Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have win8


  • This topic is locked This topic is locked
20 replies to this topic

#1 rebeccaferres

rebeccaferres

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 01 August 2014 - 06:45 PM

I have some sort of virus or spyware but I have windows 8. I have tried the rkill but My computer keeps saying this app cannot run on your pc. Is there a way to get around this? Thanks for any help you can offer

BC AdBot (Login to Remove)

 


m

#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 01 August 2014 - 09:25 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 02 August 2014 - 06:46 AM

I cannot open or run either of those.  FRST for 32 bit says unable to open script file and the FRST for 64 says this app cannot run on this pc. 



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 02 August 2014 - 07:29 AM

I cannot open or run either of those.  FRST for 32 bit says unable to open script file and the FRST for 64 says this app cannot run on this pc.


Ok, let me ask a couple of questions:

1.) Did you disable any anti-virus programs before downloading the FRST files?

2.) Also, did you right click on FRST 64 and select Run as Administrator?

Let me know, and we'll go from there. :)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 02 August 2014 - 12:31 PM

Ok that worked.  Thanks.

Here is FRST, Addition, and aswMBR

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Rebecca (administrator) on BECCASLAPTOP on 02-08-2014 12:42:12
Running from C:\Users\Rebecca\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\findopolis\updatefindopolis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
() C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
() C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Smartbar) C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
() C:\Users\Rebecca\AppData\Local\Smartbar\Application\Lrcnta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe [2085376 2012-07-09] (TODO: <公司名稱>)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GearSyncAutoStart] => C:\Users\Public\Humana\GearSync\Humana_GearSync.exe [535112 2012-08-23] (Humana Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-04] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [460288 2014-04-04] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [fst_us_170] => "C:\Program Files (x86)\fst_us_170\fst_us_170.exe"
HKLM-x32\...\RunOnce: [upfst_us_170.exe] => C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe [3323360 2014-07-21] ()
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [SmileboxTray] => C:\Users\Rebecca\AppData\Roaming\Smilebox\SmileboxTray.exe [338216 2014-03-07] (Smilebox, Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe [29728 2014-06-15] (Smartbar)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\MountPoints2: {d4a5bbda-287f-11e3-be88-7054d287e180} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\Rebecca\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Rebecca\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\Rebecca\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:50160;https=127.0.0.1:50160
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {C9188E60-564C-4A8E-BB9E-75F0C34552E5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {C9188E60-564C-4A8E-BB9E-75F0C34552E5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: findopolis -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisbho.dll (findopolis)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://employees.raleighnc.gov/+CSCOL+/csvrloader32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{0A8D9DF2-C217-4A1F-851D-E238675244D9}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{2D55962E-7382-425E-99DE-B7478DBE3120}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{97e1de57-d6fa-11e1-be62-806e6f6e6963}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{D7FB62E2-6B5B-472A-A9F6-04D994D2CA94}: [NameServer]75.126.206.18,184.173.169.186
 
FireFox:
========
FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPmPykxHpuzpCicjFZAGJAWV8Njd5_ZpSTEzjOKsOA6UyOg7wWOV8Xlwy0eEoymJA,,
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPgyzkcy5wcV1UraO4HU6QqGokJf2XW5Kqrdx4CKpDFe7yFBt_TUbDWIbxMRDlvWw,,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPs2THrWMlurkqa046u-Fti6CrLbfHHW_fO9p_w4P6ia8IGQa7wZQNLnq5p4aqSQA,,&q=
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\user.js
FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\searchplugins\Web Search.xml
FF Extension: Muvic - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{de9e7a43-46d4-2713-1278-2e3805406303} [2014-07-23]
FF Extension: Boost - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: findopolis - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.xpi [2014-07-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-23]
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-04]
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF
 
Chrome: 
=======
CHR HomePage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPgyzkcy5wcV1UraO4HU6QqGokJf2XW5Kqrdx4CKpDFe7yFBt_TUbDWIbxMRDlvWw,,
CHR StartupUrls: "hxxp://google.com/"
CHR DefaultSearchKeyword: www.better-search.net
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-04]
CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-04]
CHR Extension: (Social Privacy) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn [2014-02-04]
CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-04]
CHR Extension: (avast! Online Security) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]
CHR Extension: (Boost) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-07-21]
CHR Extension: (Skype Click to Call) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [321824 2014-07-25] ()
R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [321824 2014-07-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2014-02-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-04] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-14] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-14] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys [61120 2014-07-15] (StdLib)
S1 hlnfd; system32\drivers\hlnfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-02 12:42 - 2014-08-02 12:42 - 00029023 _____ () C:\Users\Rebecca\Downloads\FRST.txt
2014-08-02 12:40 - 2014-08-02 12:42 - 00000000 ____D () C:\FRST
2014-08-02 12:40 - 2014-08-02 12:40 - 02094080 _____ (Farbar) C:\Users\Rebecca\Desktop\FRST64 (1).exe
2014-08-02 12:37 - 2014-08-02 12:37 - 02094080 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64.exe
2014-08-02 12:36 - 2014-08-02 12:36 - 01084928 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST.exe
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\_
2014-08-02 11:51 - 2014-08-02 11:51 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\BrowserSafeguard
2014-07-28 23:12 - 2014-07-28 23:12 - 01931096 _____ () C:\Users\Rebecca\Downloads\rkill(1).com
2014-07-28 21:59 - 2014-07-28 22:00 - 01917956 _____ () C:\Users\Rebecca\Downloads\rkill.exe
2014-07-28 21:57 - 2014-07-28 21:58 - 01934016 _____ () C:\Users\Rebecca\Downloads\rkill.com
2014-07-24 19:52 - 2014-07-24 19:52 - 00684612 _____ (Swearware) C:\Users\Rebecca\Downloads\dds(1).com
2014-07-24 19:18 - 2014-07-24 19:18 - 00686072 _____ (Swearware) C:\Users\Rebecca\Downloads\dds.com
2014-07-24 19:09 - 2014-07-24 19:09 - 05505207 _____ (Swearware) C:\Users\Rebecca\Downloads\ComboFix.exe
2014-07-23 22:06 - 2014-07-23 22:06 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3) (1).xlsx
2014-07-23 22:05 - 2014-07-23 22:05 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3).xlsx
2014-07-22 07:30 - 2014-07-15 07:01 - 00061120 _____ (StdLib) C:\windows\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys
2014-07-22 07:27 - 2014-07-22 07:27 - 00316312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-21 21:22 - 2014-07-21 21:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-21 20:56 - 2014-07-22 07:33 - 00002060 _____ () C:\Users\Rebecca\Desktop\Search.lnk
2014-07-21 20:56 - 2014-07-22 07:29 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\VOPackage
2014-07-21 20:56 - 2014-07-21 20:56 - 00002492 _____ () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-21 20:56 - 2014-07-21 20:56 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-07-21 20:55 - 2014-08-02 12:39 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\fst_us_170
2014-07-21 20:55 - 2014-07-28 15:59 - 00000000 ____D () C:\Program Files (x86)\findopolis
2014-07-21 20:55 - 2014-07-21 21:52 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\LPT
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Smartbar
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Local_Weather_LLC
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Program Files (x86)\fst_us_170
2014-07-21 20:54 - 2014-07-22 07:30 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\WeatherAlerts
2014-07-20 23:47 - 2014-07-20 23:47 - 00000000 ____D () C:\Users\Rebecca\Desktop\Old Firefox Data
2014-07-16 22:29 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-16 22:29 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-16 22:29 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-16 22:29 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-16 17:27 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-16 17:27 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:50 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-08 20:50 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-08 20:50 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-08 20:50 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-08 20:50 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-08 20:50 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-08 20:50 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-08 20:50 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 20:50 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-08 20:50 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 20:50 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-08 20:49 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-08 20:49 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-08 20:49 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-08 20:49 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-08 20:49 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-08 20:49 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-08 20:49 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-08 20:49 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-08 20:48 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-08 20:48 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-08 20:48 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-08 20:48 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-08 20:48 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-08 20:48 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-08 20:47 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-08 20:47 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-08 20:47 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-08 20:47 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-08 20:47 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-08 20:47 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-08 20:47 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-08 20:47 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-08 20:47 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-08 20:47 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 20:47 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-04 14:36 - 2014-07-04 14:36 - 00001559 _____ () C:\Users\Rebecca\Downloads\contacts.csv
2014-07-04 14:31 - 2014-07-04 14:31 - 00000000 ____D () C:\Users\Rebecca\Desktop\snippets
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-02 12:42 - 2014-08-02 12:42 - 00029023 _____ () C:\Users\Rebecca\Downloads\FRST.txt
2014-08-02 12:42 - 2014-08-02 12:40 - 00000000 ____D () C:\FRST
2014-08-02 12:40 - 2014-08-02 12:40 - 02094080 _____ (Farbar) C:\Users\Rebecca\Desktop\FRST64 (1).exe
2014-08-02 12:39 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\fst_us_170
2014-08-02 12:37 - 2014-08-02 12:37 - 02094080 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST64.exe
2014-08-02 12:36 - 2014-08-02 12:36 - 01084928 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST.exe
2014-08-02 12:28 - 2013-04-04 22:41 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 12:12 - 2014-03-29 18:08 - 00000000 ____D () C:\Users\Rebecca\Desktop\Controlled Sites
2014-08-02 12:00 - 2013-04-03 12:50 - 01766812 _____ () C:\windows\WindowsUpdate.log
2014-08-02 12:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\_
2014-08-02 11:51 - 2014-08-02 11:51 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\BrowserSafeguard
2014-08-02 07:28 - 2013-04-04 22:41 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 07:11 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-08-02 07:05 - 2013-04-04 18:11 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps
2014-08-02 00:04 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-28 23:18 - 2013-04-03 13:00 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1308010096-3944127759-420151042-1001
2014-07-28 23:12 - 2014-07-28 23:12 - 01931096 _____ () C:\Users\Rebecca\Downloads\rkill(1).com
2014-07-28 23:04 - 2012-07-26 01:26 - 00000194 _____ () C:\windows\win.ini
2014-07-28 23:03 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-28 23:02 - 2012-07-26 01:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-28 22:35 - 2013-08-26 22:43 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-07-28 22:35 - 2012-12-26 02:52 - 00002982 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-07-28 22:35 - 2012-07-26 03:21 - 00025197 _____ () C:\windows\setupact.log
2014-07-28 22:00 - 2014-07-28 21:59 - 01917956 _____ () C:\Users\Rebecca\Downloads\rkill.exe
2014-07-28 21:58 - 2014-07-28 21:57 - 01934016 _____ () C:\Users\Rebecca\Downloads\rkill.com
2014-07-28 15:59 - 2014-07-21 20:55 - 00000000 ____D () C:\Program Files (x86)\findopolis
2014-07-24 19:52 - 2014-07-24 19:52 - 00684612 _____ (Swearware) C:\Users\Rebecca\Downloads\dds(1).com
2014-07-24 19:18 - 2014-07-24 19:18 - 00686072 _____ (Swearware) C:\Users\Rebecca\Downloads\dds.com
2014-07-24 19:09 - 2014-07-24 19:09 - 05505207 _____ (Swearware) C:\Users\Rebecca\Downloads\ComboFix.exe
2014-07-23 22:07 - 2013-04-03 12:50 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Packages
2014-07-23 22:06 - 2014-07-23 22:06 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3) (1).xlsx
2014-07-23 22:05 - 2014-07-23 22:05 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3).xlsx
2014-07-22 07:33 - 2014-07-21 20:56 - 00002060 _____ () C:\Users\Rebecca\Desktop\Search.lnk
2014-07-22 07:30 - 2014-07-21 20:54 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\WeatherAlerts
2014-07-22 07:29 - 2014-07-21 20:56 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\VOPackage
2014-07-22 07:27 - 2014-07-22 07:27 - 00316312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-21 21:52 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\LPT
2014-07-21 21:46 - 2014-02-04 19:25 - 00000000 ____D () C:\Program Files (x86)\sp
2014-07-21 21:22 - 2014-07-21 21:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-21 20:56 - 2014-07-21 20:56 - 00002492 _____ () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-21 20:56 - 2014-07-21 20:56 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Smartbar
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Local_Weather_LLC
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREESOFTTODAY
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Program Files (x86)\fst_us_170
2014-07-20 23:47 - 2014-07-20 23:47 - 00000000 ____D () C:\Users\Rebecca\Desktop\Old Firefox Data
2014-07-20 23:45 - 2013-10-23 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-20 22:35 - 2013-04-04 22:41 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 13:39 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-07-17 13:34 - 2013-08-16 11:46 - 00000000 ____D () C:\windows\system32\MRT
2014-07-17 13:34 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-17 13:32 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-17 13:31 - 2013-04-04 23:22 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-16 17:31 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-16 17:25 - 2012-08-18 07:10 - 01257916 _____ () C:\windows\PFRO.log
2014-07-16 17:23 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 17:23 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 17:23 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore
2014-07-16 17:23 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 07:01 - 2014-07-22 07:30 - 00061120 _____ (StdLib) C:\windows\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys
2014-07-08 20:45 - 2013-04-23 17:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-04 14:36 - 2014-07-04 14:36 - 00001559 _____ () C:\Users\Rebecca\Downloads\contacts.csv
2014-07-04 14:31 - 2014-07-04 14:31 - 00000000 ____D () C:\Users\Rebecca\Desktop\snippets
 
Some content of TEMP:
====================
C:\Users\Rebecca\AppData\Local\Temp\BackupSetup.exe
C:\Users\Rebecca\AppData\Local\Temp\csvrelay32.dll
C:\Users\Rebecca\AppData\Local\Temp\csvrelay64.dll
C:\Users\Rebecca\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Rebecca\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Rebecca\AppData\Local\Temp\Execute2App.exe
C:\Users\Rebecca\AppData\Local\Temp\i4jdel0.exe
C:\Users\Rebecca\AppData\Local\Temp\installer.exe
C:\Users\Rebecca\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Rebecca\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Rebecca\AppData\Local\Temp\msvcp90.dll
C:\Users\Rebecca\AppData\Local\Temp\msvcr90.dll
C:\Users\Rebecca\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Rebecca\AppData\Local\Temp\nsb812D.exe
C:\Users\Rebecca\AppData\Local\Temp\nsb8350.exe
C:\Users\Rebecca\AppData\Local\Temp\nsbB941.exe
C:\Users\Rebecca\AppData\Local\Temp\nsh8593.exe
C:\Users\Rebecca\AppData\Local\Temp\nss5554.exe
C:\Users\Rebecca\AppData\Local\Temp\nswB663.exe
C:\Users\Rebecca\AppData\Local\Temp\nswBD19.exe
C:\Users\Rebecca\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Rebecca\AppData\Local\Temp\o_clitwd.dll
C:\Users\Rebecca\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Rebecca\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Rebecca\AppData\Local\Temp\SUABnRRemoveAll.exe
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite11746.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite12718.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite14795.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite15074.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite16073.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite16202.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite16351.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite16425.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite17011.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite18274.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite18319.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite18349.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite19498.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite19727.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite19805.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite19941.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite20580.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite20607.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite22696.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite25874.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite25896.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite26872.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite27032.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite29410.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite32534.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite33241.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite34064.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite34370.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite34648.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite35997.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite36746.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite36880.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite37840.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite38368.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite39236.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite39505.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite39514.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite40603.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite41874.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite44503.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite46073.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite46772.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite46824.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite47442.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite47771.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite47796.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite48248.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite48428.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite48540.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite50207.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite50925.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite52828.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite53376.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite54719.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite55397.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite55711.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite56701.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite57900.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite59116.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite59255.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite59895.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite59955.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite60315.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite60459.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite61854.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite62298.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite62783.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite62861.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite64958.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite65108.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite65658.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite66067.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite66431.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite67604.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite68062.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite68431.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite69378.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite69986.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite70432.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite70678.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite72273.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite72314.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite72335.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite72383.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite74164.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite75789.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite76334.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite76380.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite77026.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite77753.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite77785.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite79262.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite79303.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite80132.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite81954.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite82113.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite82801.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite83470.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite85095.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite85300.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite86374.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite87198.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite88063.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite89251.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite89452.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite91274.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite91474.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite91662.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite94369.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite94684.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite95054.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite96299.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite98741.dll
C:\Users\Rebecca\AppData\Local\Temp\System.Data.SQLite99546.dll
C:\Users\Rebecca\AppData\Local\Temp\WSSetup.exe
C:\Users\Rebecca\AppData\Local\Temp\_is16A1.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 16:04
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Rebecca at 2014-08-02 12:43:27
Running from C:\Users\Rebecca\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J280W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version:  - Browsersafeguard) <==== ATTENTION
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Easy Phone Tunes (HKLM-x32\...\{A2438F5D-292B-4464-9535-379584ABD626}) (Version: 152 - Easy Phone Tunes)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
findopolis (HKLM\...\findopolis) (Version: 2014.07.22.000743 - findopolis)
FreeSoftToday 025.170 (HKLM-x32\...\fst_us_170_is1) (Version:  - FREESOFTTODAY) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Humana GearSync 1.5.117 (HKLM-x32\...\{4ADA60D4-895E-4B03-86BF-39582AD5E95C}_is1) (Version: 1.5.117 - Humana)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Muvic Smartbar (HKLM-x32\...\{EAF386F0-7205-40F2-8DA6-1BABEEFCBE89}) (Version: 11.72.58.17767 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKCU\...\{bdf699df-daba-4469-8b87-47e91bfb96a8}) (Version: 11.72.58.17767 - PinWid Ltd.) <==== ATTENTION
My Memories Suite 5.0 (HKLM-x32\...\5497-8361-8125-9170) (Version: 5.0.0.86 - StoryRock, Inc.)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Smilebox (HKCU\...\Smilebox) (Version: 1.0.0.26929 - Smilebox, Inc.)
Smilebox Bundle (HKLM-x32\...\Smilebox Bundle) (Version: 1.0.0.0 - Perion Network Ltd.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.3 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.800 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.1.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{2E6FA5CA-1597-4219-AF62-D9B061E7C448}) (Version: 2.13.1101 - Samsung Electronics Co., Ltd.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.8.7 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1308010096-3944127759-420151042-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1308010096-3944127759-420151042-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1308010096-3944127759-420151042-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1308010096-3944127759-420151042-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1308010096-3944127759-420151042-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
17-07-2014 17:30:27 Windows Modules Installer
23-07-2014 02:26:07 Removed Java 7 Update 21
02-08-2014 04:19:46 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0DFDB776-8833-4FEF-BD6C-2BF838C757A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-04] (AVAST Software)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {32A38385-D008-4365-809A-0E3A22BD5B54} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {3FE3F0E3-776B-4592-BA88-499EA3CE469D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {42B0448E-61EB-4746-BD78-52890118239A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {4766D747-0991-4CB1-9EC9-7B1C08D2440C} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {6D224B61-6AB7-4B71-8D0D-169685A2A75F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {8210BEAA-7F1A-42BC-8574-A7219D71FE13} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {93C2C66C-A88F-47F5-B28D-6DED8C5FD95F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE76665F-A029-41C9-B0CE-EBB50AC13B3B} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B35405F2-5472-4E39-BD93-2FD8ADFC69DD} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CF3C61DC-1633-4FDC-A802-0FD52C5B1DCF} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe [2014-04-04] () <==== ATTENTION
Task: {D67BF980-6BB9-487F-908D-53B7E351DF85} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F051B26D-AA00-46DE-9C04-0B5E7F52AE08} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-17] (Microsoft Corporation)
Task: {FEAF6EC3-AAC5-465F-98C9-1EEEFDEBCBB9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-13 18:38 - 2011-10-13 18:38 - 00156672 _____ () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
2014-07-08 20:44 - 2014-05-20 12:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-21 18:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-26 22:43 - 2005-04-22 00:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2014-07-21 20:09 - 2014-07-25 00:33 - 00321824 _____ () C:\Program Files (x86)\findopolis\updatefindopolis.exe
2014-07-22 07:28 - 2014-07-25 00:32 - 00321824 _____ () C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
2014-07-21 20:55 - 2014-07-21 14:52 - 03323360 _____ () C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe
2014-02-20 21:54 - 2014-02-20 21:54 - 04277248 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\f48f9144318559628f2973aed85d55c7\Windows.UI.Xaml.ni.dll
2014-02-20 21:54 - 2014-02-20 21:54 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\cce138051887d83dccffdc206031b09f\Windows.UI.ni.dll
2014-07-22 07:30 - 2014-07-15 07:01 - 00287008 _____ () C:\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe
2014-07-22 07:30 - 2014-07-22 19:49 - 00096544 _____ () C:\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2014-02-20 21:54 - 2014-02-20 21:54 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\c355b610137057eab41db4660c5c19e1\Windows.Data.ni.dll
2014-02-20 21:54 - 2014-02-20 21:54 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\674a093211b1f8a3e570f640741e3b98\Windows.Foundation.ni.dll
2013-06-02 18:11 - 2013-06-02 18:12 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-04-04 17:28 - 2014-04-04 11:00 - 00460288 _____ () C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
2014-06-15 17:33 - 2014-06-15 17:33 - 00025120 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-07-28 17:44 - 2014-07-28 12:09 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072802\algo.dll
2014-07-29 07:05 - 2014-07-29 04:13 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072900\algo.dll
2014-08-02 00:17 - 2014-08-01 12:54 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080101\algo.dll
2014-08-02 07:24 - 2014-08-02 06:34 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080201\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00046624 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00071712 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srau.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00167456 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 02337824 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00068640 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\spbl.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00157216 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 00015904 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\siem.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00067616 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\sppsm.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 00698400 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 00016416 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 00080416 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00028704 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00060960 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srut.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00031264 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srsbs.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00067104 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00151072 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\smti.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00032800 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srom.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00032288 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\smtu.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00040992 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\smta.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00047648 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srbu.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 00026144 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\sgml.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00063520 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00026144 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srpdm.dll
2014-06-15 17:33 - 2014-06-15 17:33 - 00045088 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00036896 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-06-15 17:34 - 2014-06-15 17:34 - 00194592 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-06-15 17:35 - 2014-06-15 17:35 - 00257056 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\srns.dll
2013-08-26 22:42 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-02-04 20:44 - 2014-02-04 20:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-15 17:33 - 2014-06-15 17:33 - 00034848 _____ () C:\Users\Rebecca\AppData\Local\Smartbar\Application\lrcnt.dll
2014-07-20 22:34 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 22:34 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 22:34 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 22:34 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 22:34 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-20 22:34 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "GearSyncAutoStart"
HKCU\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKCU\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKCU\...\StartupApproved\Run: => "iCloudServices"
HKCU\...\StartupApproved\Run: => "SmileboxTray"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/02/2014 00:02:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17028, time stamp: 0x53a20947
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0aa5ed88
Faulting process id: 0x22f8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (08/01/2014 08:22:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1950
 
Error: (08/01/2014 08:22:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1950
 
Error: (08/01/2014 08:22:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/01/2014 07:36:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1654
 
Start Time: 01cfaad9ea26d639
 
Termination Time: 4294967295
 
Application Path: C:\windows\system32\wwahost.exe
 
Report Id: a7a298a7-19d4-11e4-beb7-7054d287e180
 
Faulting package full name: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (08/01/2014 07:36:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BECCASLAPTOP)
Description: Package microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe was terminated because it took too long to suspend.
 
Error: (07/31/2014 05:54:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/30/2014 10:10:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/30/2014 00:06:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/28/2014 11:05:22 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
 
System errors:
=============
Error: (08/02/2014 00:04:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (07/29/2014 07:32:01 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 12.
 
Error: (07/28/2014 11:02:18 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/28/2014 11:02:00 PM) (Source: DCOM) (EventID: 10005) (User: BECCASLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/28/2014 11:01:54 PM) (Source: DCOM) (EventID: 10005) (User: BECCASLAPTOP)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/28/2014 11:01:54 PM) (Source: DCOM) (EventID: 10005) (User: BECCASLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/28/2014 11:01:38 PM) (Source: DCOM) (EventID: 10005) (User: BECCASLAPTOP)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/28/2014 11:01:38 PM) (Source: DCOM) (EventID: 10005) (User: BECCASLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/28/2014 11:01:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/28/2014 11:01:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/02/2014 00:02:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947unknown0.0.0.000000000c00000050aa5ed8822f801cfae0639bae3b3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowndc0e0415-19f9-11e4-beb7-7054d287e180
 
Error: (08/01/2014 08:22:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1950
 
Error: (08/01/2014 08:22:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1950
 
Error: (08/01/2014 08:22:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/01/2014 07:36:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.16420165401cfaad9ea26d6394294967295C:\windows\system32\wwahost.exea7a298a7-19d4-11e4-beb7-7054d287e180microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (08/01/2014 07:36:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BECCASLAPTOP)
Description: microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe
 
Error: (07/31/2014 05:54:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/30/2014 10:10:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/30/2014 00:06:20 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/28/2014 11:05:22 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 58%
Total physical RAM: 3548.73 MB
Available physical RAM: 1465.79 MB
Total Pagefile: 4380.73 MB
Available Pagefile: 1498.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (TI10649600G) (Fixed) (Total:455.58 GB) (Free:401.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-02 12:51:34
-----------------------------
12:51:34.717    OS Version: Windows x64 6.2.9200 
12:51:34.717    Number of processors: 2 586 0x1001
12:51:34.718    ComputerName: BECCASLAPTOP  UserName: Rebecca
12:51:37.574    Initialize success
12:51:37.574    VM: initialized successfully
12:51:37.607    VM: outdated driver version !
12:51:41.845    AVAST engine defs: 14080201
12:51:49.992    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
12:51:49.994    Disk 0 Vendor: Hitachi_HTS545050A7E380 GG2OA7A0 Size: 476940MB BusType: 11
12:51:50.140    Disk 0 MBR read successfully
12:51:50.145    Disk 0 MBR scan
12:51:50.152    Disk 0 unknown MBR code
12:51:50.159    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
12:51:50.287    Disk 0 scanning C:\windows\system32\drivers
12:52:01.081    Service scanning
12:52:58.857    Modules scanning
12:52:58.868    Disk 0 trace - called modules:
12:52:58.907    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys 
12:52:59.408    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800493b060]
12:52:59.416    3 CLASSPNP.SYS[fffff8800190ae0a] -> nt!IofCallDriver -> \Device\00000036[0xfffffa80042817f0]
12:53:04.463    AVAST engine scan C:\windows
12:53:07.785    AVAST engine scan C:\windows\system32
12:56:20.274    AVAST engine scan C:\windows\system32\drivers
12:56:38.498    AVAST engine scan C:\Users\Rebecca
12:57:40.801    Disk 0 MBR has been saved successfully to "C:\Users\Rebecca\Desktop\MBR.dat"
12:57:40.813    The log file has been saved successfully to "C:\Users\Rebecca\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-02 12:51:34
-----------------------------
12:51:34.717    OS Version: Windows x64 6.2.9200 
12:51:34.717    Number of processors: 2 586 0x1001
12:51:34.718    ComputerName: BECCASLAPTOP  UserName: Rebecca
12:51:37.574    Initialize success
12:51:37.574    VM: initialized successfully
12:51:37.607    VM: outdated driver version !
12:51:41.845    AVAST engine defs: 14080201
12:51:49.992    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
12:51:49.994    Disk 0 Vendor: Hitachi_HTS545050A7E380 GG2OA7A0 Size: 476940MB BusType: 11
12:51:50.140    Disk 0 MBR read successfully
12:51:50.145    Disk 0 MBR scan
12:51:50.152    Disk 0 unknown MBR code
12:51:50.159    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
12:51:50.287    Disk 0 scanning C:\windows\system32\drivers
12:52:01.081    Service scanning
12:52:58.857    Modules scanning
12:52:58.868    Disk 0 trace - called modules:
12:52:58.907    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys 
12:52:59.408    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800493b060]
12:52:59.416    3 CLASSPNP.SYS[fffff8800190ae0a] -> nt!IofCallDriver -> \Device\00000036[0xfffffa80042817f0]
12:53:04.463    AVAST engine scan C:\windows
12:53:07.785    AVAST engine scan C:\windows\system32
12:56:20.274    AVAST engine scan C:\windows\system32\drivers
12:56:38.498    AVAST engine scan C:\Users\Rebecca
12:57:40.801    Disk 0 MBR has been saved successfully to "C:\Users\Rebecca\Desktop\MBR.dat"
12:57:40.813    The log file has been saved successfully to "C:\Users\Rebecca\Desktop\aswMBR.txt"
13:16:55.121    File: C:\Users\Rebecca\AppData\Local\Temp\cfbd197c-53c0-4df8-b41b-796116265c3e\software\VOPackage.exe  **INFECTED** Win32:Dropper-gen [Drp]
13:18:12.704    File: C:\Users\Rebecca\AppData\Local\Temp\WSSetup.exe  **INFECTED** Win32:Evo-gen [Susp]
13:25:18.023    AVAST engine scan C:\ProgramData
13:28:53.666    Scan finished successfully
13:29:58.396    Disk 0 MBR has been saved successfully to "C:\Users\Rebecca\Desktop\MBR.dat"
13:29:58.402    The log file has been saved successfully to "C:\Users\Rebecca\Desktop\aswMBR.txt"
 
 
THANK YOU!!!!


#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 02 August 2014 - 03:18 PM

THANK YOU!!!!


You're quite welcome, let's get started. :)

Note: Before running any of these steps, please copy FRST64.exe from here C:\Users\Rebecca\Downloads to your desktop, or the FRST fix will not work.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Chrome Changes and Program Uninstalls

Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.
Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from better-search.net to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete from the list.
  • Once you have removed it, close the window.
Program Uninstalls

Please uninstall the following programs from your machine, as they are all malware/adware related programs.
  • Findopolis
  • BrowserSafeguard with RocketTab
  • Buzzdock
  • FreeSoftToday 025.170
  • Muvic Smartbar
  • Muvic Smartbar Engine
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
() C:\Program Files (x86)\findopolis\updatefindopolis.exe
C:\Program Files (x86)\findopolis
() C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
() C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe
C:\Users\Rebecca\AppData\Local\fst_us_170
() C:\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe
() C:\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe
(Smartbar) C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe
C:\Users\Rebecca\AppData\Local\Smartbar
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Browsersafeguard
() C:\Users\Rebecca\AppData\Local\Smartbar\Application\Lrcnta.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_us_170] => "C:\Program Files (x86)\fst_us_170\fst_us_170.exe"
HKLM-x32\...\RunOnce: [upfst_us_170.exe] => C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe [3323360 2014-07-21] ()
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe [29728 2014-06-15] (Smartbar)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.better-search.net/?src=10&st=12&i=998&did=10874&ppd=na&barid=135655837603507125513667060197369569664
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPs2THrWMlurkqa046u-Fti6CrLbfHHW_fO9p_w4P6ia8IGQa7wZQNLnq5p4aqSQA,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPs2THrWMlurkqa046u-Fti6CrLbfHHW_fO9p_w4P6ia8IGQa7wZQNLnq5p4aqSQA,,&q={searchTerms}
BHO-x32: findopolis -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisbho.dll (findopolis)
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPmPykxHpuzpCicjFZAGJAWV8Njd5_ZpSTEzjOKsOA6UyOg7wWOV8Xlwy0eEoymJA,,
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPgyzkcy5wcV1UraO4HU6QqGokJf2XW5Kqrdx4CKpDFe7yFBt_TUbDWIbxMRDlvWw,,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPs2THrWMlurkqa046u-Fti6CrLbfHHW_fO9p_w4P6ia8IGQa7wZQNLnq5p4aqSQA,,&q=
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\searchplugins\Web Search.xml
FF Extension: Muvic - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{de9e7a43-46d4-2713-1278-2e3805406303} [2014-07-23]
FF Extension: findopolis - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.xpi [2014-07-21]
R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [321824 2014-07-25] ()
R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [321824 2014-07-25] ()
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys [61120 2014-07-15] (StdLib)
C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys
2014-08-02 11:51 - 2014-08-02 11:51 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\BrowserSafeguard
Task: {42B0448E-61EB-4746-BD78-52890118239A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Temporary File Cleaner

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Things I need to see in your next post:

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 03 August 2014 - 06:59 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Rebecca at 2014-08-03 01:52:16 Run:1
Running from C:\Users\Rebecca\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
() C:\Program Files (x86)\findopolis\updatefindopolis.exe
C:\Program Files (x86)\findopolis
() C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe
() C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe
C:\Users\Rebecca\AppData\Local\fst_us_170
() C:\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe
() C:\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe
(Smartbar) C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe
C:\Users\Rebecca\AppData\Local\Smartbar
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Browsersafeguard
() C:\Users\Rebecca\AppData\Local\Smartbar\Application\Lrcnta.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_us_170] => "C:\Program Files (x86)\fst_us_170\fst_us_170.exe"
HKLM-x32\...\RunOnce: [upfst_us_170.exe] => C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe [3323360 2014-07-21] ()
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe [29728 2014-06-15] (Smartbar)
BHO-x32: findopolis -> {ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1} -> C:\Program Files (x86)\findopolis\findopolisbho.dll (findopolis)
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPmPykxHpuzpCicjFZAGJAWV8Njd5_ZpSTEzjOKsOA6UyOg7wWOV8Xlwy0eEoymJA,,
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPgyzkcy5wcV1UraO4HU6QqGokJf2XW5Kqrdx4CKpDFe7yFBt_TUbDWIbxMRDlvWw,,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPs2THrWMlurkqa046u-Fti6CrLbfHHW_fO9p_w4P6ia8IGQa7wZQNLnq5p4aqSQA,,&q=
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF SearchPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\searchplugins\Web Search.xml
FF Extension: Muvic - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{de9e7a43-46d4-2713-1278-2e3805406303} [2014-07-23]
FF Extension: findopolis - C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.xpi [2014-07-21]
R2 Update findopolis; C:\Program Files (x86)\findopolis\updatefindopolis.exe [321824 2014-07-25] ()
R2 Util findopolis; C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe [321824 2014-07-25] ()
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys [61120 2014-07-15] (StdLib)
C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys
2014-08-02 11:51 - 2014-08-02 11:51 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\BrowserSafeguard
Task: {42B0448E-61EB-4746-BD78-52890118239A} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
End
*****************
 
[2112] C:\Program Files (x86)\findopolis\updatefindopolis.exe => Process closed successfully.
C:\Program Files (x86)\findopolis => Moved successfully.
[2492] C:\Program Files (x86)\findopolis\bin\utilfindopolis.exe => Process closed successfully.
C:\Users\Rebecca\AppData\Local\fst_us_170\upfst_us_170.exe => No running process found
"C:\Users\Rebecca\AppData\Local\fst_us_170" => File/Directory not found.
C:\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe => No running process found
C:\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe => No running process found
C:\Users\Rebecca\AppData\Local\Smartbar\Application\Muvic.exe => No running process found
"C:\Users\Rebecca\AppData\Local\Smartbar" => File/Directory not found.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe => No running process found
"C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.
C:\Users\Rebecca\AppData\Local\Smartbar\Application\Lrcnta.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_170 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_us_170.exe => Value not found.
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ccfd8427-0c44-4b91-abbb-d6aa65f7d2a1}" => Key deleted successfully.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\searchplugins\Web Search.xml => Moved successfully.
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{de9e7a43-46d4-2713-1278-2e3805406303} not found.
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.xpi not found.
Update findopolis => Service deleted successfully.
Util findopolis => Service deleted successfully.
{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64 => Unable to stop service
{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys => Moved successfully.
C:\Users\Rebecca\AppData\Local\BrowserSafeguard => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B0448E-61EB-4746-BD78-52890118239A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B0448E-61EB-4746-BD78-52890118239A}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchApp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Rebecca on Sun 08/03/2014 at  1:56:40.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1308010096-3944127759-420151042-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Rebecca\appdata\locallow\SkwConfig.bin"
Successfully disinfected: [Shortcut] C:\Users\Rebecca\AppData\Roaming\microsoft\windows\start menu\Programs\Search.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Rebecca\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Rebecca\AppData\Roaming\mozilla\firefox\profiles\x0z6z2wq.default-1405914423513\user.js
Successfully deleted the following from C:\Users\Rebecca\AppData\Roaming\mozilla\firefox\profiles\x0z6z2wq.default-1405914423513\prefs.js
 
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"www.browse-search.com\\\"],\\\"HttpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/nps.noproblem
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/03/2014 at  2:04:12.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.302 - Report created 03/08/2014 at 07:39:36
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Rebecca - BECCASLAPTOP
# Running from : C:\Users\Rebecca\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : hlnfd
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Rebecca\Favorites\StumbleUpon
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Users\Rebecca\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\Rebecca\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Rebecca\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn
Folder Deleted : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn
File Deleted : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\Extensions\boost@boost.net.xpi
File Deleted : C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
File Deleted : C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
File Deleted : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [sp2@sp.com]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\SweetIM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPgyzkcy5wcV1UraO4H[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
Line Deleted : user_pref("extensions.helperbar.backPageDay", 24);
Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1406037344718");
Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Deleted : user_pref("extensions.helperbar.barcodeid", "145619");
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "mtbs");
Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"www.browse-search.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/nps.noproblemppc.com\\\\\\/npsb\\\\\\/[...]
Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Deleted : user_pref("extensions.helperbar.installationid", "de9e7a43-46d4-2713-1278-2e3805406303");
Line Deleted : user_pref("extensions.helperbar.installdate", "22/07/2014");
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1406167717");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1407010609549");
Line Deleted : user_pref("extensions.helperbar.publisher", "mtbs");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPs2THrWMlurkqa046u-Fti6CrLbfHHW[...]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Homepage] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhQFoyBriIAfT6XOqC35xcZIWWnEbLZufaUEi37zDYs58fuQDLSZOOYNJccP_v55Lcidj3elfR3vDBQPgyzkcy5wcV1UraO4HU6QqGokJf2XW5Kqrdx4CKpDFe7yFBt_TUbDWIbxMRDlvWw,,
Deleted [Extension] : cfaifkapfifnanhhiidacmhldddojchn
Deleted [Extension] : igckfjdcbkimejmjmpmebffdjjjgncfn
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
 
*************************
 
AdwCleaner[R0].txt - [8390 octets] - [03/08/2014 02:10:24]
AdwCleaner[S0].txt - [6910 octets] - [03/08/2014 07:39:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6970 octets] ##########
 


#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 03 August 2014 - 07:27 AM

Looking good :thumbsup: Let's run a scan with TDSSKiller to make sure no rootkits are lurking and a fresh scan with FRST.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Step 2: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

TDSSKiller Log

Fresh FRST Log

Question: How is the machine running?

Edited by pystryker, 03 August 2014 - 02:16 PM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 03 August 2014 - 02:56 PM

15:51:09.0486 0x17c0  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
15:51:09.0486 0x17c0  UEFI system
15:51:15.0741 0x17c0  ============================================================
15:51:15.0741 0x17c0  Current date / time: 2014/08/03 15:51:15.0741
15:51:15.0741 0x17c0  SystemInfo:
15:51:15.0741 0x17c0  
15:51:15.0741 0x17c0  OS Version: 6.2.9200 ServicePack: 0.0
15:51:15.0741 0x17c0  Product type: Workstation
15:51:15.0741 0x17c0  ComputerName: BECCASLAPTOP
15:51:15.0741 0x17c0  UserName: Rebecca
15:51:15.0741 0x17c0  Windows directory: C:\windows
15:51:15.0741 0x17c0  System windows directory: C:\windows
15:51:15.0741 0x17c0  Running under WOW64
15:51:15.0741 0x17c0  Processor architecture: Intel x64
15:51:15.0741 0x17c0  Number of processors: 2
15:51:15.0741 0x17c0  Page size: 0x1000
15:51:15.0741 0x17c0  Boot type: Normal boot
15:51:15.0741 0x17c0  ============================================================
15:51:17.0412 0x17c0  KLMD registered as C:\windows\system32\drivers\08769177.sys
15:51:17.0643 0x17c0  System UUID: {CAC96007-9010-D206-B4F8-3D1E613F77D5}
15:51:18.0337 0x17c0  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:51:18.0354 0x17c0  ============================================================
15:51:18.0354 0x17c0  \Device\Harddisk0\DR0:
15:51:18.0360 0x17c0  GPT partitions:
15:51:18.0361 0x17c0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B6F7492D-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
15:51:18.0361 0x17c0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B6F74935-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0xE1800, BlocksNum 0x82000
15:51:18.0361 0x17c0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {B6F74937-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0x163800, BlocksNum 0x40000
15:51:18.0361 0x17c0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B6F7493F-FF51-11E1-B2D8-4C72B9B04871}, Name: Basic data partition, StartLBA 0x1A3800, BlocksNum 0x38F2B800
15:51:18.0361 0x17c0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {636731D2-3BB0-402B-877B-8B8AD8D34E0C}, Name: Basic data partition, StartLBA 0x390CF000, BlocksNum 0x12B7000
15:51:18.0361 0x17c0  MBR partitions:
15:51:18.0361 0x17c0  ============================================================
15:51:18.0432 0x17c0  C: <-> \Device\Harddisk0\DR0\Partition4
15:51:18.0432 0x17c0  ============================================================
15:51:18.0433 0x17c0  Initialize success
15:51:18.0433 0x17c0  ============================================================
15:51:40.0872 0x0ff8  ============================================================
15:51:40.0872 0x0ff8  Scan started
15:51:40.0872 0x0ff8  Mode: Manual; SigCheck; TDLFS; 
15:51:40.0872 0x0ff8  ============================================================
15:51:40.0872 0x0ff8  KSN ping started
15:51:43.0354 0x0ff8  KSN ping finished: true
15:51:46.0482 0x0ff8  ================ Scan system memory ========================
15:51:46.0482 0x0ff8  System memory - ok
15:51:46.0483 0x0ff8  ================ Scan services =============================
15:51:47.0240 0x0ff8  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\windows\System32\drivers\1394ohci.sys
15:51:47.0441 0x0ff8  1394ohci - ok
15:51:47.0470 0x0ff8  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\windows\system32\drivers\3ware.sys
15:51:47.0488 0x0ff8  3ware - ok
15:51:47.0521 0x0ff8  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:51:47.0562 0x0ff8  ACPI - ok
15:51:47.0607 0x0ff8  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\windows\system32\Drivers\acpiex.sys
15:51:47.0621 0x0ff8  acpiex - ok
15:51:47.0639 0x0ff8  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\windows\System32\drivers\acpipagr.sys
15:51:47.0683 0x0ff8  acpipagr - ok
15:51:47.0704 0x0ff8  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\windows\System32\drivers\acpipmi.sys
15:51:47.0737 0x0ff8  AcpiPmi - ok
15:51:47.0758 0x0ff8  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\windows\System32\drivers\acpitime.sys
15:51:47.0794 0x0ff8  acpitime - ok
15:51:47.0850 0x0ff8  [ 62B7936F9036DD6ED36E6A7EFA805DC0, C58EA1B46CB3595386C9217A7785F2A436916FB1E0BDC0E4BE484292C55AA455 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:51:47.0882 0x0ff8  AdobeARMservice - ok
15:51:47.0920 0x0ff8  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
15:51:47.0970 0x0ff8  adp94xx - ok
15:51:48.0004 0x0ff8  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\windows\system32\drivers\adpahci.sys
15:51:48.0029 0x0ff8  adpahci - ok
15:51:48.0049 0x0ff8  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\windows\system32\drivers\adpu320.sys
15:51:48.0070 0x0ff8  adpu320 - ok
15:51:48.0120 0x0ff8  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:51:48.0181 0x0ff8  AeLookupSvc - ok
15:51:48.0265 0x0ff8  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\windows\system32\drivers\afd.sys
15:51:48.0338 0x0ff8  AFD - ok
15:51:48.0373 0x0ff8  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\windows\system32\drivers\agp440.sys
15:51:48.0387 0x0ff8  agp440 - ok
15:51:48.0415 0x0ff8  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\windows\System32\alg.exe
15:51:48.0476 0x0ff8  ALG - ok
15:51:48.0484 0x0ff8  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
15:51:48.0523 0x0ff8  AllUserInstallAgent - ok
15:51:48.0567 0x0ff8  [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
15:51:48.0655 0x0ff8  AMD External Events Utility - ok
15:51:48.0693 0x0ff8  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\windows\System32\drivers\amdk8.sys
15:51:48.0764 0x0ff8  AmdK8 - ok
15:51:49.0504 0x0ff8  [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
15:51:49.0983 0x0ff8  amdkmdag - ok
15:51:50.0070 0x0ff8  [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
15:51:50.0121 0x0ff8  amdkmdap - ok
15:51:50.0165 0x0ff8  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\windows\System32\drivers\amdppm.sys
15:51:50.0205 0x0ff8  AmdPPM - ok
15:51:50.0242 0x0ff8  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:51:50.0256 0x0ff8  amdsata - ok
15:51:50.0279 0x0ff8  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
15:51:50.0300 0x0ff8  amdsbs - ok
15:51:50.0319 0x0ff8  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:51:50.0339 0x0ff8  amdxata - ok
15:51:50.0357 0x0ff8  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\windows\system32\drivers\appid.sys
15:51:50.0408 0x0ff8  AppID - ok
15:51:50.0437 0x0ff8  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:51:50.0468 0x0ff8  AppIDSvc - ok
15:51:50.0506 0x0ff8  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\windows\System32\appinfo.dll
15:51:50.0536 0x0ff8  Appinfo - ok
15:51:50.0694 0x0ff8  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:51:50.0708 0x0ff8  Apple Mobile Device - ok
15:51:50.0737 0x0ff8  [ 44695679881DEB85CAD7C249B151066E, A44413ACA911DDB5757DE9F9ECC3968979C47617CF9DF81B24E7ECDE7E0D54BC ] APXACC          C:\windows\system32\DRIVERS\appexDrv.sys
15:51:50.0917 0x0ff8  APXACC - ok
15:51:50.0949 0x0ff8  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\windows\system32\drivers\arc.sys
15:51:50.0973 0x0ff8  arc - ok
15:51:50.0999 0x0ff8  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\windows\system32\drivers\arcsas.sys
15:51:51.0014 0x0ff8  arcsas - ok
15:51:51.0051 0x0ff8  [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
15:51:51.0079 0x0ff8  aswMonFlt - ok
15:51:51.0087 0x0ff8  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
15:51:51.0101 0x0ff8  aswRdr - ok
15:51:51.0118 0x0ff8  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
15:51:51.0130 0x0ff8  aswRvrt - ok
15:51:51.0174 0x0ff8  [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
15:51:51.0219 0x0ff8  aswSnx - ok
15:51:51.0306 0x0ff8  [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP           C:\windows\system32\drivers\aswSP.sys
15:51:51.0328 0x0ff8  aswSP - ok
15:51:51.0365 0x0ff8  [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm          C:\windows\system32\drivers\aswStm.sys
15:51:51.0401 0x0ff8  aswStm - ok
15:51:51.0419 0x0ff8  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
15:51:51.0436 0x0ff8  aswVmm - ok
15:51:51.0466 0x0ff8  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:51:51.0522 0x0ff8  AsyncMac - ok
15:51:51.0537 0x0ff8  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\windows\system32\drivers\atapi.sys
15:51:51.0554 0x0ff8  atapi - ok
15:51:51.0793 0x0ff8  [ DECE3E2832F125A41A02FB59F4C54EEA, 2994024E5C295E9FDF4C6C0A8F2B17C07C158AD1567BEDA46A482C6C08F460BC ] athr            C:\windows\system32\DRIVERS\athrx.sys
15:51:51.0993 0x0ff8  athr - ok
15:51:52.0041 0x0ff8  [ 506907D2E7F3A5B67DBD39C00A788B7C, 618C91FB9F49C69F88A993F164D7E9E4B7CAD0F34DCF77CF0C6F259A28448171 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW86.sys
15:51:52.0064 0x0ff8  AtiHDAudioService - ok
15:51:52.0099 0x0ff8  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
15:51:52.0145 0x0ff8  AudioEndpointBuilder - ok
15:51:52.0199 0x0ff8  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\windows\System32\Audiosrv.dll
15:51:52.0273 0x0ff8  Audiosrv - ok
15:51:52.0413 0x0ff8  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:51:52.0462 0x0ff8  avast! Antivirus - ok
15:51:52.0486 0x0ff8  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:51:52.0525 0x0ff8  AxInstSV - ok
15:51:52.0565 0x0ff8  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
15:51:52.0611 0x0ff8  b06bdrv - ok
15:51:52.0641 0x0ff8  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\windows\System32\drivers\BasicDisplay.sys
15:51:52.0681 0x0ff8  BasicDisplay - ok
15:51:52.0688 0x0ff8  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\windows\System32\drivers\BasicRender.sys
15:51:52.0720 0x0ff8  BasicRender - ok
15:51:52.0756 0x0ff8  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\windows\System32\bdesvc.dll
15:51:52.0795 0x0ff8  BDESVC - ok
15:51:52.0821 0x0ff8  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\windows\system32\drivers\Beep.sys
15:51:52.0854 0x0ff8  Beep - ok
15:51:52.0905 0x0ff8  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\windows\System32\bfe.dll
15:51:52.0989 0x0ff8  BFE - ok
15:51:53.0049 0x0ff8  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\windows\System32\qmgr.dll
15:51:53.0124 0x0ff8  BITS - ok
15:51:53.0178 0x0ff8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:51:53.0216 0x0ff8  Bonjour Service - ok
15:51:53.0233 0x0ff8  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:51:53.0277 0x0ff8  bowser - ok
15:51:53.0309 0x0ff8  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
15:51:53.0334 0x0ff8  BrokerInfrastructure - ok
15:51:53.0364 0x0ff8  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\windows\System32\browser.dll
15:51:53.0420 0x0ff8  Browser - ok
15:51:53.0459 0x0ff8  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
15:51:53.0490 0x0ff8  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
15:51:55.0985 0x0ff8  Detect skipped due to KSN trusted
15:51:55.0986 0x0ff8  BrYNSvc - ok
15:51:56.0037 0x0ff8  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\windows\System32\drivers\BthAvrcpTg.sys
15:51:56.0106 0x0ff8  BthAvrcpTg - ok
15:51:56.0139 0x0ff8  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\windows\System32\drivers\BthEnum.sys
15:51:56.0197 0x0ff8  BthEnum - ok
15:51:56.0231 0x0ff8  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\windows\System32\drivers\bthhfenum.sys
15:51:56.0260 0x0ff8  BthHFEnum - ok
15:51:56.0273 0x0ff8  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\windows\System32\drivers\BthHFHid.sys
15:51:56.0327 0x0ff8  bthhfhid - ok
15:51:56.0348 0x0ff8  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\windows\System32\drivers\bthmodem.sys
15:51:56.0375 0x0ff8  BTHMODEM - ok
15:51:56.0398 0x0ff8  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
15:51:56.0439 0x0ff8  BthPan - ok
15:51:56.0502 0x0ff8  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
15:51:56.0563 0x0ff8  BTHPORT - ok
15:51:56.0597 0x0ff8  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\windows\system32\bthserv.dll
15:51:56.0628 0x0ff8  bthserv - ok
15:51:56.0646 0x0ff8  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
15:51:56.0680 0x0ff8  BTHUSB - ok
15:51:56.0908 0x0ff8  [ 72551A9AE5F68905DFC3CBA0D5242566, 15C273519C3AD1B2AF68F669125AFE607A86A60D680E299631D5E893C3CAA7E7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:51:56.0987 0x0ff8  c2cautoupdatesvc - ok
15:51:57.0278 0x0ff8  [ 6B669A00A431FF6CDCE67458933F5F0F, 81419EB18BB4EB96E48C99A1D45B0267E779E135427B3AEC872A1A5DD810B23F ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:51:57.0380 0x0ff8  c2cpnrsvc - ok
15:51:57.0497 0x0ff8  [ A5C16A0BE89EE409732178BEB62F7EA7, D4B993F63CFD9B487BD53B532AB9435084B4C752F2731E189FA1420D516A4E95 ] ccSet_NAT       C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys
15:51:57.0545 0x0ff8  ccSet_NAT - ok
15:51:57.0584 0x0ff8  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:51:57.0643 0x0ff8  cdfs - ok
15:51:57.0665 0x0ff8  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\windows\System32\drivers\cdrom.sys
15:51:57.0703 0x0ff8  cdrom - ok
15:51:57.0733 0x0ff8  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\windows\System32\certprop.dll
15:51:57.0756 0x0ff8  CertPropSvc - ok
15:51:57.0789 0x0ff8  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\windows\System32\drivers\circlass.sys
15:51:57.0822 0x0ff8  circlass - ok
15:51:57.0851 0x0ff8  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\windows\system32\drivers\CLFS.sys
15:51:57.0883 0x0ff8  CLFS - ok
15:51:58.0220 0x0ff8  [ 235D9604E3AAA538D14EAC1ABD99E8E9, 81CF10D123F08AF7359C3E176673907BAF9431C6E26D120912144CE2694A1B09 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
15:51:58.0305 0x0ff8  ClickToRunSvc - ok
15:51:58.0356 0x0ff8  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\windows\System32\drivers\CmBatt.sys
15:51:58.0456 0x0ff8  CmBatt - ok
15:51:58.0551 0x0ff8  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\windows\system32\Drivers\cng.sys
15:51:58.0609 0x0ff8  CNG - ok
15:51:58.0634 0x0ff8  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\windows\System32\drivers\CompositeBus.sys
15:51:58.0670 0x0ff8  CompositeBus - ok
15:51:58.0675 0x0ff8  COMSysApp - ok
15:51:58.0683 0x0ff8  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\windows\system32\drivers\condrv.sys
15:51:58.0722 0x0ff8  condrv - ok
15:51:58.0752 0x0ff8  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:51:58.0780 0x0ff8  CryptSvc - ok
15:51:58.0801 0x0ff8  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\windows\system32\drivers\dam.sys
15:51:58.0815 0x0ff8  dam - ok
15:51:58.0978 0x0ff8  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:51:59.0074 0x0ff8  DcomLaunch - ok
15:51:59.0104 0x0ff8  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\windows\System32\defragsvc.dll
15:51:59.0152 0x0ff8  defragsvc - ok
15:51:59.0178 0x0ff8  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
15:51:59.0221 0x0ff8  DeviceAssociationService - ok
15:51:59.0257 0x0ff8  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\windows\system32\umpnpmgr.dll
15:51:59.0296 0x0ff8  DeviceInstall - ok
15:51:59.0333 0x0ff8  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\windows\system32\Drivers\dfsc.sys
15:51:59.0380 0x0ff8  Dfsc - ok
15:51:59.0412 0x0ff8  [ E428DFFA96FAD07D8CA3C9082563A225, F3D2E94A9FF2CF68CC99A8B42B8DEA5E57D46000D1845DC0908224493480C79F ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
15:51:59.0432 0x0ff8  dg_ssudbus - ok
15:51:59.0502 0x0ff8  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\windows\system32\dhcpcore.dll
15:51:59.0547 0x0ff8  Dhcp - ok
15:51:59.0568 0x0ff8  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\windows\system32\drivers\discache.sys
15:51:59.0590 0x0ff8  discache - ok
15:51:59.0624 0x0ff8  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\windows\system32\drivers\disk.sys
15:51:59.0662 0x0ff8  disk - ok
15:51:59.0685 0x0ff8  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\windows\System32\drivers\dmvsc.sys
15:51:59.0739 0x0ff8  dmvsc - ok
15:51:59.0779 0x0ff8  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:51:59.0817 0x0ff8  Dnscache - ok
15:51:59.0852 0x0ff8  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\windows\System32\dot3svc.dll
15:51:59.0896 0x0ff8  dot3svc - ok
15:51:59.0919 0x0ff8  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\windows\system32\dps.dll
15:51:59.0946 0x0ff8  DPS - ok
15:51:59.0974 0x0ff8  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:52:00.0016 0x0ff8  drmkaud - ok
15:52:00.0048 0x0ff8  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\windows\System32\DeviceSetupManager.dll
15:52:00.0081 0x0ff8  DsmSvc - ok
15:52:00.0266 0x0ff8  [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:52:00.0353 0x0ff8  DXGKrnl - ok
15:52:00.0395 0x0ff8  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\windows\System32\eapsvc.dll
15:52:00.0427 0x0ff8  Eaphost - ok
15:52:00.0729 0x0ff8  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\windows\system32\drivers\evbda.sys
15:52:00.0959 0x0ff8  ebdrv - ok
15:52:01.0018 0x0ff8  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\windows\System32\lsass.exe
15:52:01.0095 0x0ff8  EFS - ok
15:52:01.0137 0x0ff8  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\windows\system32\drivers\EhStorClass.sys
15:52:01.0153 0x0ff8  EhStorClass - ok
15:52:01.0169 0x0ff8  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\windows\system32\drivers\EhStorTcgDrv.sys
15:52:01.0186 0x0ff8  EhStorTcgDrv - ok
15:52:01.0208 0x0ff8  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\windows\System32\drivers\errdev.sys
15:52:01.0224 0x0ff8  ErrDev - ok
15:52:01.0269 0x0ff8  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\windows\system32\es.dll
15:52:01.0333 0x0ff8  EventSystem - ok
15:52:01.0363 0x0ff8  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\windows\system32\drivers\exfat.sys
15:52:01.0400 0x0ff8  exfat - ok
15:52:01.0419 0x0ff8  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:52:01.0440 0x0ff8  fastfat - ok
15:52:01.0498 0x0ff8  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\windows\system32\fxssvc.exe
15:52:01.0586 0x0ff8  Fax - ok
15:52:01.0600 0x0ff8  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\windows\System32\drivers\fdc.sys
15:52:01.0629 0x0ff8  fdc - ok
15:52:01.0662 0x0ff8  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\windows\system32\fdPHost.dll
15:52:01.0698 0x0ff8  fdPHost - ok
15:52:01.0717 0x0ff8  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\windows\system32\fdrespub.dll
15:52:01.0756 0x0ff8  FDResPub - ok
15:52:01.0794 0x0ff8  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\windows\system32\fhsvc.dll
15:52:01.0849 0x0ff8  fhsvc - ok
15:52:01.0872 0x0ff8  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:52:01.0890 0x0ff8  FileInfo - ok
15:52:01.0909 0x0ff8  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:52:01.0935 0x0ff8  Filetrace - ok
15:52:01.0965 0x0ff8  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\windows\System32\drivers\flpydisk.sys
15:52:01.0997 0x0ff8  flpydisk - ok
15:52:02.0026 0x0ff8  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:52:02.0053 0x0ff8  FltMgr - ok
15:52:02.0208 0x0ff8  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\windows\system32\FntCache.dll
15:52:02.0310 0x0ff8  FontCache - ok
15:52:02.0448 0x0ff8  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:02.0502 0x0ff8  FontCache3.0.0.0 - ok
15:52:02.0533 0x0ff8  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:52:02.0547 0x0ff8  FsDepends - ok
15:52:02.0564 0x0ff8  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:52:02.0577 0x0ff8  Fs_Rec - ok
15:52:02.0621 0x0ff8  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:52:02.0697 0x0ff8  fvevol - ok
15:52:02.0738 0x0ff8  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\windows\System32\drivers\fxppm.sys
15:52:02.0765 0x0ff8  FxPPM - ok
15:52:02.0792 0x0ff8  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
15:52:02.0807 0x0ff8  gagp30kx - ok
15:52:02.0885 0x0ff8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:52:02.0912 0x0ff8  GamesAppService - ok
15:52:02.0949 0x0ff8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:52:02.0958 0x0ff8  GEARAspiWDM - ok
15:52:02.0985 0x0ff8  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\windows\System32\drivers\vmgencounter.sys
15:52:03.0007 0x0ff8  gencounter - ok
15:52:03.0091 0x0ff8  [ 4E1D0A246E10CFDDBF856432418DE404, 17AC5322A50D0914F90F41E9CBFEBE04CDC3BCA1CFAFE8A3F6CADD305738E1AF ] GFNEXSrv        C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
15:52:03.0122 0x0ff8  GFNEXSrv - detected UnsignedFile.Multi.Generic ( 1 )
15:52:09.0225 0x0ff8  Detect skipped due to KSN trusted
15:52:09.0225 0x0ff8  GFNEXSrv - ok
15:52:09.0272 0x0ff8  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\windows\system32\Drivers\msgpioclx.sys
15:52:09.0301 0x0ff8  GPIOClx0101 - ok
15:52:09.0418 0x0ff8  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\windows\System32\gpsvc.dll
15:52:09.0515 0x0ff8  gpsvc - ok
15:52:09.0574 0x0ff8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:09.0586 0x0ff8  gupdate - ok
15:52:09.0592 0x0ff8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:09.0603 0x0ff8  gupdatem - ok
15:52:09.0656 0x0ff8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:52:09.0682 0x0ff8  gusvc - ok
15:52:09.0756 0x0ff8  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:52:09.0805 0x0ff8  HdAudAddService - ok
15:52:09.0838 0x0ff8  [ 3865C4E388B31940C8BB9F73D9738E93, F078BD558291D54BDB2B26E158C68845E8DA76C5DB773449E92677517F9A120B ] HDAudBus        C:\windows\System32\drivers\HDAudBus.sys
15:52:09.0877 0x0ff8  HDAudBus - ok
15:52:09.0921 0x0ff8  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\windows\System32\drivers\HidBatt.sys
15:52:09.0953 0x0ff8  HidBatt - ok
15:52:09.0986 0x0ff8  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\windows\System32\drivers\hidbth.sys
15:52:10.0001 0x0ff8  HidBth - ok
15:52:10.0031 0x0ff8  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\windows\System32\drivers\hidi2c.sys
15:52:10.0086 0x0ff8  hidi2c - ok
15:52:10.0117 0x0ff8  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\windows\System32\drivers\hidir.sys
15:52:10.0165 0x0ff8  HidIr - ok
15:52:10.0190 0x0ff8  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\windows\system32\hidserv.dll
15:52:10.0207 0x0ff8  hidserv - ok
15:52:10.0242 0x0ff8  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\windows\System32\drivers\hidusb.sys
15:52:10.0295 0x0ff8  HidUsb - ok
15:52:10.0321 0x0ff8  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:52:10.0350 0x0ff8  hkmsvc - ok
15:52:10.0393 0x0ff8  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:52:10.0450 0x0ff8  HomeGroupListener - ok
15:52:10.0515 0x0ff8  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:52:10.0553 0x0ff8  HomeGroupProvider - ok
15:52:10.0574 0x0ff8  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:52:10.0588 0x0ff8  HpSAMD - ok
15:52:10.0643 0x0ff8  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:52:10.0706 0x0ff8  HTTP - ok
15:52:10.0730 0x0ff8  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:52:10.0743 0x0ff8  hwpolicy - ok
15:52:10.0758 0x0ff8  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\windows\System32\drivers\hyperkbd.sys
15:52:10.0780 0x0ff8  hyperkbd - ok
15:52:10.0810 0x0ff8  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\windows\system32\DRIVERS\HyperVideo.sys
15:52:10.0834 0x0ff8  HyperVideo - ok
15:52:10.0857 0x0ff8  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\windows\System32\drivers\i8042prt.sys
15:52:10.0905 0x0ff8  i8042prt - ok
15:52:10.0941 0x0ff8  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:52:10.0975 0x0ff8  iaStorV - ok
15:52:10.0996 0x0ff8  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
15:52:11.0009 0x0ff8  iirsp - ok
15:52:11.0098 0x0ff8  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\windows\System32\ikeext.dll
15:52:11.0156 0x0ff8  IKEEXT - ok
15:52:11.0334 0x0ff8  [ 3E6A9B228D7FC87C3A1C731B79BD0499, F203C3645419095989594313625AF1FB83A5F9B7F8A495A8EBCB63DFBF00D7ED ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:52:11.0522 0x0ff8  IntcAzAudAddService - ok
15:52:11.0552 0x0ff8  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\windows\system32\drivers\intelide.sys
15:52:11.0595 0x0ff8  intelide - ok
15:52:11.0614 0x0ff8  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\windows\System32\drivers\intelppm.sys
15:52:11.0649 0x0ff8  intelppm - ok
15:52:11.0670 0x0ff8  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:52:11.0690 0x0ff8  IpFilterDriver - ok
15:52:11.0804 0x0ff8  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:52:11.0868 0x0ff8  iphlpsvc - ok
15:52:11.0899 0x0ff8  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\windows\System32\drivers\IPMIDrv.sys
15:52:11.0923 0x0ff8  IPMIDRV - ok
15:52:11.0941 0x0ff8  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:52:11.0971 0x0ff8  IPNAT - ok
15:52:12.0014 0x0ff8  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:52:12.0050 0x0ff8  iPod Service - ok
15:52:12.0076 0x0ff8  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:52:12.0118 0x0ff8  IRENUM - ok
15:52:12.0136 0x0ff8  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:52:12.0149 0x0ff8  isapnp - ok
15:52:12.0191 0x0ff8  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\windows\System32\drivers\msiscsi.sys
15:52:12.0218 0x0ff8  iScsiPrt - ok
15:52:12.0234 0x0ff8  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\windows\System32\drivers\kbdclass.sys
15:52:12.0248 0x0ff8  kbdclass - ok
15:52:12.0270 0x0ff8  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\windows\System32\drivers\kbdhid.sys
15:52:12.0283 0x0ff8  kbdhid - ok
15:52:12.0290 0x0ff8  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\windows\system32\DRIVERS\kdnic.sys
15:52:12.0320 0x0ff8  kdnic - ok
15:52:12.0340 0x0ff8  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\windows\system32\lsass.exe
15:52:12.0356 0x0ff8  KeyIso - ok
15:52:12.0436 0x0ff8  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:52:12.0462 0x0ff8  KSecDD - ok
15:52:12.0480 0x0ff8  [ 3DD9C86EA88E8B5A51904AD87E1F2E78, F9EC9A571212117C01934CD29057EB1B3FA095F670294244AF7D9387D3F6E555 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:52:12.0499 0x0ff8  KSecPkg - ok
15:52:12.0523 0x0ff8  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
15:52:12.0549 0x0ff8  ksthunk - ok
15:52:12.0611 0x0ff8  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\windows\system32\msdtckrm.dll
15:52:12.0653 0x0ff8  KtmRm - ok
15:52:12.0708 0x0ff8  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\windows\system32\srvsvc.dll
15:52:12.0737 0x0ff8  LanmanServer - ok
15:52:12.0773 0x0ff8  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:52:12.0813 0x0ff8  LanmanWorkstation - ok
15:52:12.0835 0x0ff8  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:52:12.0864 0x0ff8  lltdio - ok
15:52:12.0903 0x0ff8  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:52:12.0947 0x0ff8  lltdsvc - ok
15:52:12.0970 0x0ff8  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\windows\System32\lmhsvc.dll
15:52:12.0998 0x0ff8  lmhosts - ok
15:52:13.0027 0x0ff8  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
15:52:13.0042 0x0ff8  LSI_SAS - ok
15:52:13.0064 0x0ff8  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
15:52:13.0080 0x0ff8  LSI_SAS2 - ok
15:52:13.0100 0x0ff8  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
15:52:13.0134 0x0ff8  LSI_SCSI - ok
15:52:13.0164 0x0ff8  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\windows\system32\drivers\lsi_sss.sys
15:52:13.0179 0x0ff8  LSI_SSS - ok
15:52:13.0221 0x0ff8  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\windows\System32\lsm.dll
15:52:13.0281 0x0ff8  LSM - ok
15:52:13.0306 0x0ff8  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\windows\system32\drivers\luafv.sys
15:52:13.0349 0x0ff8  luafv - ok
15:52:13.0365 0x0ff8  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\windows\system32\drivers\megasas.sys
15:52:13.0382 0x0ff8  megasas - ok
15:52:13.0417 0x0ff8  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
15:52:13.0499 0x0ff8  MegaSR - ok
15:52:13.0537 0x0ff8  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\windows\system32\mmcss.dll
15:52:13.0572 0x0ff8  MMCSS - ok
15:52:13.0592 0x0ff8  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\windows\system32\drivers\modem.sys
15:52:13.0627 0x0ff8  Modem - ok
15:52:13.0653 0x0ff8  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\windows\System32\drivers\monitor.sys
15:52:13.0676 0x0ff8  monitor - ok
15:52:13.0703 0x0ff8  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\windows\System32\drivers\mouclass.sys
15:52:13.0717 0x0ff8  mouclass - ok
15:52:13.0742 0x0ff8  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\windows\System32\drivers\mouhid.sys
15:52:13.0765 0x0ff8  mouhid - ok
15:52:13.0773 0x0ff8  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:52:13.0788 0x0ff8  mountmgr - ok
15:52:13.0840 0x0ff8  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:13.0872 0x0ff8  MozillaMaintenance - ok
15:52:13.0916 0x0ff8  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:52:13.0949 0x0ff8  mpsdrv - ok
15:52:13.0998 0x0ff8  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:52:14.0060 0x0ff8  MpsSvc - ok
15:52:14.0103 0x0ff8  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:52:14.0160 0x0ff8  MRxDAV - ok
15:52:14.0200 0x0ff8  [ 7A761AEE58658378BBA45D360F874CB0, 31972E63D93E07D92EF69571B7ED1E69B1358DCA5BEED62A9372F6411B4DFDB3 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:52:14.0251 0x0ff8  mrxsmb - ok
15:52:14.0288 0x0ff8  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:52:14.0309 0x0ff8  mrxsmb10 - ok
15:52:14.0371 0x0ff8  [ 697B78CE3925E4FBFC544232A5E9E2EB, 2D03425513572F6098BAAF82C0EDB49EBAB88438971D349CA1917DA0BDB76334 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:52:14.0419 0x0ff8  mrxsmb20 - ok
15:52:14.0455 0x0ff8  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\windows\system32\DRIVERS\bridge.sys
15:52:14.0497 0x0ff8  MsBridge - ok
15:52:14.0520 0x0ff8  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\windows\System32\msdtc.exe
15:52:14.0548 0x0ff8  MSDTC - ok
15:52:14.0572 0x0ff8  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:52:14.0598 0x0ff8  Msfs - ok
15:52:14.0623 0x0ff8  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\windows\System32\drivers\msgpiowin32.sys
15:52:14.0637 0x0ff8  msgpiowin32 - ok
15:52:14.0657 0x0ff8  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:52:14.0681 0x0ff8  mshidkmdf - ok
15:52:14.0699 0x0ff8  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\windows\System32\drivers\mshidumdf.sys
15:52:14.0714 0x0ff8  mshidumdf - ok
15:52:14.0728 0x0ff8  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:52:14.0741 0x0ff8  msisadrv - ok
15:52:14.0779 0x0ff8  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:52:14.0875 0x0ff8  MSiSCSI - ok
15:52:14.0885 0x0ff8  msiserver - ok
15:52:14.0903 0x0ff8  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:52:14.0929 0x0ff8  MSKSSRV - ok
15:52:14.0967 0x0ff8  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\windows\system32\DRIVERS\mslldp.sys
15:52:14.0995 0x0ff8  MsLldp - ok
15:52:15.0016 0x0ff8  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:52:15.0045 0x0ff8  MSPCLOCK - ok
15:52:15.0067 0x0ff8  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:52:15.0090 0x0ff8  MSPQM - ok
15:52:15.0116 0x0ff8  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:52:15.0141 0x0ff8  MsRPC - ok
15:52:15.0151 0x0ff8  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\windows\System32\drivers\mssmbios.sys
15:52:15.0166 0x0ff8  mssmbios - ok
15:52:15.0185 0x0ff8  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:52:15.0212 0x0ff8  MSTEE - ok
15:52:15.0239 0x0ff8  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\windows\System32\drivers\MTConfig.sys
15:52:15.0263 0x0ff8  MTConfig - ok
15:52:15.0278 0x0ff8  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\windows\system32\Drivers\mup.sys
15:52:15.0293 0x0ff8  Mup - ok
15:52:15.0324 0x0ff8  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\windows\system32\drivers\mvumis.sys
15:52:15.0338 0x0ff8  mvumis - ok
15:52:15.0367 0x0ff8  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\windows\system32\qagentRT.dll
15:52:15.0416 0x0ff8  napagent - ok
15:52:15.0535 0x0ff8  [ 8FA07AF404BC705FDEC03493644970B2, BF3B681AB11D830524607B3C5790B83A886B7CBDE397C3C7C9C96F79E2EC244D ] NAT             C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
15:52:15.0566 0x0ff8  NAT - ok
15:52:15.0651 0x0ff8  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:52:15.0707 0x0ff8  NativeWifiP - ok
15:52:15.0736 0x0ff8  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\windows\System32\ncasvc.dll
15:52:15.0780 0x0ff8  NcaSvc - ok
15:52:15.0817 0x0ff8  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\windows\System32\NcdAutoSetup.dll
15:52:15.0863 0x0ff8  NcdAutoSetup - ok
15:52:16.0070 0x0ff8  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\windows\system32\drivers\ndis.sys
15:52:16.0145 0x0ff8  NDIS - ok
15:52:16.0178 0x0ff8  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:52:16.0220 0x0ff8  NdisCap - ok
15:52:16.0238 0x0ff8  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\windows\system32\DRIVERS\NdisImPlatform.sys
15:52:16.0255 0x0ff8  NdisImPlatform - ok
15:52:16.0283 0x0ff8  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:52:16.0322 0x0ff8  NdisTapi - ok
15:52:16.0348 0x0ff8  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:52:16.0363 0x0ff8  Ndisuio - ok
15:52:16.0373 0x0ff8  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:52:16.0405 0x0ff8  NdisWan - ok
15:52:16.0413 0x0ff8  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\windows\system32\DRIVERS\ndiswan.sys
15:52:16.0437 0x0ff8  NDISWANLEGACY - ok
15:52:16.0464 0x0ff8  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:52:16.0486 0x0ff8  NDProxy - ok
15:52:16.0517 0x0ff8  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\windows\system32\drivers\Ndu.sys
15:52:16.0534 0x0ff8  Ndu - ok
15:52:16.0541 0x0ff8  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:52:16.0571 0x0ff8  NetBIOS - ok
15:52:16.0584 0x0ff8  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:52:16.0621 0x0ff8  NetBT - ok
15:52:16.0639 0x0ff8  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\windows\system32\lsass.exe
15:52:16.0656 0x0ff8  Netlogon - ok
15:52:16.0722 0x0ff8  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\windows\System32\netman.dll
15:52:16.0759 0x0ff8  Netman - ok
15:52:16.0806 0x0ff8  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\windows\System32\netprofmsvc.dll
15:52:16.0876 0x0ff8  netprofm - ok
15:52:16.0934 0x0ff8  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:17.0268 0x0ff8  NetTcpPortSharing - ok
15:52:17.0297 0x0ff8  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
15:52:17.0316 0x0ff8  nfrd960 - ok
15:52:17.0350 0x0ff8  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\windows\System32\nlasvc.dll
15:52:17.0402 0x0ff8  NlaSvc - ok
15:52:17.0416 0x0ff8  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:52:17.0446 0x0ff8  Npfs - ok
15:52:17.0463 0x0ff8  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\windows\System32\drivers\npsvctrig.sys
15:52:17.0484 0x0ff8  npsvctrig - ok
15:52:17.0506 0x0ff8  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\windows\system32\nsisvc.dll
15:52:17.0535 0x0ff8  nsi - ok
15:52:17.0553 0x0ff8  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:52:17.0579 0x0ff8  nsiproxy - ok
15:52:17.0685 0x0ff8  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:52:17.0823 0x0ff8  Ntfs - ok
15:52:17.0855 0x0ff8  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\windows\system32\drivers\Null.sys
15:52:17.0871 0x0ff8  Null - ok
15:52:17.0897 0x0ff8  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:52:17.0915 0x0ff8  nvraid - ok
15:52:17.0936 0x0ff8  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:52:17.0955 0x0ff8  nvstor - ok
15:52:17.0971 0x0ff8  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:52:17.0987 0x0ff8  nv_agp - ok
15:52:18.0049 0x0ff8  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:18.0068 0x0ff8  ose - ok
15:52:18.0105 0x0ff8  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:52:18.0135 0x0ff8  p2pimsvc - ok
15:52:18.0161 0x0ff8  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\windows\system32\p2psvc.dll
15:52:18.0194 0x0ff8  p2psvc - ok
15:52:18.0224 0x0ff8  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\windows\System32\drivers\parport.sys
15:52:18.0254 0x0ff8  Parport - ok
15:52:18.0278 0x0ff8  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:52:18.0294 0x0ff8  partmgr - ok
15:52:18.0336 0x0ff8  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:52:18.0374 0x0ff8  PcaSvc - ok
15:52:18.0409 0x0ff8  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\windows\system32\drivers\pci.sys
15:52:18.0432 0x0ff8  pci - ok
15:52:18.0464 0x0ff8  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\windows\system32\drivers\pciide.sys
15:52:18.0477 0x0ff8  pciide - ok
15:52:18.0495 0x0ff8  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
15:52:18.0516 0x0ff8  pcmcia - ok
15:52:18.0540 0x0ff8  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\windows\system32\drivers\pcw.sys
15:52:18.0554 0x0ff8  pcw - ok
15:52:18.0583 0x0ff8  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\windows\system32\drivers\pdc.sys
15:52:18.0598 0x0ff8  pdc - ok
15:52:18.0666 0x0ff8  [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
15:52:18.0741 0x0ff8  PDFProFiltSrvPP - ok
15:52:18.0949 0x0ff8  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:52:19.0010 0x0ff8  PEAUTH - ok
15:52:19.0030 0x0ff8  [ EE926C59CBD4DC4DC9FBB85014A2F1A5, 777459BD30A480E03EA5D0BBA431C2CD573403687FAA0B29F172086A0304E230 ] PEGAGFN         C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys
15:52:19.0039 0x0ff8  PEGAGFN - ok
15:52:19.0103 0x0ff8  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:52:19.0181 0x0ff8  PerfHost - ok
15:52:19.0365 0x0ff8  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\windows\system32\pla.dll
15:52:19.0500 0x0ff8  pla - ok
15:52:19.0535 0x0ff8  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:52:19.0556 0x0ff8  PlugPlay - ok
15:52:19.0579 0x0ff8  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:52:19.0608 0x0ff8  PNRPAutoReg - ok
15:52:19.0639 0x0ff8  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:52:19.0666 0x0ff8  PNRPsvc - ok
15:52:19.0759 0x0ff8  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:52:19.0802 0x0ff8  PolicyAgent - ok
15:52:19.0830 0x0ff8  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\windows\system32\umpo.dll
15:52:19.0878 0x0ff8  Power - ok
15:52:19.0910 0x0ff8  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:52:19.0941 0x0ff8  PptpMiniport - ok
15:52:20.0238 0x0ff8  [ 9D59831262CAD44E709D695FC9D5E7AB, F95C5475F91DA667C8D5C96253944CE8A0F2C9B1ED4DF8703E5D1D47A0C730B5 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
15:52:20.0407 0x0ff8  PrintNotify - ok
15:52:20.0447 0x0ff8  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\windows\System32\drivers\processr.sys
15:52:20.0469 0x0ff8  Processor - ok
15:52:20.0492 0x0ff8  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\windows\system32\profsvc.dll
15:52:20.0517 0x0ff8  ProfSvc - ok
15:52:20.0539 0x0ff8  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:52:20.0561 0x0ff8  Psched - ok
15:52:20.0582 0x0ff8  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\windows\system32\qwave.dll
15:52:20.0619 0x0ff8  QWAVE - ok
15:52:20.0647 0x0ff8  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:52:20.0679 0x0ff8  QWAVEdrv - ok
15:52:20.0763 0x0ff8  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:52:20.0852 0x0ff8  RasAcd - ok
15:52:20.0896 0x0ff8  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:52:20.0922 0x0ff8  RasAgileVpn - ok
15:52:20.0946 0x0ff8  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\windows\System32\rasauto.dll
15:52:20.0985 0x0ff8  RasAuto - ok
15:52:21.0009 0x0ff8  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:52:21.0035 0x0ff8  Rasl2tp - ok
15:52:21.0058 0x0ff8  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\windows\System32\rasmans.dll
15:52:21.0094 0x0ff8  RasMan - ok
15:52:21.0102 0x0ff8  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:52:21.0122 0x0ff8  RasPppoe - ok
15:52:21.0130 0x0ff8  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:52:21.0150 0x0ff8  RasSstp - ok
15:52:21.0236 0x0ff8  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:52:21.0284 0x0ff8  rdbss - ok
15:52:21.0320 0x0ff8  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\windows\System32\drivers\rdpbus.sys
15:52:21.0373 0x0ff8  rdpbus - ok
15:52:21.0396 0x0ff8  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
15:52:21.0439 0x0ff8  RDPDR - ok
15:52:21.0476 0x0ff8  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
15:52:21.0490 0x0ff8  RdpVideoMiniport - ok
15:52:21.0521 0x0ff8  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:52:21.0553 0x0ff8  RDPWD - ok
15:52:21.0572 0x0ff8  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:52:21.0591 0x0ff8  rdyboost - ok
15:52:21.0633 0x0ff8  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:52:21.0665 0x0ff8  RemoteAccess - ok
15:52:21.0695 0x0ff8  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:52:21.0735 0x0ff8  RemoteRegistry - ok
15:52:21.0765 0x0ff8  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\windows\System32\drivers\rfcomm.sys
15:52:21.0794 0x0ff8  RFCOMM - ok
15:52:21.0821 0x0ff8  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:52:21.0877 0x0ff8  RpcEptMapper - ok
15:52:21.0904 0x0ff8  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\windows\system32\locator.exe
15:52:21.0921 0x0ff8  RpcLocator - ok
15:52:22.0032 0x0ff8  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\windows\system32\rpcss.dll
15:52:22.0078 0x0ff8  RpcSs - ok
15:52:22.0103 0x0ff8  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:52:22.0150 0x0ff8  rspndr - ok
15:52:22.0189 0x0ff8  [ 0E32A8922DCFD28EA00AAEC07CB3F331, 27F329C6A66DB01C291E1EDCEB7781A05658520B12FF8ECD1FBD3B86EF78DF30 ] RSUSBSTOR       C:\windows\System32\Drivers\RtsUStor.sys
15:52:22.0205 0x0ff8  RSUSBSTOR - ok
15:52:22.0240 0x0ff8  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\windows\system32\DRIVERS\Rt630x64.sys
15:52:22.0269 0x0ff8  RTL8168 - ok
15:52:22.0318 0x0ff8  [ D751C8E0BE70D3D5D68439BC934EEBC4, 7A2603F7B63B9AC7215F6ABD0C7729ED273D3F08FC575116C48E325D71944BB8 ] RTL8192Ce       C:\windows\system32\DRIVERS\rtwlane.sys
15:52:22.0399 0x0ff8  RTL8192Ce - ok
15:52:22.0465 0x0ff8  [ D751C8E0BE70D3D5D68439BC934EEBC4, 7A2603F7B63B9AC7215F6ABD0C7729ED273D3F08FC575116C48E325D71944BB8 ] RTWlanE         C:\windows\system32\DRIVERS\rtwlane.sys
15:52:22.0532 0x0ff8  RTWlanE - ok
15:52:22.0560 0x0ff8  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\windows\System32\drivers\vms3cap.sys
15:52:22.0582 0x0ff8  s3cap - ok
15:52:22.0617 0x0ff8  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\windows\system32\lsass.exe
15:52:22.0634 0x0ff8  SamSs - ok
15:52:22.0669 0x0ff8  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:52:22.0689 0x0ff8  sbp2port - ok
15:52:22.0720 0x0ff8  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:52:22.0767 0x0ff8  SCardSvr - ok
15:52:22.0782 0x0ff8  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:52:22.0818 0x0ff8  scfilter - ok
15:52:22.0944 0x0ff8  [ 03F58B3FA4B5329F21F770B1EF8D984A, 32976E64E4960E5996E3CA2F8BA9374E01201C461DE52AF0FA14BA75C784AC25 ] Schedule        C:\windows\system32\schedsvc.dll
15:52:23.0039 0x0ff8  Schedule - ok
15:52:23.0105 0x0ff8  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\windows\System32\certprop.dll
15:52:23.0145 0x0ff8  SCPolicySvc - ok
15:52:23.0182 0x0ff8  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\windows\System32\drivers\sdbus.sys
15:52:23.0206 0x0ff8  sdbus - ok
15:52:23.0242 0x0ff8  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:52:23.0302 0x0ff8  SDRSVC - ok
15:52:23.0339 0x0ff8  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\windows\System32\drivers\sdstor.sys
15:52:23.0354 0x0ff8  sdstor - ok
15:52:23.0380 0x0ff8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:52:23.0396 0x0ff8  secdrv - ok
15:52:23.0404 0x0ff8  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\windows\system32\seclogon.dll
15:52:23.0441 0x0ff8  seclogon - ok
15:52:23.0470 0x0ff8  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\windows\System32\sens.dll
15:52:23.0505 0x0ff8  SENS - ok
15:52:23.0522 0x0ff8  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:52:23.0555 0x0ff8  SensrSvc - ok
15:52:23.0569 0x0ff8  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\windows\system32\drivers\SerCx.sys
15:52:23.0585 0x0ff8  SerCx - ok
15:52:23.0604 0x0ff8  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\windows\System32\drivers\serenum.sys
15:52:23.0635 0x0ff8  Serenum - ok
15:52:23.0654 0x0ff8  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\windows\System32\drivers\serial.sys
15:52:23.0682 0x0ff8  Serial - ok
15:52:23.0706 0x0ff8  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\windows\System32\drivers\sermouse.sys
15:52:23.0720 0x0ff8  sermouse - ok
15:52:23.0765 0x0ff8  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\windows\system32\sessenv.dll
15:52:23.0793 0x0ff8  SessionEnv - ok
15:52:23.0808 0x0ff8  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\windows\System32\drivers\sfloppy.sys
15:52:23.0823 0x0ff8  sfloppy - ok
15:52:23.0871 0x0ff8  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:52:23.0918 0x0ff8  SharedAccess - ok
15:52:23.0973 0x0ff8  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:52:24.0035 0x0ff8  ShellHWDetection - ok
15:52:24.0062 0x0ff8  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
15:52:24.0077 0x0ff8  SiSRaid2 - ok
15:52:24.0099 0x0ff8  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
15:52:24.0115 0x0ff8  SiSRaid4 - ok
15:52:24.0149 0x0ff8  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:52:24.0187 0x0ff8  SNMPTRAP - ok
15:52:24.0228 0x0ff8  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\windows\system32\drivers\spaceport.sys
15:52:24.0254 0x0ff8  spaceport - ok
15:52:24.0295 0x0ff8  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\windows\system32\drivers\SpbCx.sys
15:52:24.0335 0x0ff8  SpbCx - ok
15:52:24.0385 0x0ff8  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\windows\System32\spoolsv.exe
15:52:24.0451 0x0ff8  Spooler - ok
15:52:25.0029 0x0ff8  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\windows\system32\sppsvc.exe
15:52:25.0290 0x0ff8  sppsvc - ok
15:52:25.0352 0x0ff8  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\windows\system32\DRIVERS\srv.sys
15:52:25.0400 0x0ff8  srv - ok
15:52:25.0438 0x0ff8  [ 8504ADDE9C146C6295B16D13A0007560, 715E3752AE4A276FA8DAFA3B52B699C45D97E747CB25FE4AE307241D206319B7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:52:25.0516 0x0ff8  srv2 - ok
15:52:25.0558 0x0ff8  [ BB0F9E19C5CE4DC765B263E2A5561DE1, F7DBC96E049625E4312D8F588FCF2B4AC6318C04D04758982FE9B51DABEC2DAE ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:52:25.0602 0x0ff8  srvnet - ok
15:52:25.0665 0x0ff8  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:52:25.0709 0x0ff8  SSDPSRV - ok
15:52:25.0720 0x0ff8  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:52:25.0743 0x0ff8  SstpSvc - ok
15:52:25.0791 0x0ff8  [ AAF6F247F1DC370C593B4430974EAD9C, 232D0D62EC83A5537ADB28B5DC01074BA812FE6C70C54F70CD7A5EF1BC19D3E1 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
15:52:25.0825 0x0ff8  ssudmdm - ok
15:52:25.0848 0x0ff8  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\windows\system32\drivers\stexstor.sys
15:52:25.0876 0x0ff8  stexstor - ok
15:52:25.0906 0x0ff8  [ F38F79114380246B6D40CD53FB2CA28D, 5F4001F6D97903DCBB2399B3AC36329A515823D44CDEE784613F2976398DB950 ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
15:52:25.0945 0x0ff8  StillCam - ok
15:52:26.0006 0x0ff8  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\windows\System32\wiaservc.dll
15:52:26.0073 0x0ff8  stisvc - ok
15:52:26.0099 0x0ff8  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\windows\system32\drivers\storahci.sys
15:52:26.0113 0x0ff8  storahci - ok
15:52:26.0131 0x0ff8  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\windows\system32\DRIVERS\vmstorfl.sys
15:52:26.0149 0x0ff8  storflt - ok
15:52:26.0168 0x0ff8  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\windows\system32\storsvc.dll
15:52:26.0192 0x0ff8  StorSvc - ok
15:52:26.0224 0x0ff8  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\windows\system32\drivers\storvsc.sys
15:52:26.0236 0x0ff8  storvsc - ok
15:52:26.0243 0x0ff8  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\windows\system32\svsvc.dll
15:52:26.0276 0x0ff8  svsvc - ok
15:52:26.0294 0x0ff8  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\windows\System32\drivers\swenum.sys
15:52:26.0308 0x0ff8  swenum - ok
15:52:26.0336 0x0ff8  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\windows\System32\swprv.dll
15:52:26.0396 0x0ff8  swprv - ok
15:52:26.0427 0x0ff8  [ 3675657B3A4A2868A2C2B2A160E4A3C9, 1E2D115D2454596B139360815B24574CF331920513E71EA151324DC2922BC59B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
15:52:26.0455 0x0ff8  SynTP - ok
15:52:26.0652 0x0ff8  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\windows\system32\sysmain.dll
15:52:26.0749 0x0ff8  SysMain - ok
15:52:26.0822 0x0ff8  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
15:52:26.0861 0x0ff8  SystemEventsBroker - ok
15:52:26.0885 0x0ff8  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
15:52:26.0914 0x0ff8  TabletInputService - ok
15:52:26.0928 0x0ff8  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\windows\System32\tapisrv.dll
15:52:26.0961 0x0ff8  TapiSrv - ok
15:52:27.0170 0x0ff8  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:52:27.0302 0x0ff8  Tcpip - ok
15:52:27.0419 0x0ff8  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:52:27.0520 0x0ff8  TCPIP6 - ok
15:52:27.0574 0x0ff8  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:52:27.0659 0x0ff8  tcpipreg - ok
15:52:27.0691 0x0ff8  [ 58480A57ACF2671C343FD1D4BA990E34, 24AD9C808D06FABFE8E81242CAC8B5A91829F7D951B245865EF77B79BB795E3D ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
15:52:27.0702 0x0ff8  tdcmdpst - ok
15:52:27.0712 0x0ff8  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:52:27.0730 0x0ff8  tdx - ok
15:52:27.0743 0x0ff8  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\windows\System32\drivers\terminpt.sys
15:52:27.0757 0x0ff8  terminpt - ok
15:52:27.0804 0x0ff8  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\windows\System32\termsrv.dll
15:52:27.0857 0x0ff8  TermService - ok
15:52:27.0883 0x0ff8  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\windows\system32\themeservice.dll
15:52:27.0925 0x0ff8  Themes - ok
15:52:27.0948 0x0ff8  [ 16E745743BABAF480B7718442F38B076, 4FF6C7CFB976BF24F2215DCAE4DCCA546A6758B1DE1F36C78251AFFE4D9CE249 ] Thotkey         C:\windows\System32\drivers\Thotkey.sys
15:52:27.0957 0x0ff8  Thotkey - ok
15:52:27.0991 0x0ff8  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\windows\system32\mmcss.dll
15:52:28.0008 0x0ff8  THREADORDER - ok
15:52:28.0064 0x0ff8  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\windows\System32\TimeBrokerServer.dll
15:52:28.0129 0x0ff8  TimeBroker - ok
15:52:28.0253 0x0ff8  [ 6C4F5CD42074DB52AE88FC4BAB2C54F7, B4E3B6A23C99A11186F4EE875871D459A7A03EF4565CA114B41FB3C982841A45 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:52:28.0273 0x0ff8  TMachInfo - ok
15:52:28.0329 0x0ff8  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
15:52:28.0360 0x0ff8  TODDSrv - ok
15:52:28.0429 0x0ff8  [ 380192EE4C9FA50A083C14522E6240C8, 539EF29B97E552F655F73EFB54AE300587F3C6FCE9AF89C81B838997E9E0CD43 ] TOSHIBA eco Utility Service C:\Program Files\Toshiba\Teco\TecoService.exe
15:52:28.0488 0x0ff8  TOSHIBA eco Utility Service - ok
15:52:28.0597 0x0ff8  [ 36391C3953D191A2AF4556D5D706C641, 5191A35C86B6C98F2CBDDC23B5311ED62310345CEDE084A54BBF70CCF0F84C50 ] tos_sps64       C:\windows\system32\drivers\tos_sps64.sys
15:52:28.0653 0x0ff8  tos_sps64 - ok
15:52:28.0772 0x0ff8  [ 8608681DC6E2975815A593209A6432CD, 10DF382AABB97DD70900DD4D6D388A34614A67E762D956861C8D4D036947BFDA ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
15:52:28.0800 0x0ff8  TPCHSrv - ok
15:52:28.0874 0x0ff8  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\windows\system32\drivers\tpm.sys
15:52:28.0912 0x0ff8  TPM - ok
15:52:28.0947 0x0ff8  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\windows\System32\trkwks.dll
15:52:28.0998 0x0ff8  TrkWks - ok
15:52:29.0067 0x0ff8  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:52:29.0122 0x0ff8  TrustedInstaller - ok
15:52:29.0150 0x0ff8  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:52:29.0184 0x0ff8  TsUsbFlt - ok
15:52:29.0197 0x0ff8  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\windows\System32\drivers\TsUsbGD.sys
15:52:29.0232 0x0ff8  TsUsbGD - ok
15:52:29.0258 0x0ff8  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:52:29.0286 0x0ff8  tunnel - ok
15:52:29.0314 0x0ff8  [ 54BDBF3D4DED58DA78B702471C68D4CA, D12F9F09FFE7D38A5EE6BF79DB74D775A9861C3C87E06D7C23259E47247B1782 ] TVALZ           C:\windows\system32\drivers\TVALZ_O.SYS
15:52:29.0327 0x0ff8  TVALZ - ok
15:52:29.0351 0x0ff8  [ 55A9A23DD64EB7781FCAB565B028CD0E, 44CE0C8244F9AE6CCCDB49C29F6D35FE4CE8C92DE5B5D44D22DBD088DE83AA10 ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
15:52:29.0360 0x0ff8  TVALZFL - ok
15:52:29.0382 0x0ff8  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\windows\system32\drivers\uagp35.sys
15:52:29.0397 0x0ff8  uagp35 - ok
15:52:29.0435 0x0ff8  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\windows\System32\drivers\uaspstor.sys
15:52:29.0456 0x0ff8  UASPStor - ok
15:52:29.0490 0x0ff8  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\windows\System32\drivers\ucx01000.sys
15:52:29.0510 0x0ff8  UCX01000 - ok
15:52:29.0572 0x0ff8  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:52:29.0630 0x0ff8  udfs - ok
15:52:29.0658 0x0ff8  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:52:29.0679 0x0ff8  UI0Detect - ok
15:52:29.0710 0x0ff8  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:52:29.0729 0x0ff8  uliagpkx - ok
15:52:29.0745 0x0ff8  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\windows\System32\drivers\umbus.sys
15:52:29.0774 0x0ff8  umbus - ok
15:52:29.0786 0x0ff8  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\windows\System32\drivers\umpass.sys
15:52:29.0800 0x0ff8  UmPass - ok
15:52:29.0831 0x0ff8  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\windows\System32\umrdp.dll
15:52:29.0855 0x0ff8  UmRdpService - ok
15:52:29.0883 0x0ff8  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\windows\System32\upnphost.dll
15:52:29.0943 0x0ff8  upnphost - ok
15:52:29.0974 0x0ff8  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\windows\System32\drivers\usbccgp.sys
15:52:30.0005 0x0ff8  usbccgp - ok
15:52:30.0037 0x0ff8  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\windows\System32\drivers\usbcir.sys
15:52:30.0059 0x0ff8  usbcir - ok
15:52:30.0084 0x0ff8  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\windows\System32\drivers\usbehci.sys
15:52:30.0101 0x0ff8  usbehci - ok
15:52:30.0115 0x0ff8  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
15:52:30.0125 0x0ff8  usbfilter - ok
15:52:30.0175 0x0ff8  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\windows\System32\drivers\usbhub.sys
15:52:30.0221 0x0ff8  usbhub - ok
15:52:30.0263 0x0ff8  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\windows\System32\drivers\UsbHub3.sys
15:52:30.0296 0x0ff8  USBHUB3 - ok
15:52:30.0322 0x0ff8  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\windows\System32\drivers\usbohci.sys
15:52:30.0341 0x0ff8  usbohci - ok
15:52:30.0369 0x0ff8  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\windows\System32\drivers\usbprint.sys
15:52:30.0410 0x0ff8  usbprint - ok
15:52:30.0444 0x0ff8  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\windows\System32\drivers\USBSTOR.SYS
15:52:30.0460 0x0ff8  USBSTOR - ok
15:52:30.0498 0x0ff8  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\windows\System32\drivers\usbuhci.sys
15:52:30.0538 0x0ff8  usbuhci - ok
15:52:30.0596 0x0ff8  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
15:52:30.0632 0x0ff8  usbvideo - ok
15:52:30.0671 0x0ff8  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\windows\System32\drivers\USBXHCI.SYS
15:52:30.0696 0x0ff8  USBXHCI - ok
15:52:30.0717 0x0ff8  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\windows\system32\lsass.exe
15:52:30.0733 0x0ff8  VaultSvc - ok
15:52:30.0767 0x0ff8  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:52:30.0798 0x0ff8  vdrvroot - ok
15:52:30.0862 0x0ff8  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\windows\System32\vds.exe
15:52:30.0929 0x0ff8  vds - ok
15:52:30.0947 0x0ff8  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\windows\system32\drivers\VerifierExt.sys
15:52:30.0963 0x0ff8  VerifierExt - ok
15:52:31.0005 0x0ff8  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\windows\System32\drivers\vhdmp.sys
15:52:31.0054 0x0ff8  vhdmp - ok
15:52:31.0075 0x0ff8  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\windows\system32\drivers\viaide.sys
15:52:31.0089 0x0ff8  viaide - ok
15:52:31.0104 0x0ff8  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\windows\system32\drivers\vmbus.sys
15:52:31.0119 0x0ff8  vmbus - ok
15:52:31.0139 0x0ff8  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\windows\System32\drivers\VMBusHID.sys
15:52:31.0164 0x0ff8  VMBusHID - ok
15:52:31.0200 0x0ff8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\windows\System32\ICSvc.dll
15:52:31.0224 0x0ff8  vmicheartbeat - ok
15:52:31.0237 0x0ff8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
15:52:31.0260 0x0ff8  vmickvpexchange - ok
15:52:31.0300 0x0ff8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\windows\System32\ICSvc.dll
15:52:31.0365 0x0ff8  vmicrdv - ok
15:52:31.0400 0x0ff8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\windows\System32\ICSvc.dll
15:52:31.0423 0x0ff8  vmicshutdown - ok
15:52:31.0440 0x0ff8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\windows\System32\ICSvc.dll
15:52:31.0465 0x0ff8  vmictimesync - ok
15:52:31.0511 0x0ff8  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\windows\System32\ICSvc.dll
15:52:31.0534 0x0ff8  vmicvss - ok
15:52:31.0558 0x0ff8  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:52:31.0635 0x0ff8  volmgr - ok
15:52:31.0667 0x0ff8  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:52:31.0701 0x0ff8  volmgrx - ok
15:52:31.0748 0x0ff8  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\windows\system32\drivers\volsnap.sys
15:52:31.0828 0x0ff8  volsnap - ok
15:52:31.0877 0x0ff8  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\windows\System32\drivers\vpci.sys
15:52:31.0919 0x0ff8  vpci - ok
15:52:31.0956 0x0ff8  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
15:52:31.0988 0x0ff8  vsmraid - ok
15:52:32.0185 0x0ff8  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\windows\system32\vssvc.exe
15:52:32.0298 0x0ff8  VSS - ok
15:52:32.0327 0x0ff8  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\windows\system32\drivers\vstxraid.sys
15:52:32.0351 0x0ff8  VSTXRAID - ok
15:52:32.0371 0x0ff8  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
15:52:32.0386 0x0ff8  vwifibus - ok
15:52:32.0409 0x0ff8  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:52:32.0425 0x0ff8  vwififlt - ok
15:52:32.0431 0x0ff8  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
15:52:32.0447 0x0ff8  vwifimp - ok
15:52:32.0479 0x0ff8  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\windows\system32\w32time.dll
15:52:32.0520 0x0ff8  W32Time - ok
15:52:32.0554 0x0ff8  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\windows\System32\drivers\wacompen.sys
15:52:32.0570 0x0ff8  WacomPen - ok
15:52:32.0598 0x0ff8  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
15:52:32.0626 0x0ff8  Wanarp - ok
15:52:32.0632 0x0ff8  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:52:32.0648 0x0ff8  Wanarpv6 - ok
15:52:32.0820 0x0ff8  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\windows\system32\wbengine.exe
15:52:32.0980 0x0ff8  wbengine - ok
15:52:33.0018 0x0ff8  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:52:33.0046 0x0ff8  WbioSrvc - ok
15:52:33.0083 0x0ff8  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\windows\System32\wcmsvc.dll
15:52:33.0129 0x0ff8  Wcmsvc - ok
15:52:33.0168 0x0ff8  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:52:33.0298 0x0ff8  wcncsvc - ok
15:52:33.0346 0x0ff8  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:52:33.0402 0x0ff8  WcsPlugInService - ok
15:52:33.0431 0x0ff8  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\windows\system32\drivers\wd.sys
15:52:33.0443 0x0ff8  Wd - ok
15:52:33.0474 0x0ff8  [ 3772FF85F0098686B0DCD77076AE0786, 8B0221F6003C53856676FFD9CDCFF43DF29B410AB2F340C10BB858F0E6EC14CE ] WdBoot          C:\windows\system32\drivers\WdBoot.sys
15:52:33.0489 0x0ff8  WdBoot - ok
15:52:33.0579 0x0ff8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:52:33.0685 0x0ff8  Wdf01000 - ok
15:52:33.0762 0x0ff8  [ AB6F7DE8BFBF61A42F8764D9A621BD8B, DEFDC9FDC0B234403EE1339105B8D12B486D77B3BA01A703339B5DB8B95FA4D8 ] WdFilter        C:\windows\system32\drivers\WdFilter.sys
15:52:33.0854 0x0ff8  WdFilter - ok
15:52:33.0900 0x0ff8  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:52:33.0927 0x0ff8  WdiServiceHost - ok
15:52:33.0934 0x0ff8  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:52:33.0960 0x0ff8  WdiSystemHost - ok
15:52:34.0025 0x0ff8  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\windows\System32\webclnt.dll
15:52:34.0132 0x0ff8  WebClient - ok
15:52:34.0174 0x0ff8  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:52:34.0218 0x0ff8  Wecsvc - ok
15:52:34.0233 0x0ff8  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:52:34.0303 0x0ff8  wercplsupport - ok
15:52:34.0335 0x0ff8  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\windows\System32\WerSvc.dll
15:52:34.0371 0x0ff8  WerSvc - ok
15:52:34.0404 0x0ff8  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\windows\system32\DRIVERS\wfplwfs.sys
15:52:34.0419 0x0ff8  WFPLWFS - ok
15:52:34.0439 0x0ff8  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\windows\System32\wiarpc.dll
15:52:34.0466 0x0ff8  WiaRpc - ok
15:52:34.0494 0x0ff8  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:52:34.0508 0x0ff8  WIMMount - ok
15:52:34.0547 0x0ff8  WinDefend - ok
15:52:34.0670 0x0ff8  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
15:52:34.0722 0x0ff8  WinHttpAutoProxySvc - ok
15:52:34.0817 0x0ff8  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:52:34.0878 0x0ff8  Winmgmt - ok
15:52:35.0073 0x0ff8  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\windows\system32\WsmSvc.dll
15:52:35.0210 0x0ff8  WinRM - ok
15:52:35.0444 0x0ff8  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
15:52:35.0513 0x0ff8  WinUsb - ok
15:52:35.0644 0x0ff8  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\windows\System32\wlansvc.dll
15:52:35.0710 0x0ff8  WlanSvc - ok
15:52:35.0923 0x0ff8  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\windows\system32\wlidsvc.dll
15:52:36.0065 0x0ff8  wlidsvc - ok
15:52:36.0098 0x0ff8  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\windows\System32\drivers\wmiacpi.sys
15:52:36.0112 0x0ff8  WmiAcpi - ok
15:52:36.0146 0x0ff8  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:52:36.0176 0x0ff8  wmiApSrv - ok
15:52:36.0200 0x0ff8  WMPNetworkSvc - ok
15:52:36.0235 0x0ff8  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\windows\system32\DRIVERS\wpcfltr.sys
15:52:36.0302 0x0ff8  wpcfltr - ok
15:52:36.0364 0x0ff8  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:52:36.0394 0x0ff8  WPCSvc - ok
15:52:36.0425 0x0ff8  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:52:36.0459 0x0ff8  WPDBusEnum - ok
15:52:36.0482 0x0ff8  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\windows\system32\drivers\WpdUpFltr.sys
15:52:36.0510 0x0ff8  WpdUpFltr - ok
15:52:36.0547 0x0ff8  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:52:36.0586 0x0ff8  ws2ifsl - ok
15:52:36.0627 0x0ff8  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\windows\System32\wscsvc.dll
15:52:36.0666 0x0ff8  wscsvc - ok
15:52:36.0691 0x0ff8  [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice  C:\windows\System32\drivers\WSDPrint.sys
15:52:36.0705 0x0ff8  WSDPrintDevice - ok
15:52:36.0730 0x0ff8  [ FA07DF46070F0826139709EF4D31FB71, 8F46A55D5C4336536E7974C9CEAFED55E7E9E9BF133D2AD0F6A55174F70B2F03 ] WSDScan         C:\windows\System32\drivers\WSDScan.sys
15:52:36.0754 0x0ff8  WSDScan - ok
15:52:36.0760 0x0ff8  WSearch - ok
15:52:37.0074 0x0ff8  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\windows\System32\WSService.dll
15:52:37.0222 0x0ff8  WSService - ok
15:52:37.0452 0x0ff8  [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv        C:\windows\system32\wuaueng.dll
15:52:37.0648 0x0ff8  wuauserv - ok
15:52:37.0673 0x0ff8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:52:37.0703 0x0ff8  WudfPf - ok
15:52:37.0730 0x0ff8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\System32\drivers\WUDFRd.sys
15:52:37.0762 0x0ff8  WUDFRd - ok
15:52:37.0773 0x0ff8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP    C:\windows\system32\DRIVERS\WUDFRd.sys
15:52:37.0791 0x0ff8  WUDFSensorLP - ok
15:52:37.0835 0x0ff8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:52:37.0867 0x0ff8  wudfsvc - ok
15:52:37.0903 0x0ff8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\windows\system32\DRIVERS\WUDFRd.sys
15:52:37.0922 0x0ff8  WUDFWpdFs - ok
15:52:37.0936 0x0ff8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\windows\system32\DRIVERS\WUDFRd.sys
15:52:37.0956 0x0ff8  WUDFWpdMtp - ok
15:52:37.0993 0x0ff8  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\windows\System32\wwansvc.dll
15:52:38.0039 0x0ff8  WwanSvc - ok
15:52:38.0056 0x0ff8  ================ Scan global ===============================
15:52:38.0095 0x0ff8  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
15:52:38.0134 0x0ff8  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
15:52:38.0162 0x0ff8  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
15:52:38.0214 0x0ff8  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\windows\system32\services.exe
15:52:38.0231 0x0ff8  [ Global ] - ok
15:52:38.0232 0x0ff8  ================ Scan MBR ==================================
15:52:38.0249 0x0ff8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:52:38.0510 0x0ff8  \Device\Harddisk0\DR0 - ok
15:52:38.0510 0x0ff8  ================ Scan VBR ==================================
15:52:38.0556 0x0ff8  [ 16D9BDA5561EE8FC3B41738A3E439747 ] \Device\Harddisk0\DR0\Partition1
15:52:38.0576 0x0ff8  \Device\Harddisk0\DR0\Partition1 - ok
15:52:38.0596 0x0ff8  [ BA12F49A30C98E08E183C6888A52FA9F ] \Device\Harddisk0\DR0\Partition2
15:52:38.0618 0x0ff8  \Device\Harddisk0\DR0\Partition2 - ok
15:52:38.0635 0x0ff8  [ F7769F4DFE9FA09660B5AD1485218409 ] \Device\Harddisk0\DR0\Partition3
15:52:38.0674 0x0ff8  \Device\Harddisk0\DR0\Partition3 - ok
15:52:38.0717 0x0ff8  [ 9123B3A9260EACC329B272E9D6423D76 ] \Device\Harddisk0\DR0\Partition4
15:52:38.0752 0x0ff8  \Device\Harddisk0\DR0\Partition4 - ok
15:52:38.0783 0x0ff8  [ 7206EAFC35D82E2A6860E679B490578E ] \Device\Harddisk0\DR0\Partition5
15:52:38.0828 0x0ff8  \Device\Harddisk0\DR0\Partition5 - ok
15:52:38.0829 0x0ff8  ================ Scan generic autorun ======================
15:52:39.0620 0x0ff8  [ 9AC062437035B077C0F3B1BD738EC82A, DAC42AA903C3A6F7CB196D3D738FFDDADC8BD2138F0703F1DB035337540D53B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:52:40.0106 0x0ff8  RTHDVCPL - ok
15:52:40.0165 0x0ff8  TCrdMain - ok
15:52:40.0236 0x0ff8  [ 788D0DE4CF3FEAE0782437CC2CF6E23A, 5C48F11B5C25FB6A79F5A18156C8F45E21305E12EA7C5AC9E6EEC7D96A83C605 ] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
15:52:40.0262 0x0ff8  TecoResident - ok
15:52:40.0263 0x0ff8  TosWaitSrv - ok
15:52:40.0329 0x0ff8  [ 6EF487A46FB615DF717F85D7458BD2CD, 07FBA249818A2542138C0477A86884D7C2DA1A43C17EF4A68B4A4CF97489E71C ] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
15:52:40.0343 0x0ff8  TODDMain - ok
15:52:40.0450 0x0ff8  [ 2D7816ACDA1CC85C873CBC19A4121D58, 3F3E41EBEF81DB8C2A84A8E75D1E4852046A10A5DCB8CCCC2ADF7FD0DC8EEF66 ] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
15:52:40.0480 0x0ff8  ToshibaAppPlace - detected UnsignedFile.Multi.Generic ( 1 )
15:52:43.0220 0x0ff8  Detect skipped due to KSN trusted
15:52:43.0220 0x0ff8  ToshibaAppPlace - ok
15:52:43.0438 0x0ff8  [ 38161F642AA7A2882914DDB0E90FF41C, 76236F618A6646BFD286641543E068285B71169FBF44381BB7EE6396EA67EC24 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
15:52:43.0536 0x0ff8  StartCCC - ok
15:52:43.0787 0x0ff8  [ F0BAA32079AE30E609C9D162EBAA2E09, 9099180291E840921880FB18208240EC3AC48AA536E97A0558BD0AA78266F33A ] C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe
15:52:43.0889 0x0ff8  TPUReg - detected UnsignedFile.Multi.Generic ( 1 )
15:52:46.0217 0x1be8  Object required for P2P: [ 788D0DE4CF3FEAE0782437CC2CF6E23A ] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
15:52:46.0524 0x0ff8  Detect skipped due to KSN trusted
15:52:46.0524 0x0ff8  TPUReg - ok
15:52:46.0628 0x0ff8  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:52:46.0670 0x0ff8  SunJavaUpdateSched - ok
15:52:46.0736 0x0ff8  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:52:46.0754 0x0ff8  APSDaemon - ok
15:52:46.0814 0x0ff8  [ 07C4EBD3107799774FA3103956CD1C40, BB798DE0F18D2A28B18467D958B68C23DBA0A802512C36E708D9EBD9352492F6 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
15:52:46.0834 0x0ff8  IndexSearch - ok
15:52:46.0867 0x0ff8  [ E5F1D2C7D51C816437BBE2306828BC4B, BBBEB3294EF02F3E4C73A3A2FAE83C261A095602D86E1FF272C6FDFCE0C05E1B ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
15:52:46.0876 0x0ff8  PaperPort PTD - ok
15:52:46.0904 0x0ff8  [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A, BD833CF275B4EC4EC12E868EB2EE049A6F9F0792A326BEAEB1433586257C098F ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe
15:52:46.0921 0x0ff8  PPort12reminder - ok
15:52:47.0018 0x0ff8  [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
15:52:47.0065 0x0ff8  PDFHook - ok
15:52:47.0096 0x0ff8  [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
15:52:47.0106 0x0ff8  PDF5 Registry Controller - ok
15:52:47.0547 0x0ff8  [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
15:52:47.0764 0x0ff8  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
15:52:48.0971 0x1be8  Object send P2P result: true
15:52:50.0496 0x0ff8  Detect skipped due to KSN trusted
15:52:50.0496 0x0ff8  BrStsMon00 - ok
15:52:50.0710 0x0ff8  [ 362A6B6B67380D9950676A8A130B0D75, 33EEEDF14B136DC98578000E0862B94F365AB2824D9C9827A698BC6C6733C980 ] C:\Users\Public\Humana\GearSync\Humana_GearSync.exe
15:52:50.0742 0x0ff8  GearSyncAutoStart - ok
15:52:51.0189 0x0ff8  [ A78AAB0D2D70EF7DD56B7328AC502059, 4B81CDFC128A1D503E362975ECA587351EC223C72FC1EB587842C456EB167FE8 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:52:51.0372 0x0ff8  AvastUI.exe - ok
15:52:51.0526 0x0ff8  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
15:52:51.0545 0x0ff8  iTunesHelper - ok
15:52:51.0664 0x0ff8  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
15:52:51.0687 0x0ff8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
15:52:54.0430 0x0ff8  Detect skipped due to KSN trusted
15:52:54.0431 0x0ff8  QuickTime Task - ok
15:52:54.0599 0x0ff8  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
15:52:54.0624 0x0ff8  ISUSPM - ok
15:52:54.0666 0x0ff8  [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
15:52:54.0693 0x0ff8  iCloudServices - ok
15:52:54.0734 0x0ff8  [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
15:52:54.0743 0x0ff8  ApplePhotoStreams - ok
15:52:54.0809 0x0ff8  [ DAB55357D9CC9A76052F4472EBD5C729, 6028463D46079D1D8AD564197B54D89035AD85472A80ABA2FD11D3F7A91FCAD4 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
15:52:54.0875 0x0ff8  AppleIEDAV - ok
15:52:55.0106 0x0ff8  [ 73E937A0728DE6F3FAD42BC690285E9E, AACD4E31720E82C44762A23DDE83FCA3FD01322B21C87001BC5F9D0962FE9ECC ] C:\Users\Rebecca\AppData\Roaming\Smilebox\SmileboxTray.exe
15:52:55.0155 0x0ff8  SmileboxTray - ok
15:52:55.0157 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:52:56.0158 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:52:57.0159 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:52:58.0160 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:52:59.0161 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:00.0162 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:01.0162 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:02.0163 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:03.0163 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:04.0164 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:05.0164 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:06.0164 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:07.0165 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:08.0165 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:09.0165 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:10.0166 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:11.0166 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:12.0167 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:13.0167 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:14.0168 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:15.0169 0x0ff8  Waiting for KSN requests completion. In queue: 8
15:53:16.0230 0x0ff8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
15:53:16.0259 0x0ff8  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x40000 ( disabled : updated )
15:53:16.0288 0x0ff8  Win FW state via NFP2: enabled
15:53:18.0879 0x0ff8  ============================================================
15:53:18.0879 0x0ff8  Scan finished
15:53:18.0879 0x0ff8  ============================================================
15:53:18.0901 0x18b4  Detected object count: 0
15:53:18.0901 0x18b4  Actual detected object count: 0
15:54:14.0143 0x1af8  Deinitialize success
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Rebecca (administrator) on BECCASLAPTOP on 03-08-2014 15:55:26
Running from C:\Users\Rebecca\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe [2085376 2012-07-09] (TODO: <公司名稱>)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GearSyncAutoStart] => C:\Users\Public\Humana\GearSync\Humana_GearSync.exe [535112 2012-08-23] (Humana Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-04] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\Run: [SmileboxTray] => C:\Users\Rebecca\AppData\Roaming\Smilebox\SmileboxTray.exe [338216 2014-03-07] (Smilebox, Inc.)
HKU\S-1-5-21-1308010096-3944127759-420151042-1001\...\MountPoints2: {d4a5bbda-287f-11e3-be88-7054d287e180} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Rebecca\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rebecca\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKLM - {C9188E60-564C-4A8E-BB9E-75F0C34552E5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://employees.raleighnc.gov/+CSCOL+/csvrloader32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{0A8D9DF2-C217-4A1F-851D-E238675244D9}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{2D55962E-7382-425E-99DE-B7478DBE3120}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{97e1de57-d6fa-11e1-be62-806e6f6e6963}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{D7FB62E2-6B5B-472A-A9F6-04D994D2CA94}: [NameServer]75.126.206.18,184.173.169.186
 
FireFox:
========
FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\x0z6z2wq.default-1405914423513
FF NewTab: about:newtab
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-04]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-04]
CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-04]
CHR Extension: (No Name) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn [2014-02-04]
CHR Extension: (Google Search) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-04]
CHR Extension: (avast! Online Security) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]
CHR Extension: (No Name) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-07-21]
CHR Extension: (Skype Click to Call) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2014-02-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-04] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-14] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-14] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-03 15:55 - 2014-08-03 15:55 - 00023654 _____ () C:\Users\Rebecca\Desktop\FRST.txt
2014-08-03 15:50 - 2014-08-03 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Rebecca\Desktop\tdsskiller.exe
2014-08-03 07:43 - 2014-08-03 07:43 - 00007074 _____ () C:\Users\Rebecca\Desktop\AdwCleaner[S0].txt
2014-08-03 07:42 - 2014-08-03 07:42 - 00448512 _____ (OldTimer Tools) C:\Users\Rebecca\Desktop\TFC.exe
2014-08-03 02:10 - 2014-08-03 07:39 - 00000000 ____D () C:\AdwCleaner
2014-08-03 02:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-03 02:09 - 2014-08-03 02:09 - 01361309 _____ () C:\Users\Rebecca\Desktop\AdwCleaner.exe
2014-08-03 02:09 - 2014-08-03 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-03 02:08 - 2014-08-03 02:08 - 01016261 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT (1).exe
2014-08-03 02:08 - 2014-08-03 02:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 02:08 - 2014-08-03 02:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-03 02:04 - 2014-08-03 02:04 - 00002657 _____ () C:\Users\Rebecca\Desktop\JRT.txt
2014-08-03 01:56 - 2014-08-03 01:56 - 01016261 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT.exe
2014-08-03 01:56 - 2014-08-03 01:56 - 00000000 ____D () C:\windows\ERUNT
2014-08-02 12:57 - 2014-08-02 13:29 - 00003956 _____ () C:\Users\Rebecca\Desktop\aswMBR.txt
2014-08-02 12:57 - 2014-08-02 13:29 - 00000512 _____ () C:\Users\Rebecca\Desktop\MBR.dat
2014-08-02 12:51 - 2014-08-02 12:51 - 05185536 _____ (AVAST Software) C:\Users\Rebecca\Desktop\aswmbr.exe
2014-08-02 12:49 - 2014-08-02 12:51 - 05125676 _____ () C:\Users\Rebecca\Downloads\aswmbr.exe
2014-08-02 12:43 - 2014-08-02 12:44 - 00040505 _____ () C:\Users\Rebecca\Downloads\Addition.txt
2014-08-02 12:42 - 2014-08-02 12:44 - 00057284 _____ () C:\Users\Rebecca\Downloads\FRST.txt
2014-08-02 12:40 - 2014-08-03 15:55 - 00000000 ____D () C:\FRST
2014-08-02 12:37 - 2014-08-02 12:37 - 02094080 _____ (Farbar) C:\Users\Rebecca\Desktop\FRST64.exe
2014-08-02 12:36 - 2014-08-02 12:36 - 01084928 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST.exe
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\_
2014-07-28 23:12 - 2014-07-28 23:12 - 01931096 _____ () C:\Users\Rebecca\Downloads\rkill(1).com
2014-07-28 21:59 - 2014-07-28 22:00 - 01917956 _____ () C:\Users\Rebecca\Downloads\rkill.exe
2014-07-28 21:57 - 2014-07-28 21:58 - 01934016 _____ () C:\Users\Rebecca\Downloads\rkill.com
2014-07-24 19:52 - 2014-07-24 19:52 - 00684612 _____ (Swearware) C:\Users\Rebecca\Downloads\dds(1).com
2014-07-24 19:18 - 2014-07-24 19:18 - 00686072 _____ (Swearware) C:\Users\Rebecca\Downloads\dds.com
2014-07-24 19:09 - 2014-07-24 19:09 - 05505207 _____ (Swearware) C:\Users\Rebecca\Downloads\ComboFix.exe
2014-07-23 22:06 - 2014-07-23 22:06 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3) (1).xlsx
2014-07-23 22:05 - 2014-07-23 22:05 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3).xlsx
2014-07-22 07:27 - 2014-07-22 07:27 - 00316312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-21 21:22 - 2014-07-21 21:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-21 20:56 - 2014-08-03 02:04 - 00002170 _____ () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-21 20:56 - 2014-07-22 07:33 - 00002060 _____ () C:\Users\Rebecca\Desktop\Search.lnk
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Local_Weather_LLC
2014-07-20 23:47 - 2014-07-20 23:47 - 00000000 ____D () C:\Users\Rebecca\Desktop\Old Firefox Data
2014-07-16 22:29 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-16 22:29 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-16 22:29 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-16 22:29 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-16 17:27 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-16 17:27 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:50 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-08 20:50 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-08 20:50 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-08 20:50 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-08 20:50 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-08 20:50 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-08 20:50 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-08 20:50 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 20:50 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-08 20:50 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 20:50 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-08 20:49 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-08 20:49 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-08 20:49 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-08 20:49 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-08 20:49 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-08 20:49 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-08 20:49 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-08 20:49 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-08 20:48 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-08 20:48 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-08 20:48 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-08 20:48 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-08 20:48 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-08 20:48 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-08 20:47 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-08 20:47 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-08 20:47 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-08 20:47 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-08 20:47 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-08 20:47 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-08 20:47 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-08 20:47 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-08 20:47 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-08 20:47 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-08 20:47 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-08 20:47 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-08 20:47 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-08 20:47 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 20:47 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-04 14:36 - 2014-07-04 14:36 - 00001559 _____ () C:\Users\Rebecca\Downloads\contacts.csv
2014-07-04 14:31 - 2014-07-04 14:31 - 00000000 ____D () C:\Users\Rebecca\Desktop\snippets
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-03 15:55 - 2014-08-03 15:55 - 00023654 _____ () C:\Users\Rebecca\Desktop\FRST.txt
2014-08-03 15:55 - 2014-08-02 12:40 - 00000000 ____D () C:\FRST
2014-08-03 15:50 - 2014-08-03 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Rebecca\Desktop\tdsskiller.exe
2014-08-03 15:49 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-03 08:28 - 2013-04-04 22:41 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 08:09 - 2013-04-03 13:00 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1308010096-3944127759-420151042-1001
2014-08-03 07:56 - 2013-04-04 22:41 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 07:53 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-03 07:43 - 2014-08-03 07:43 - 00007074 _____ () C:\Users\Rebecca\Desktop\AdwCleaner[S0].txt
2014-08-03 07:42 - 2014-08-03 07:42 - 00448512 _____ (OldTimer Tools) C:\Users\Rebecca\Desktop\TFC.exe
2014-08-03 07:40 - 2012-08-18 07:10 - 01258222 _____ () C:\windows\PFRO.log
2014-08-03 07:40 - 2012-07-26 01:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-08-03 07:39 - 2014-08-03 02:10 - 00000000 ____D () C:\AdwCleaner
2014-08-03 02:20 - 2013-04-03 12:50 - 02012016 _____ () C:\windows\WindowsUpdate.log
2014-08-03 02:09 - 2014-08-03 02:09 - 01361309 _____ () C:\Users\Rebecca\Desktop\AdwCleaner.exe
2014-08-03 02:09 - 2014-08-03 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-03 02:08 - 2014-08-03 02:08 - 01016261 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT (1).exe
2014-08-03 02:08 - 2014-08-03 02:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 02:08 - 2014-08-03 02:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-03 02:04 - 2014-08-03 02:04 - 00002657 _____ () C:\Users\Rebecca\Desktop\JRT.txt
2014-08-03 02:04 - 2014-07-21 20:56 - 00002170 _____ () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-03 01:56 - 2014-08-03 01:56 - 01016261 _____ (Thisisu) C:\Users\Rebecca\Downloads\JRT.exe
2014-08-03 01:56 - 2014-08-03 01:56 - 00000000 ____D () C:\windows\ERUNT
2014-08-02 21:26 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-08-02 13:29 - 2014-08-02 12:57 - 00003956 _____ () C:\Users\Rebecca\Desktop\aswMBR.txt
2014-08-02 13:29 - 2014-08-02 12:57 - 00000512 _____ () C:\Users\Rebecca\Desktop\MBR.dat
2014-08-02 12:58 - 2013-07-04 13:15 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Apple Computer
2014-08-02 12:51 - 2014-08-02 12:51 - 05185536 _____ (AVAST Software) C:\Users\Rebecca\Desktop\aswmbr.exe
2014-08-02 12:51 - 2014-08-02 12:49 - 05125676 _____ () C:\Users\Rebecca\Downloads\aswmbr.exe
2014-08-02 12:44 - 2014-08-02 12:43 - 00040505 _____ () C:\Users\Rebecca\Downloads\Addition.txt
2014-08-02 12:44 - 2014-08-02 12:42 - 00057284 _____ () C:\Users\Rebecca\Downloads\FRST.txt
2014-08-02 12:37 - 2014-08-02 12:37 - 02094080 _____ (Farbar) C:\Users\Rebecca\Desktop\FRST64.exe
2014-08-02 12:36 - 2014-08-02 12:36 - 01084928 _____ (Farbar) C:\Users\Rebecca\Downloads\FRST.exe
2014-08-02 12:12 - 2014-03-29 18:08 - 00000000 ____D () C:\Users\Rebecca\Desktop\Controlled Sites
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\_
2014-08-02 07:11 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-08-02 07:05 - 2013-04-04 18:11 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\CrashDumps
2014-07-28 23:12 - 2014-07-28 23:12 - 01931096 _____ () C:\Users\Rebecca\Downloads\rkill(1).com
2014-07-28 23:04 - 2012-07-26 01:26 - 00000194 _____ () C:\windows\win.ini
2014-07-28 22:35 - 2013-08-26 22:43 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2014-07-28 22:35 - 2012-12-26 02:52 - 00002982 _____ () C:\windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-07-28 22:35 - 2012-07-26 03:21 - 00025197 _____ () C:\windows\setupact.log
2014-07-28 22:00 - 2014-07-28 21:59 - 01917956 _____ () C:\Users\Rebecca\Downloads\rkill.exe
2014-07-28 21:58 - 2014-07-28 21:57 - 01934016 _____ () C:\Users\Rebecca\Downloads\rkill.com
2014-07-24 19:52 - 2014-07-24 19:52 - 00684612 _____ (Swearware) C:\Users\Rebecca\Downloads\dds(1).com
2014-07-24 19:18 - 2014-07-24 19:18 - 00686072 _____ (Swearware) C:\Users\Rebecca\Downloads\dds.com
2014-07-24 19:09 - 2014-07-24 19:09 - 05505207 _____ (Swearware) C:\Users\Rebecca\Downloads\ComboFix.exe
2014-07-23 22:07 - 2013-04-03 12:50 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Packages
2014-07-23 22:06 - 2014-07-23 22:06 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3) (1).xlsx
2014-07-23 22:05 - 2014-07-23 22:05 - 00080532 _____ () C:\Users\Rebecca\Downloads\072114R Jordan at Southpoint Inspection Report (3).xlsx
2014-07-22 07:33 - 2014-07-21 20:56 - 00002060 _____ () C:\Users\Rebecca\Desktop\Search.lnk
2014-07-22 07:27 - 2014-07-22 07:27 - 00316312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-21 21:46 - 2014-02-04 19:25 - 00000000 ____D () C:\Program Files (x86)\sp
2014-07-21 21:22 - 2014-07-21 21:22 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-21 20:55 - 2014-07-21 20:55 - 00000000 ____D () C:\Users\Rebecca\AppData\Local\Local_Weather_LLC
2014-07-20 23:47 - 2014-07-20 23:47 - 00000000 ____D () C:\Users\Rebecca\Desktop\Old Firefox Data
2014-07-20 23:45 - 2013-10-23 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-20 22:35 - 2013-04-04 22:41 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 13:39 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-07-17 13:34 - 2013-08-16 11:46 - 00000000 ____D () C:\windows\system32\MRT
2014-07-17 13:34 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-17 13:32 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-17 13:31 - 2013-04-04 23:22 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-16 17:31 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-16 17:23 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 17:23 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 17:23 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore
2014-07-16 17:23 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 20:45 - 2013-04-23 17:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-04 14:36 - 2014-07-04 14:36 - 00001559 _____ () C:\Users\Rebecca\Downloads\contacts.csv
2014-07-04 14:31 - 2014-07-04 14:31 - 00000000 ____D () C:\Users\Rebecca\Desktop\snippets
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 16:04
 
==================== End Of Log ============================
 
COMPUTER IS RUNNING GREAT!  THANKS.


#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 03 August 2014 - 03:24 PM

COMPUTER IS RUNNING GREAT! THANKS.


You're welcome, that's what I love to hear. :) Let's run some scans for any remnants on your machine and check for out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 03 August 2014 - 08:59 PM

When I try to open the Malwarebytes ANti-malware there is an error that comes up and says setup was unable to create the directory "C:\Users\Rebecca\AppData\Local\Temp\is-7Hobo.tmp."  Error 5: Access is denied  I even tried to run as administrator and it says the same thing.  So close!



#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 03 August 2014 - 09:22 PM

When I try to open the Malwarebytes ANti-malware there is an error that comes up and says setup was unable to create the directory "C:\Users\Rebecca\AppData\Local\Temp\is-7Hobo.tmp."  Error 5: Access is denied  I even tried to run as administrator and it says the same thing.  So close!


Ok, let's run the Malwarebytes Cleaning Tool to get clean your system of any traces of that installation of Malwarebytes and then try it again. :)


Please download mbam-clean.exe from here to your desktop and save it.

Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.

Locate the file mbam-clean.exe and double-click to run it and follow the onscreen prompts.

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, ensure that your antivirus is enabled and download the latest version of Malwarebytes Anti-Malware from here and save it to your desktop.

Now close all open applications including your browser and again temporarily disable your antivirus as before and launch the Malwarebytes installer you just downloaded.

If you have never tried the PREMIUM version Trial and wish to do so then leave the Trial checkmark enabled otherwise please make sure to uncheck the Trial checkmark near the end of the installation if you do not wish to try the PREMIUM version features for 14 days.

Please make sure you check for updates at the end of the installation as well.

Make sure you have re-enabled your Anti-Virus/Internet-Security applications.

If it installs correctly, then run the scan as instructed in the previous post. :) If not, please let me know.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 04 August 2014 - 04:58 PM

That didn't work.  It downloaded  mbam-clean.exe but it went through the dialog boxes really fast and asked me to reboot immediately after I told to run it.  I then tried to run the mbam-set and it says the same error message



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 04 August 2014 - 06:03 PM

Ok, let's see if this clears up the issue. :)


Download Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems. When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to somewhere you can find it.

Double click to open and follow the prompts to install.

Once installed click on the tab Start Repairs and the button Start

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Windows Firewall
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Repair Hosts File
• Remove Policies Set By Infections
• Repair Icons
• Repair Winsock & DNS Cache
• Remove Temp Files
• Repair Proxy Settings
• Unhide Non System Files
• Repair Windows Updates
• Repair CD/DVD Missing/Not Working

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

If it asks you to back up your system click No and continue

When it is finished, please try the Malwarebytes setup again.

Edited by pystryker, 04 August 2014 - 06:13 PM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 rebeccaferres

rebeccaferres
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 05 August 2014 - 08:20 PM

After I ran the Windows Repair I was able to run all three of the programs in the previous post.  The results below include 

  • ESET Scan Log

  • MBAM Log

  • SecurityCheck Log

ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e3de0151f589dc409a3f2f86a34288e4
# engine=19518
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-06 12:59:34
# local_time=2014-08-05 08:59:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 98 11760112 15643039 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5576661 66706485 0 0
# scanned=203604
# found=18
# cleaned=0
# scan_time=7766
sh=22DF0C5225334D3AD807485F5E9DC92AD42DB731 ft=1 fh=10832299a7779ae3 vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rebecca\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir"
sh=D0F6C51BC703AA258A64FCC19222A7B0C65056AE ft=1 fh=68d916644442997d vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\findopolis.FirstRun.exe"
sh=60D62D4D01CB771E465441A9B8D4EFBEE253117C ft=1 fh=1c12f99f0ec34631 vn="a variant of Win32/BrowseFox.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\findopolisBHO.dll"
sh=F160E8DBA12C3F25B5F4B9944D566CB0E105AC24 ft=1 fh=e87504873a3b61ae vn="Win32/BrowseFox.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\findopolisUninstall.exe"
sh=70C77C6F44E352BB2C448978D1D0913EB8ADB693 ft=1 fh=523fd5793ccfcae6 vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\updatefindopolis.exe"
sh=CF9EDC46F39A92B60C96585DA546CC6892D32ADA ft=1 fh=db43f76c8e4b4b1a vn="a variant of Win32/BrowseFox.I potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe"
sh=0B139D45323E0B272A413FF92396BC0E275618C8 ft=1 fh=6f70eb6e7de20445 vn="a variant of Win64/BrowseFox.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe"
sh=F6A9F51FA724446A4814AD48565C93BC5EB62DE7 ft=1 fh=e07738e396eb2703 vn="a variant of Win32/BrowseFox.I potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\findopolisBAApp.dll"
sh=70C77C6F44E352BB2C448978D1D0913EB8ADB693 ft=1 fh=523fd5793ccfcae6 vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\utilfindopolis.exe"
sh=14F4DE77B206179967CDE43A8B781B192B747E93 ft=1 fh=416158c6c39d36ea vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.dll"
sh=EA675F07C5611252C5C18E1A2F6E09FA9FE17ECE ft=1 fh=5a3da84b94ddc4bf vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.Bromon.dll"
sh=EABCFAF3AC25C5C552B0A893956CF575F2E5B007 ft=1 fh=0a55195f34618257 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.BroStats.dll"
sh=5055EC513AE0BF9894AD9BF47FAF1243591A82F2 ft=1 fh=4096ec056cbb0d29 vn="probably a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.BrowserAdapterS.dll"
sh=125C55646B4DC99C243929BDD98278004B71F9CC ft=1 fh=a8bb6b8ddfbc09e5 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.CompatibilityChecker.dll"
sh=A4EF4224117DE51CDA54F538CA9F4020D1F72634 ft=1 fh=248ef2336ec9f247 vn="a variant of MSIL/BrowseFox.E potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.FFUpdate.dll"
sh=BA16461E0A3FCF44E10BF029D20B051BAA0EC2B1 ft=1 fh=f8cef25fb87e2e42 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.IEUpdate.dll"
sh=3858063B79B72FCC0671FE9DE980FEBC9D440A92 ft=1 fh=b06cbfde9235fe53 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.PurBrowseG.dll"
sh=481D5B9739BD00E04F6E605D0152CA9FC5281175 ft=1 fh=cd065fe3ab7bda7d vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.Repmon.dll"
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 8/5/2014 6:33:36 AM, SYSTEM, BECCASLAPTOP, Protection, Malware Protection, Starting, 
Protection, 8/5/2014 6:33:36 AM, SYSTEM, BECCASLAPTOP, Protection, Malware Protection, Started, 
Protection, 8/5/2014 6:33:36 AM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 8/5/2014 6:33:37 AM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Started, 
Update, 8/5/2014 6:33:40 AM, SYSTEM, BECCASLAPTOP, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1, 
Update, 8/5/2014 6:33:47 AM, SYSTEM, BECCASLAPTOP, Manual, Malware Database, 2014.3.4.9, 2014.8.5.3, 
Protection, 8/5/2014 6:33:48 AM, SYSTEM, BECCASLAPTOP, Protection, Refresh, Starting, 
Protection, 8/5/2014 6:33:48 AM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 8/5/2014 6:33:48 AM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 8/5/2014 6:33:59 AM, SYSTEM, BECCASLAPTOP, Protection, Refresh, Success, 
Protection, 8/5/2014 6:34:00 AM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 8/5/2014 6:34:01 AM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Started, 
Protection, 8/5/2014 6:27:19 PM, SYSTEM, BECCASLAPTOP, Protection, Malware Protection, Starting, 
Protection, 8/5/2014 6:27:19 PM, SYSTEM, BECCASLAPTOP, Protection, Malware Protection, Started, 
Protection, 8/5/2014 6:27:19 PM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 8/5/2014 6:27:32 PM, SYSTEM, BECCASLAPTOP, Protection, Malicious Website Protection, Started, 
 
(end)
 

 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Mozilla Firefox (28.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users