanLegacy - ok
16:51:00.0554 0x0400  [ 9F76B41778F62A7E582ADA902E8D149E, 140A62ACA0B198A23A4236AE28CD4E32D5378F4D21CBE55FD05684EEE91C1B4E ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:51:00.0757 0x0400  NDProxy - ok
16:51:00.0772 0x0400  [ C6003C8BB723B4D7FCDFB4C419D676A1, 9D2639A104D962C899CC9EBB40BF8AA6FB9E440AD5DB6861C9723BDB4B9361FE ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
16:51:00.0851 0x0400  Ndu - ok
16:51:00.0882 0x0400  [ F0F2377D72E48EBCA9B9BE5F3DE3F355, 89C05AB573C0F97FD3F0C43024212A0A55BFA3698598DABFD33FC481D5D58E3C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:51:00.0929 0x0400  NetBIOS - ok
16:51:01.0038 0x0400  [ BC242922B0D08F61CF7C87FD08FAFA8B, D9E96D9C01FD9FFF80C60E76950B31E5D010EDE1A6CF0E4B5A85BD5E7A5DB715 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:51:01.0148 0x0400  NetBT - ok
16:51:01.0163 0x0400  [ F33BFCBBBAACE7208DB433B6CCA98930, 46E994BE4A2EA4D324C8B78CF9276F4805EA47046CBC7AD37401AA77E13C75FB ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:51:01.0194 0x0400  Netlogon - ok
16:51:01.0335 0x0400  [ B587D8BBD8FB55FEA7C6CCE86D98DDA7, AC0EFCECF14B680A260D32BA13AA29E94663171E6EE2B9E1F3BD6BFD7997FE3D ] Netman          C:\WINDOWS\System32\netman.dll
16:51:01.0398 0x0400  Netman - ok
16:51:01.0538 0x0400  [ 9C005769C00F380DBEB33C0164BBB7F8, C67498DBB6EB1B71CCA11E29D5CFDE77748201A3B3AB68770E43B82F221FCEC6 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
16:51:01.0648 0x0400  netprofm - ok
16:51:02.0038 0x0400  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:02.0351 0x0400  NetTcpPortSharing - ok
16:51:02.0491 0x0400  [ 6A90783186DA0F93D21C805F6FAFD9CE, EABCD828F1BB745E80AA6B8FDCD32BD644F63FDD724809D8B94CBB90EE16F48E ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
16:51:02.0585 0x0400  netvsc - ok
16:51:02.0835 0x0400  [ 6DF13740F8E98AD840B13D056CA86511, 08C2491C82E1733C4317E565298BD8C19508F415A9B544044D57CC1C3E596590 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
16:51:03.0054 0x0400  NlaSvc - ok
16:51:03.0116 0x0400  [ D8F75DC28A480E1BA288F217CC7144D2, 36838F9BC402DF26B19919EC6A616BC35A336F9E8B47868F01C71C64F290FAC7 ] nm3             C:\WINDOWS\system32\DRIVERS\nm3.sys
16:51:03.0179 0x0400  nm3 - ok
16:51:03.0195 0x0400  [ 6CB2336E1C247A8164ADFF8A0D2FBCA4, 2EEE5E0754E01615D56EA9FC3A76195B3A9B7E32536F67C9394B452FC64697CD ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:51:03.0273 0x0400  Npfs - ok
16:51:03.0304 0x0400  [ 1B134DECC25E59D0C8AD95B64D475297, 7656D18FF1BBC83900109039F78DBC156A8E651638DBE3C6A6189408A0DF4511 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
16:51:03.0710 0x0400  npsvctrig - ok
16:51:03.0726 0x0400  [ 4763A0EC9B205B32E1194024E50F0C32, 10DCC2099B971661045F9D9224316E7D72D96E0DB642DC65FA8FA546CEE98FC8 ] nsi             C:\WINDOWS\system32\nsisvc.dll
16:51:03.0788 0x0400  nsi - ok
16:51:03.0820 0x0400  [ 3D383D0C64FFC3D3DDE2ED4EF828CFAB, 3F24F3E1874C5B1A1426C85D531580A30073CFCFA180DAFAD655BC6BC58428A5 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
16:51:03.0882 0x0400  nsiproxy - ok
16:51:04.0476 0x0400  [ CE53EAE5F11E8546058AF20C39E5F259, 61BA526CF8E0C998384BD3A69C62E7D85838D26344B59D06BE6A0AFDB7532801 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:51:04.0945 0x0400  Ntfs - ok
16:51:05.0086 0x0400  [ C68CBBB69A8C611EFA668FA36DE542D9, 2026BA1505619F62DBD06B293DD061A53B824FFD962D18B89297353F48D88017 ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:51:05.0148 0x0400  Null - ok
16:51:05.0336 0x0400  [ CE9BC6B9B2D5A9782B20B8EF1D48FC6E, D91145F57A4E2A6F03523C215B211BB5B431D29D3B8E0D15685967A01EC33D95 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
16:51:05.0383 0x0400  nvraid - ok
16:51:05.0633 0x0400  [ 8BC42FC48C9DB301025D7A5C6B20ECD9, 97A79CB628F1F806E7874CEAA3B9232DC56C2171AD1A50C07FE8246E3799C013 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
16:51:05.0695 0x0400  nvstor - ok
16:51:05.0852 0x0400  [ 5FC39F8B065128F2A59F92EE9AE3F286, 0BDA69197BAD4151DF895E3869E310D1E1C513332C0BADDF99D4C40E02232F46 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
16:51:05.0914 0x0400  nv_agp - ok
16:51:06.0445 0x0400  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:06.0539 0x0400  ose - ok
16:51:06.0852 0x0400  [ 51B0BA395EE58B2088F03162B3D3208C, 1F6676D168D18727061B756C333C2BA0F0489F5CCA3942984885E70FEE209599 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
16:51:07.0242 0x0400  p2pimsvc - ok
16:51:07.0336 0x0400  [ 2F3FD70DBD4CA80C20E0354E1B71FCF2, 66B31A2FC594C9B61806A550E5D28AD9EEAE220D6FBB684A64AAEF9468BBE403 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
16:51:07.0524 0x0400  p2psvc - ok
16:51:07.0664 0x0400  [ 4F30970F15ADCC382544B31D5D7E368E, F8A66D12796887A60015466A6EC1932EE9F63C5C7F83E1F0E65D338D23F89602 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
16:51:07.0789 0x0400  Parport - ok
16:51:07.0820 0x0400  [ C503DA12698E7F775F8252F7A6FEA47F, F85664D23549B6485A6CDEFDC9362A13A688EBB8998F7A1A4AEE6E95C0EB3229 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
16:51:07.0867 0x0400  partmgr - ok
16:51:08.0024 0x0400  [ 60450D9CA16603770DFCA15E68D8EAD3, 37DAC10DC550D0A1A2F44A95E9C4E0EDE69E29F6162C4C17BD356E6FAF10D9F6 ] Parvdm          C:\WINDOWS\System32\drivers\parvdm.sys
16:51:08.0070 0x0400  Parvdm - ok
16:51:08.0336 0x0400  [ 81F10577DBE53F1F6990280D1926DAC9, 9FC674CADAC6DCD40F8AD9891199B8ADF7873667377BA12F67EB9EF2156A5561 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
16:51:08.0617 0x0400  PcaSvc - ok
16:51:08.0680 0x0400  [ 0A2BBE5E87374A32E4B1A5EEE582AE6C, 8A2689E73ECAE8A135207EF0EA305A7996D45D4D0DBE8A13D5F6405B0440675E ] pci             C:\WINDOWS\system32\drivers\pci.sys
16:51:08.0742 0x0400  pci - ok
16:51:08.0946 0x0400  [ 05C7426981598F0E45824BC912D5177B, 46559C2A0EF523E89AAAB0670700263A2D5580D8A35BBA5404BB4E2BFBA29B4F ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
16:51:08.0992 0x0400  pciide - ok
16:51:09.0086 0x0400  [ F404AA7E499C83117C7442C2C2801C03, 4E30D0B41550FECECD7957822398E0E1897B5DB12A6799B7E1119CC7626E6959 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
16:51:09.0180 0x0400  pcmcia - ok
16:51:09.0211 0x0400  [ E0F759702BBA5095CB0AE570333B194B, BC8882F24038A83487C88569EFDD1407A55FA45778E4AF630167F4B2EB927DB5 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
16:51:09.0258 0x0400  pcw - ok
16:51:09.0305 0x0400  [ C4F65F945BB7B014DDB28B1254F6787D, ECD91D95AEC71AB564F7131841497BA37874973313A7361BCBABF183AEBCF2A5 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
16:51:09.0352 0x0400  pdc - ok
16:51:09.0555 0x0400  [ 1A9DFE5854BD66E28178431E9C96E77D, 8731CAB4C426FC641864A868AADC33EAED00E08A2E2F9B9F31484EE3852C1D6D ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
16:51:09.0695 0x0400  PEAUTH - ok
16:51:10.0336 0x0400  [ DCB79C8D79D46BF6E9B46ED7CE388D93, 52BFECDA9CB1043FB3E7E6565E3B675340D7B4F70EE2F40593947334C74581FC ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
16:51:11.0602 0x0400  PeerDistSvc - ok
16:51:11.0805 0x0400  [ 685A51594574DA70A4305C7ADE6F9649, FA3C9F383DC4A89473F7EA09C3FE71C13739291883D1EF5C9746808F903503FE ] pla             C:\WINDOWS\system32\pla.dll
16:51:11.0993 0x0400  pla - ok
16:51:12.0118 0x0400  [ 7F4B79568DD6BEC3ECC80C2AE93DC749, E21DFE1B4D3B2BF3B4C65AB5D2A875453EED66AD9958CB3FD4840EA057756474 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
16:51:12.0165 0x0400  PlugPlay - ok
16:51:12.0227 0x0400  [ 7A232CD15E6DF06044C8782FC6532B58, C46D1C5ACE232592380E87E0D5D5735082A4E977AD92A06EF927BA553713D3C0 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
16:51:12.0321 0x0400  PNRPAutoReg - ok
16:51:12.0415 0x0400  [ 51B0BA395EE58B2088F03162B3D3208C, 1F6676D168D18727061B756C333C2BA0F0489F5CCA3942984885E70FEE209599 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
16:51:12.0462 0x0400  PNRPsvc - ok
16:51:12.0587 0x0400  [ CABCC1083EC2BD8503385080F02C1901, 6A602FD80D10EC1E68ECA1194B1A46E0CC073ACBFA8CF8C0D4BD6D539930A702 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
16:51:12.0680 0x0400  PolicyAgent - ok
16:51:12.0758 0x0400  [ A35DF6D1C00783CEFA0ADC975B09BE7E, 1C137583E2669081FDA43186DFB7896BCAB3AC92B7185EE717FD5FBE28173671 ] Power           C:\WINDOWS\system32\umpo.dll
16:51:13.0237 0x0400  Power - ok
16:51:13.0549 0x0400  [ AB94C4DC37785915FF3F18DB9C55638F, CFA13FB68F803EB4315DE334D3664E613163AC1827B361C201D98F497B0C6922 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:51:13.0627 0x0400  PptpMiniport - ok
16:51:14.0096 0x0400  [ 7B90821B8384201C706A19ABE901B72D, A5D9F3B398FCC3067817834EFDB529606393C3502CAAF1BD231BF11426EE92B6 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll
16:51:14.0518 0x0400  PrintNotify - ok
16:51:14.0580 0x0400  [ 0BE3706EE01AA76D1583E82AE2E680D6, 05B86010B88BA13ADE4A9A3ECDEC376D833C7FB6BAC61ACD9E3B406CF007E46E ] Processor       C:\WINDOWS\System32\drivers\processr.sys
16:51:14.0627 0x0400  Processor - ok
16:51:14.0690 0x0400  [ 77DA1E59A8970D2B63A662983B5FE257, C3531B79ED57EC7CB428DFCB62C053E7B993BD8E46E805D2CB4C2CE7A67CB0A4 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
16:51:14.0737 0x0400  ProfSvc - ok
16:51:14.0799 0x0400  [ 9F6173E6F8E4034C008FCE29BFD4FBB2, E91251433567035F0EDA5971A8D154E9FC911222365C3BAD16DC10A5CDC38860 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
16:51:14.0846 0x0400  Psched - ok
16:51:14.0987 0x0400  [ 053A608BCFEB5A4D0CECDDA703B08C83, 58DA926B0F885A31CACA55E2D9F9CA014B19A7C5374B861CE3E4A11C55F4EB5C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:51:15.0034 0x0400  PxHelp20 - ok
16:51:15.0175 0x0400  [ BC63CB1761AEC25186C4E707C4A23ED4, D12F55F1445AF325A247B02B016A4F321CDDB8616D9A5432479085F3B10FE365 ] QWAVE           C:\WINDOWS\system32\qwave.dll
16:51:15.0441 0x0400  QWAVE - ok
16:51:15.0456 0x0400  [ C619F26983C63B2BB1F6FDD6B52490E0, D35D7AF400133D6E6CE75C963285E13DABCD1F7EE46E96629EED9466DC999048 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
16:51:15.0534 0x0400  QWAVEdrv - ok
16:51:15.0722 0x0400  [ 91D50E991F182B40E10E06A9D21D8779, 00F584B07BD3366D4DB6AD80A9AE6BC61572B163C74888A399DF85940D2F9A50 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:51:15.0800 0x0400  RasAcd - ok
16:51:15.0862 0x0400  [ BD066C3A7DDDA2BB7F06384DB05A3AE8, AB104A2094F166916E848AF6805C8D2F797126208B9C60F00158031E8B735ACF ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
16:51:16.0175 0x0400  RasAgileVpn - ok
16:51:16.0222 0x0400  [ 13867EC172CDA1E4278EF98F3822B5E1, BD5BF2E622F1B075758D29EEBFA779807244545E3BEFFD7A4E4AD36FD9DF4EE9 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:51:16.0347 0x0400  RasAuto - ok
16:51:16.0472 0x0400  [ C51AB62AB41A2E8560D12472B204CC00, 7304FCB45E0EB374A3D8DBF05D4AA4A83E1E4B1C1735D68A42C72694D2425C78 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:51:16.0534 0x0400  Rasl2tp - ok
16:51:16.0831 0x0400  [ 80812558CF8E87F248B9BA0C4825945B, 4DA89447C31A5EC8B5C21941D47EECB767673201859B72B33E3145E6D3B6DA26 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:51:16.0941 0x0400  RasMan - ok
16:51:16.0988 0x0400  [ 1B6351227867FBD8917769479F7D84A3, E38EF2291CE47956DC1A3F0C7D98E5FF97CA1EB515267A451ED99AA22370DC8E ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:51:17.0066 0x0400  RasPppoe - ok
16:51:17.0097 0x0400  [ 8381166CCC89EB6875DEFDA4A3B8CE37, BA59E2A18B568B8310396636372F42E38C0514FDE963DB674B019917A4F02794 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
16:51:17.0300 0x0400  RasSstp - ok
16:51:17.0441 0x0400  [ 8810FA3D36B8922B7BD1935378CD1667, 483DBA29212149D14E6EF873CF71B32A89C36E018E6F424C67699735B233858A ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:51:17.0753 0x0400  rdbss - ok
16:51:17.0769 0x0400  [ 4E3C895DB9831A925CAFAF9F04FE89CC, 9F518A1A046082FFDC6E171385B36EEBBE8A7C6D0234660D00A69CB327B2D869 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
16:51:17.0847 0x0400  rdpbus - ok
16:51:17.0878 0x0400  [ 67E91843B0344411820A012063E876B2, BFD92EEB961BDE9AE4324F8FDB01597B5D334FAAD6990324E2839687DC3A4E0E ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
16:51:17.0987 0x0400  RDPDR - ok
16:51:18.0097 0x0400  [ C47CB2108AA791890FDD997CDCB6609D, DDD72A3F9375B37CE52EA2AD75CCB317299A486F65E79E24F4C60963422421F3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
16:51:18.0160 0x0400  RdpVideoMiniport - ok
16:51:18.0269 0x0400  [ ED5DA057B5C00042CDF0E705C59B3CB1, 195F37E7C6D748C4190C3E55594B4E48BD87F0BE6C3F4D0F2E316F6C7696027F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
16:51:18.0332 0x0400  rdyboost - ok
16:51:18.0410 0x0400  [ FE591904131230C3FB98E9F97AAABE4A, C7C108E384F2F27A9AA58DDC0CCDC63D32629E11AEC7E2FC2F1A3F609BC94390 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:51:18.0457 0x0400  RemoteAccess - ok
16:51:18.0660 0x0400  [ 148CA6950C5F9385B67F18C0584376B3, 1EC021529C15420E5E1646520FC78119236FD01FA1065FBA16672D07D53BD7CB ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
16:51:18.0863 0x0400  RemoteRegistry - ok
16:51:18.0910 0x0400  [ C4F4FCD5AE48BDD31648981DDF8EF993, B2C8586D5F09AB2FBCE8BBACC9B1C74D6E1A25A8264A4218E80354C4470C750F ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:51:19.0128 0x0400  RimVSerPort - ok
16:51:19.0160 0x0400  [ 67138062CED5A0E30DC42EBC087EA76C, F43FBCA3475A63145DB487C8852CB0AB7C5EB844303C7565E5F4FE238AC5E2DC ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
16:51:19.0207 0x0400  RpcEptMapper - ok
16:51:19.0253 0x0400  [ 56C6CFC3375CAA49E0DAE65472FD028F, CE19E793E7ACDBCC5C8486361E14BFC86458BCC55C8E56BE31CDA442BB76FEBE ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:51:19.0300 0x0400  RpcLocator - ok
16:51:19.0394 0x0400  [ 05C0337538BEECC04FC695808EFF201C, DC32234686D38A7DD35DFE6AC9CB55F0DDAD8B463EE6B20857CC45884F00C093 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:51:19.0441 0x0400  RpcSs - ok
16:51:19.0738 0x0400  [ A7B0D780D365635525B8A2B10CE493C4, D27F12DAB4B6BD7BE2E72650ED5BD48790E706B290A838882C6A34123B67D70E ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:51:19.0785 0x0400  rspndr - ok
16:51:19.0816 0x0400  [ 14FC57F255EB705ECA023FB85D70BF7B, C05CEF9583C5EC04E291F65293E843FAEFE8BA1FC6B4EC0C26789ACB39BBD5C6 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
16:51:19.0878 0x0400  s3cap - ok
16:51:19.0894 0x0400  [ F33BFCBBBAACE7208DB433B6CCA98930, 46E994BE4A2EA4D324C8B78CF9276F4805EA47046CBC7AD37401AA77E13C75FB ] SamSs           C:\WINDOWS\system32\lsass.exe
16:51:19.0925 0x0400  SamSs - ok
16:51:20.0066 0x0400  [ F2BF19FE48D9B8ADF8F5A0A6F17FD6BA, 4215E6D93946E5E038118DA7A80C93A567DD907F2CB04C6D37AC2175A185B527 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
16:51:20.0113 0x0400  SbieDrv - ok
16:51:20.0300 0x0400  [ 72A63DB72D3DE34B880CE90464069E7E, 321FCAA7AD1BC0D805828C08AEA3CA1A81ACE20BE88FAF115D3DE8B009C5221B ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
16:51:20.0347 0x0400  SbieSvc - ok
16:51:20.0691 0x0400  [ 98A297A744DDF9B2E14B05E511439ABC, E1399BC222E02F5EBCB00F6A6C4FD52BFAD10F70F42063C7C8BAB55ED33D1F3A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
16:51:20.0769 0x0400  sbp2port - ok
16:51:20.0878 0x0400  [ 54F017E5C8B7B5DDEA1878F4A0CF3B9C, 91B676F4371BE1FECE630BA97C341D2B15F56939E806F26842A9997A38B700C9 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
16:51:20.0972 0x0400  SCardSvr - ok
16:51:21.0019 0x0400  [ 8FD232296FA71EF605DE50B41CE537DF, 8D64B2A4CCA63A4530DE89B064DD85498B7A830265E0AD88D770A6248FEED611 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
16:51:21.0156 0x0400  SCDEmu - ok
16:51:21.0187 0x0400  [ BC673C31F2665788938F85073BEBEDEA, 90F96D1FFA9D269CA198DD79576C468204D263257F68FF0FB4DB2541AE4EA234 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
16:51:21.0250 0x0400  ScDeviceEnum - ok
16:51:21.0406 0x0400  [ 631F9D546CD6D206F2D1273EFDA8B048, 2C7BBF8EA6D45D0B5456102E83B54BD126D443D7BEB8BAC8F4E4FFA5D9DCF1B0 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
16:51:21.0453 0x0400  scfilter - ok
16:51:21.0562 0x0400  [ AECDD11299C9814382A259E18385C927, CEDAACBECC452A135D78D715DE6F50B8A5E9C7996FE0588432498AE27DA975AB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
 

Link to post
Share on other sites

  • Root Admin

Okay, let's start over again then and get some of the basics scans done again.

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 Pro x86
Ran by Alex on 23/12/2014 at 15:56:57.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4264348289-3241612886-2336119300-1001
Successfully deleted: [File] C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4264348289-3241612886-2336119300-1004
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERCTRL.EXE-9039C83D.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2014 at 15:58:31.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

  • 2 weeks later...

Found it in the end.

C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\kelly_000\Downloads\dfsetup218.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.