Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with possible browser hijack / URL redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 KliaMia

KliaMia

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 04 October 2015 - 02:18 PM

Hello, and thank you in advance for your help.  I am running a 64-bit Windows 7 machine.  I bought it used, and I suspect that it may have originally been a Vista OS that was converted to Windows 7.  I recently removed my Google Chrome browser, because it was exhibiting odd behaviors. Most recently, pages would not open or they would only load partially.  I also noticed that the webpage address that I opened would change to a different URL or the secure https would disappear.  I've also experienced problems off and on using Microsoft Office software, where I could no longer highlight text or copy/paste.

 

I've used ADWcleaner and other tools suggested by a friend, and I thought I had taken care of the issues.   These tools have identified browser hijacks and search redirects, corrupt files, conflicting application component errors, and system errors.  After applying the recommended fixes, it will seem to be okay for a while but I keep experiencing similar issues.  I'm not too tech-savvy, and I need help before I make things worse or bash the PC with a baseball bat!  Thank you again for your patience and assistance. 

 

Here is the contents of the FRST.txt log, and the addition.txt file is attached:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by tom (administrator) on KIMBERLY (04-10-2015 12:18:04)
Running from C:\Users\tom\Desktop\Downloads
Loaded Profiles: tom (Available Profiles: tom & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-19] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6953FB2F-DF78-4E38-A26E-FB93FCF70395}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {1205F8F3-5059-48A6-A7CD-611A2F7C8381} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4156657441-31240855-2336214866-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tom\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-08-30] (Cisco WebEx LLC)
FF Extension: HTTPS-Everywhere - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\https-everywhere@eff.org [2015-09-10]
FF Extension: Flashblock - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-09-10]
FF Extension: WOT - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-16]
FF Extension: NoScript - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-10]
FF Extension: Adblock Plus - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-19] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S4 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-19] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-20] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 12:17 - 2015-10-04 12:18 - 00000000 ___DC C:\FRST
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ___DC C:\Program Files (x86)\Cobian Backup 11
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-10-04 09:24 - 2015-10-04 09:24 - 00001344 _____ C:\Windows\PFRO.log
2015-10-04 09:24 - 2015-10-04 09:24 - 00000056 _____ C:\Windows\setupact.log
2015-10-04 09:24 - 2015-10-04 09:24 - 00000000 _____ C:\Windows\setuperr.log
2015-10-03 11:13 - 2015-10-03 11:13 - 00001102 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\Users\tom\AppData\Local\AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-10-03 11:13 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-10-03 10:27 - 2015-10-03 10:31 - 00000000 ___DC C:\AdwCleaner
2015-09-30 19:24 - 2015-10-01 06:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-09-23 18:51 - 2015-09-23 18:52 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-09-23 18:51 - 2015-09-23 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-23 18:51 - 2015-09-23 18:51 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-23 06:55 - 2015-09-23 07:03 - 00000000 ____D C:\Users\tom\AppData\Local\Microsoft Games
2015-09-21 19:12 - 2015-09-21 19:08 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-21 19:12 - 2015-09-21 19:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\AppData\Roaming\Sun
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\.oracle_jre_usage
2015-09-20 21:06 - 2015-09-20 21:07 - 00664576 _____ C:\Users\tom\Downloads\MicrosoftFixit50562.msi
2015-09-19 20:18 - 2015-09-19 20:18 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Oracle
2015-09-19 13:10 - 2015-09-19 13:10 - 00000000 ____D C:\Users\tom\AppData\Roaming\AVAST Software
2015-09-19 01:18 - 2015-09-19 01:18 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-19 01:18 - 2015-09-19 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-19 01:17 - 2015-10-01 13:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-19 01:17 - 2015-09-19 01:16 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-19 01:17 - 2015-09-19 01:16 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-19 01:16 - 2015-09-19 01:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-19 01:15 - 2015-09-19 01:15 - 00000000 ___DC C:\Program Files\AVAST Software
2015-09-19 01:11 - 2015-09-19 01:12 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-18 19:47 - 2015-09-18 20:30 - 154429024 _____ (AVAST Software) C:\Users\tom\Downloads\avast_free_antivirus_setup.exe
2015-09-16 22:24 - 2015-09-16 22:24 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\tom\Downloads\autoruns.exe
2015-09-12 21:28 - 2015-09-12 21:28 - 00347816 _____ (Microsoft Corporation) C:\Users\tom\Downloads\MicrosoftFixit.Printing.Run(1).exe
2015-09-11 21:21 - 2015-09-11 21:21 - 00000000 ___DC C:\Lexmark
2015-09-11 21:18 - 2015-09-11 21:21 - 24697856 _____ (Lexmark International, Inc. ) C:\Users\tom\Downloads\cjb1200EN.exe
2015-09-11 06:22 - 2015-09-11 06:22 - 00013312 _____ C:\Users\tom\Downloads\Charge Slip Procedures.xls
2015-09-11 01:33 - 2015-09-11 01:33 - 00000000 ____D C:\Users\tom\Downloads\PP1350WGDIWinx86_1611120EN
2015-09-11 01:32 - 2015-09-11 01:33 - 03775807 _____ C:\Users\tom\Downloads\PP1350WGDIWinx86_1611120EN.zip
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ___RD C:\Users\tom\AppData\Roaming\KONICA MINOLTA
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Users\tom\AppData\LocalLow\KONICA MINOLTA
2015-09-11 01:11 - 2015-09-11 01:11 - 00000000 ____D C:\ProgramData\KONICA MINOLTA
2015-09-10 06:33 - 2015-09-10 06:33 - 00000000 ____D C:\Users\tom\Desktop\Old Firefox Data
2015-09-10 01:58 - 2015-09-30 16:29 - 00000000 ___HD C:\$Windows.~BT
2015-09-09 06:21 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 06:21 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 06:21 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 06:21 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 06:21 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 06:21 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 06:21 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 06:21 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 06:21 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 06:21 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 06:21 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 06:21 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 06:21 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 06:21 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 06:21 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 06:21 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 06:21 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 06:21 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 06:21 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 06:21 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 06:21 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 06:21 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 06:21 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 06:21 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 06:21 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 06:21 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 06:21 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 06:21 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 06:21 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 06:21 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 06:21 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 06:21 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 06:21 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 06:21 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 06:21 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 06:21 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 06:21 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 06:21 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 06:21 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 06:21 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 06:21 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 06:21 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 06:21 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 06:21 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 06:21 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 06:21 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 06:20 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 06:20 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 06:20 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 06:20 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 06:20 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 06:20 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 06:20 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 06:20 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 06:20 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 06:20 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 06:20 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 05:26 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 23:23 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 23:23 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 23:23 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 23:19 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 23:19 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 23:19 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 23:19 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 23:19 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 23:19 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 23:17 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 23:17 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 23:17 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 23:17 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 23:17 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 23:17 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 23:17 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 23:17 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 23:17 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 23:17 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 23:17 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 23:17 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 23:17 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 23:17 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 23:17 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 23:17 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 23:17 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 23:17 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 23:17 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 23:17 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:16 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 23:16 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 23:16 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 23:16 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 23:16 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 23:16 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 23:15 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 23:15 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 23:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 23:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 23:15 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 23:15 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 23:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 23:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 23:15 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 23:15 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 23:15 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 23:15 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 23:14 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 23:14 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 23:14 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 23:14 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 23:14 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 23:14 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 23:14 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 23:14 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 23:14 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 23:13 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 23:13 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 23:13 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 23:13 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 23:13 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 23:13 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 23:13 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 23:13 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 23:13 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 23:13 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 23:13 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 23:13 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 23:13 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 23:13 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 23:13 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 23:13 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-06 10:17 - 2015-09-06 10:17 - 00000407 _____ C:\Users\tom\Downloads\Complaint about text recall.html
2015-09-05 18:19 - 2015-09-05 18:20 - 01664000 _____ C:\Users\tom\Downloads\spend-down_2009.ppt
2015-09-05 17:42 - 2015-09-05 17:42 - 00000000 ____D C:\Users\tom\Downloads\wgt624v3_2_0_26_1_0_1_na_only (1)
2015-09-05 17:34 - 2015-09-05 17:34 - 01113117 _____ C:\Users\tom\Downloads\wgt624v3_2_0_26_1_0_1_na_only (1).zip
2015-09-05 17:26 - 2015-09-05 17:26 - 00000000 ____D C:\Users\tom\Downloads\wgt624v3_2_0_26_1_0_1_na_only
2015-09-05 17:12 - 2015-09-05 17:13 - 01113117 _____ C:\Users\tom\Downloads\wgt624v3_2_0_26_1_0_1_na_only.zip
2015-09-05 17:06 - 2015-09-05 17:07 - 01203777 _____ C:\Users\tom\Downloads\WGT624v1 and WGT624v2 Firmware Version 4.2.11 (1).zip
2015-09-05 16:56 - 2015-09-05 16:56 - 00000000 ____D C:\Users\tom\Downloads\WGT624v1 and WGT624v2 Firmware Version 4.2.11
2015-09-05 16:54 - 2015-09-05 16:54 - 01203777 _____ C:\Users\tom\Downloads\WGT624v1 and WGT624v2 Firmware Version 4.2.11.zip
2015-09-05 16:27 - 2015-09-05 16:28 - 00838144 _____ C:\Users\tom\Downloads\how to read your ra_2009.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-04 11:49 - 2009-07-14 00:13 - 00819102 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 09:40 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-04 09:40 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 09:29 - 2015-07-25 08:08 - 01313918 _____ C:\Windows\WindowsUpdate.log
2015-10-04 09:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-03 22:52 - 2013-02-15 00:51 - 00000000 ___DC C:\Program Files (x86)\Google
2015-10-03 22:51 - 2013-02-15 00:51 - 00000000 ____D C:\Users\tom\AppData\Local\Google
2015-10-01 07:08 - 2015-07-24 22:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-01 06:17 - 2014-09-15 18:31 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-30 22:47 - 2014-06-10 15:38 - 00000000 ____D C:\Windows\ERUNT
2015-09-30 22:47 - 2014-04-13 20:53 - 00002268 ____C C:\DelFix.txt
2015-09-30 22:47 - 2014-02-15 11:19 - 00000000 ___DC C:\Program Files (x86)\Trend Micro
2015-09-30 16:42 - 2015-08-04 04:56 - 00000000 ____D C:\Windows\Panther
2015-09-23 18:44 - 2015-07-14 23:36 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 18:44 - 2015-07-14 23:36 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-23 12:46 - 2013-04-14 14:43 - 00000000 ____D C:\Users\tom\AppData\Local\CrashDumps
2015-09-23 06:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-23 05:46 - 2013-11-04 21:54 - 00000258 __RSH C:\Users\tom\ntuser.pol
2015-09-23 05:46 - 2012-09-02 01:03 - 00000000 ____D C:\Users\tom
2015-09-21 19:12 - 2014-02-07 06:22 - 00000000 ___DC C:\Program Files (x86)\Java
2015-09-21 19:10 - 2015-01-29 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 03:38 - 2015-05-30 14:42 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-19 19:39 - 2012-09-02 01:08 - 00109296 _____ C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-19 19:37 - 2009-07-13 23:45 - 00408136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 13:19 - 2015-08-15 18:01 - 00000000 ___DC C:\Program Files (x86)\Panda Security
2015-09-19 13:15 - 2015-08-15 17:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-09-19 13:14 - 2015-08-15 18:02 - 00000000 ____D C:\Users\tom\AppData\Roaming\Panda Security
2015-09-17 23:09 - 2015-04-24 12:47 - 00000000 ____D C:\Users\tom\Documents\Employment
2015-09-16 06:43 - 2015-05-30 16:12 - 00000000 ____D C:\Users\tom\Documents\Teaching
2015-09-09 14:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 12:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 06:43 - 2010-11-21 02:17 - 00000000 ___DC C:\Program Files\Windows Journal
2015-09-09 05:31 - 2012-09-02 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 05:24 - 2013-08-18 22:26 - 00000000 ____D C:\Windows\system32\MRT
2015-09-04 18:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration

==================== Files in the root of some directories =======

2014-08-18 16:49 - 2014-09-06 09:25 - 0187620 _____ () C:\Users\tom\AppData\Local\ars.cache
2014-08-18 16:49 - 2014-09-06 09:25 - 0254410 _____ () C:\Users\tom\AppData\Local\census.cache
2014-05-26 11:40 - 2014-11-09 17:59 - 0007168 _____ () C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 16:33 - 2014-08-18 16:33 - 0000036 _____ () C:\Users\tom\AppData\Local\housecall.guid.cache
2014-02-08 20:52 - 2014-02-18 18:55 - 0007611 _____ () C:\Users\tom\AppData\Local\resmon.resmoncfg
2014-08-18 16:45 - 2014-09-06 09:18 - 0000010 _____ () C:\Users\tom\AppData\Local\sponge.last.runtime.cache
2015-05-30 14:05 - 2015-05-30 14:06 - 34766336 _____ () C:\ProgramData\pollev_presenter_installer.msi
2015-01-02 23:50 - 2015-01-02 23:50 - 0396480 _____ (Sysinternals - www.sysinternals.com) C:\ProgramData\PsExec.exe

Files to move or delete:
====================
C:\ProgramData\PsExec.exe


Some files in TEMP:
====================
C:\Users\tom\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\olepro32.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 14:12

==================== End of FRST.txt ============================

 

Attached File  Addition.txt   31.79KB   14 downloads



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 08 October 2015 - 04:23 AM

:welcome:

Hello KliaMia,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 October 2015 - 06:47 AM

Hi Jo and thank you for helping me,

 

The requested logs are posted below for you.  During the Malwarebytes Anti-Rootkit scan, a message box appeared that said "Registry value 'AppInit_Dlls' has been found, which may be caused by rootkit activity. Note: Press 'No' if you're not sure.  If tool crashes during scan, restart tool and press 'Yes' should it appear again. Do you want to remove this value and restart tool?"

I pressed "no" and then "update and scan" and the scan ran without terminating.  There was also a message that appeared showing that Partition III was not bootable (inactive).  When the scan finished, the message was that no malware was found.  Here are the logs:

 

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 60  
 Adobe Flash Player 19.0.0.185  
 Mozilla Firefox (41.0.1)
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.10.08.02
  rootkit: v2015.10.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18015
tom :: KIMBERLY [administrator]

10/8/2015 5:47:30 AM
mbar-log-2015-10-08 (05-47-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 435782
Time elapsed: 34 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

# AdwCleaner v5.012 - Logfile created 08/10/2015 at 06:31:26
# Updated 08/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : tom - KIMBERLY
# Running from : C:\Users\tom\Desktop\Downloads\adwcleaner_5.012.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [595 bytes] ##########

 


 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 08 October 2015 - 07:22 AM

Hello KliaMia,

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 October 2015 - 07:18 PM

Below are my JRT.txt  and FRST.txt logs.  I haven't really noticed an improvement yet. In fact, now the mouse doesn't always respond when clicked, and click-dragging to highlight text often drops part of what I was highlighting.  Also, some pop-up messages show up without words and are solid white.  My Avast Antivirus has also popped up a few times while I was in the middle of typing.  I'm sorry that I don't have more details.  If it continues to occur, I will provide you with more specific information when I leave my next post.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by tom on Thu 10/08/2015 at 13:02:16.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\tom\Appdata\Local\cre



~~~ Chrome


[C:\Users\tom\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\tom\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\tom\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\tom\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/08/2015 at 13:20:34.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by tom (administrator) on KIMBERLY (08-10-2015 17:43:30)
Running from C:\Users\tom\Desktop\Downloads
Loaded Profiles: tom (Available Profiles: tom & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-19] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6953FB2F-DF78-4E38-A26E-FB93FCF70395}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {1205F8F3-5059-48A6-A7CD-611A2F7C8381} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4156657441-31240855-2336214866-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tom\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-08-30] (Cisco WebEx LLC)
FF Extension: HTTPS-Everywhere - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\https-everywhere@eff.org [2015-09-10]
FF Extension: Flashblock - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-09-10]
FF Extension: WOT - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-16]
FF Extension: NoScript - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-10]
FF Extension: Adblock Plus - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-19] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S4 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-19] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-20] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-08 13:20 - 2015-10-08 13:20 - 00001226 _____ C:\Users\tom\Desktop\JRT.txt
2015-10-08 12:32 - 2015-10-08 17:19 - 00000112 _____ C:\Windows\setupact.log
2015-10-08 12:32 - 2015-10-08 12:32 - 00000000 _____ C:\Windows\setuperr.log
2015-10-08 06:36 - 2015-10-08 06:36 - 00000673 _____ C:\Users\tom\Desktop\AdwCleaner[S4].txt
2015-10-08 06:23 - 2015-10-08 06:23 - 00001184 _____ C:\Users\tom\Desktop\mbar-log-2015-10-08 (05-47-30).txt - Shortcut.lnk
2015-10-08 05:42 - 2015-10-08 06:22 - 00000000 ____D C:\Users\tom\Desktop\mbar
2015-10-08 05:39 - 2015-10-08 05:39 - 00000818 _____ C:\Users\tom\Desktop\checkup.txt
2015-10-04 19:46 - 2015-10-04 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-04 19:45 - 2015-10-04 19:46 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-10-04 19:45 - 2015-10-04 19:45 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-04 12:17 - 2015-10-08 17:43 - 00000000 ___DC C:\FRST
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ___DC C:\Program Files (x86)\Cobian Backup 11
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-10-03 11:13 - 2015-10-03 11:13 - 00001102 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\Users\tom\AppData\Local\AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-10-03 11:13 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-10-03 10:27 - 2015-10-08 06:31 - 00000000 ___DC C:\AdwCleaner
2015-09-30 19:24 - 2015-10-01 06:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-09-23 06:55 - 2015-09-23 07:03 - 00000000 ____D C:\Users\tom\AppData\Local\Microsoft Games
2015-09-21 19:12 - 2015-09-21 19:08 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-21 19:12 - 2015-09-21 19:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\AppData\Roaming\Sun
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\.oracle_jre_usage
2015-09-20 21:06 - 2015-09-20 21:07 - 00664576 _____ C:\Users\tom\Downloads\MicrosoftFixit50562.msi
2015-09-19 20:18 - 2015-09-19 20:18 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Oracle
2015-09-19 13:10 - 2015-09-19 13:10 - 00000000 ____D C:\Users\tom\AppData\Roaming\AVAST Software
2015-09-19 01:18 - 2015-09-19 01:18 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-19 01:18 - 2015-09-19 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-19 01:17 - 2015-10-08 17:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-19 01:17 - 2015-09-19 01:16 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-19 01:17 - 2015-09-19 01:16 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-19 01:16 - 2015-09-19 01:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-19 01:15 - 2015-09-19 01:15 - 00000000 ___DC C:\Program Files\AVAST Software
2015-09-19 01:11 - 2015-09-19 01:12 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-18 19:47 - 2015-09-18 20:30 - 154429024 _____ (AVAST Software) C:\Users\tom\Downloads\avast_free_antivirus_setup.exe
2015-09-16 22:24 - 2015-09-16 22:24 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\tom\Downloads\autoruns.exe
2015-09-12 21:28 - 2015-09-12 21:28 - 00347816 _____ (Microsoft Corporation) C:\Users\tom\Downloads\MicrosoftFixit.Printing.Run(1).exe
2015-09-11 21:21 - 2015-09-11 21:21 - 00000000 ___DC C:\Lexmark
2015-09-11 21:18 - 2015-09-11 21:21 - 24697856 _____ (Lexmark International, Inc. ) C:\Users\tom\Downloads\cjb1200EN.exe
2015-09-11 06:22 - 2015-09-11 06:22 - 00013312 _____ C:\Users\tom\Downloads\Charge Slip Procedures.xls
2015-09-11 01:33 - 2015-09-11 01:33 - 00000000 ____D C:\Users\tom\Downloads\PP1350WGDIWinx86_1611120EN
2015-09-11 01:32 - 2015-09-11 01:33 - 03775807 _____ C:\Users\tom\Downloads\PP1350WGDIWinx86_1611120EN.zip
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ___RD C:\Users\tom\AppData\Roaming\KONICA MINOLTA
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Users\tom\AppData\LocalLow\KONICA MINOLTA
2015-09-11 01:11 - 2015-09-11 01:11 - 00000000 ____D C:\ProgramData\KONICA MINOLTA
2015-09-10 06:33 - 2015-09-10 06:33 - 00000000 ____D C:\Users\tom\Desktop\Old Firefox Data
2015-09-10 01:58 - 2015-09-30 16:29 - 00000000 ___HD C:\$Windows.~BT
2015-09-09 06:21 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 06:21 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 06:21 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 06:21 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 06:21 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 06:21 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 06:21 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 06:21 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 06:21 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 06:21 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 06:21 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 06:21 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 06:21 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 06:21 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 06:21 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 06:21 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 06:21 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 06:21 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 06:21 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 06:21 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 06:21 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 06:21 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 06:21 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 06:21 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 06:21 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 06:21 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 06:21 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 06:21 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 06:21 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 06:21 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 06:21 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 06:21 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 06:21 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 06:21 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 06:21 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 06:21 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 06:21 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 06:21 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 06:21 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 06:21 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 06:21 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 06:21 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 06:21 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 06:21 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 06:21 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 06:21 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 06:20 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 06:20 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 06:20 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 06:20 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 06:20 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 06:20 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 06:20 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 06:20 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 06:20 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 06:20 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 06:20 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 05:26 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 23:23 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 23:23 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 23:23 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 23:19 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 23:19 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 23:19 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 23:19 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 23:19 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 23:19 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 23:17 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 23:17 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 23:17 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 23:17 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 23:17 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 23:17 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 23:17 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 23:17 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 23:17 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 23:17 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 23:17 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 23:17 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 23:17 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 23:17 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 23:17 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 23:17 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 23:17 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 23:17 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 23:17 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 23:17 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 23:17 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 23:17 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 23:17 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 23:17 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:17 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:16 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 23:16 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 23:16 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 23:16 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 23:16 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 23:16 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 23:15 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 23:15 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 23:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 23:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 23:15 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 23:15 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 23:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 23:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 23:15 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 23:15 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 23:15 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 23:15 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 23:14 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 23:14 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 23:14 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 23:14 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 23:14 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 23:14 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 23:14 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 23:14 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 23:14 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 23:13 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 23:13 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 23:13 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 23:13 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 23:13 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 23:13 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 23:13 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 23:13 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 23:13 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 23:13 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 23:13 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 23:13 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 23:13 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 23:13 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 23:13 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 23:13 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 23:13 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 23:13 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-08 17:27 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-08 17:27 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-08 17:22 - 2015-07-25 08:08 - 01481803 _____ C:\Windows\WindowsUpdate.log
2015-10-08 17:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-08 13:06 - 2012-09-02 01:03 - 00000000 ____D C:\Users\tom
2015-10-08 06:22 - 2014-06-10 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-08 05:47 - 2015-07-24 22:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-08 05:46 - 2015-07-24 22:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-08 05:25 - 2013-02-15 00:51 - 00000000 ___DC C:\Program Files (x86)\Google
2015-10-05 06:16 - 2009-07-14 00:13 - 00819102 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 19:41 - 2013-02-15 00:51 - 00000000 ____D C:\Users\tom\AppData\Local\Google
2015-10-01 06:17 - 2014-09-15 18:31 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-30 22:47 - 2014-06-10 15:38 - 00000000 ____D C:\Windows\ERUNT
2015-09-30 22:47 - 2014-04-13 20:53 - 00002268 ____C C:\DelFix.txt
2015-09-30 22:47 - 2014-02-15 11:19 - 00000000 ___DC C:\Program Files (x86)\Trend Micro
2015-09-30 16:42 - 2015-08-04 04:56 - 00000000 ____D C:\Windows\Panther
2015-09-23 18:44 - 2015-07-14 23:36 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 18:44 - 2015-07-14 23:36 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-23 12:46 - 2013-04-14 14:43 - 00000000 ____D C:\Users\tom\AppData\Local\CrashDumps
2015-09-23 06:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-21 19:12 - 2014-02-07 06:22 - 00000000 ___DC C:\Program Files (x86)\Java
2015-09-21 19:10 - 2015-01-29 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 03:38 - 2015-05-30 14:42 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-19 19:39 - 2012-09-02 01:08 - 00109296 _____ C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-19 19:37 - 2009-07-13 23:45 - 00408136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 13:19 - 2015-08-15 18:01 - 00000000 ___DC C:\Program Files (x86)\Panda Security
2015-09-19 13:15 - 2015-08-15 17:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-09-19 13:14 - 2015-08-15 18:02 - 00000000 ____D C:\Users\tom\AppData\Roaming\Panda Security
2015-09-17 23:09 - 2015-04-24 12:47 - 00000000 ____D C:\Users\tom\Documents\Employment
2015-09-16 06:43 - 2015-05-30 16:12 - 00000000 ____D C:\Users\tom\Documents\Teaching
2015-09-09 14:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 12:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 06:43 - 2010-11-21 02:17 - 00000000 ___DC C:\Program Files\Windows Journal
2015-09-09 05:31 - 2012-09-02 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 05:24 - 2013-08-18 22:26 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-08-18 16:49 - 2014-09-06 09:25 - 0187620 _____ () C:\Users\tom\AppData\Local\ars.cache
2014-08-18 16:49 - 2014-09-06 09:25 - 0254410 _____ () C:\Users\tom\AppData\Local\census.cache
2014-05-26 11:40 - 2014-11-09 17:59 - 0007168 _____ () C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 16:33 - 2014-08-18 16:33 - 0000036 _____ () C:\Users\tom\AppData\Local\housecall.guid.cache
2014-02-08 20:52 - 2014-02-18 18:55 - 0007611 _____ () C:\Users\tom\AppData\Local\resmon.resmoncfg
2014-08-18 16:45 - 2014-09-06 09:18 - 0000010 _____ () C:\Users\tom\AppData\Local\sponge.last.runtime.cache
2015-05-30 14:05 - 2015-05-30 14:06 - 34766336 _____ () C:\ProgramData\pollev_presenter_installer.msi
2015-01-02 23:50 - 2015-01-02 23:50 - 0396480 _____ (Sysinternals - www.sysinternals.com) C:\ProgramData\PsExec.exe

Files to move or delete:
====================
C:\ProgramData\PsExec.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\olepro32.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 14:12

==================== End of FRST.txt ============================



#6 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 09 October 2015 - 05:17 AM

Hello KliaMia,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\ProgramData\PsExec.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {1205F8F3-5059-48A6-A7CD-611A2F7C8381} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4156657441-31240855-2336214866-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 09 October 2015 - 01:39 PM

Here are the requested logs.  The fix tool required a reboot of the computer. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by tom (2015-10-09 07:43:59) Run:1
Running from C:\Users\tom\Desktop\Downloads
Loaded Profiles: tom (Available Profiles: tom & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\ProgramData\PsExec.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {1205F8F3-5059-48A6-A7CD-611A2F7C8381} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4156657441-31240855-2336214866-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\PsExec.exe => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1205F8F3-5059-48A6-A7CD-611A2F7C8381}" => key removed successfully
HKCR\CLSID\{1205F8F3-5059-48A6-A7CD-611A2F7C8381} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4156657441-31240855-2336214866-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_0favicon-2079221766" ADS removed successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_1favicon1313128964" ADS removed successfully.
C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => ":TASKICON_2favicon-2092717923" ADS removed successfully.
EmptyTemp: => 25.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 07:44:54 ====

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by tom (administrator) on KIMBERLY (09-10-2015 13:28:55)
Running from C:\Users\tom\Desktop\Downloads
Loaded Profiles: tom (Available Profiles: tom & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6953FB2F-DF78-4E38-A26E-FB93FCF70395}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-21] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tom\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-08-30] (Cisco WebEx LLC)
FF Extension: HTTPS-Everywhere - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\https-everywhere@eff.org [2015-09-10]
FF Extension: Flashblock - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-09-10]
FF Extension: WOT - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-16]
FF Extension: NoScript - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-10]
FF Extension: Adblock Plus - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-19] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S4 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-19] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-20] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 07:46 - 2015-10-09 07:46 - 00000056 _____ C:\Windows\setupact.log
2015-10-09 07:46 - 2015-10-09 07:46 - 00000000 _____ C:\Windows\setuperr.log
2015-10-09 07:36 - 2015-10-09 07:36 - 00001025 _____ C:\Users\tom\Desktop\FRST64.exe - Shortcut.lnk
2015-10-08 18:28 - 2015-10-08 18:28 - 00001081 _____ C:\Users\tom\Desktop\FRST10-08-15.txt - Shortcut.lnk
2015-10-08 13:20 - 2015-10-08 13:20 - 00001226 _____ C:\Users\tom\Desktop\JRT.txt
2015-10-08 06:36 - 2015-10-08 06:36 - 00000673 _____ C:\Users\tom\Desktop\AdwCleaner[S4].txt
2015-10-08 06:23 - 2015-10-08 06:23 - 00001184 _____ C:\Users\tom\Desktop\mbar-log-2015-10-08 (05-47-30).txt - Shortcut.lnk
2015-10-08 05:42 - 2015-10-08 06:22 - 00000000 ____D C:\Users\tom\Desktop\mbar
2015-10-08 05:39 - 2015-10-08 05:39 - 00000818 _____ C:\Users\tom\Desktop\checkup.txt
2015-10-04 19:46 - 2015-10-04 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-04 19:45 - 2015-10-04 19:46 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-10-04 19:45 - 2015-10-04 19:45 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-04 12:17 - 2015-10-09 13:28 - 00000000 ___DC C:\FRST
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ___DC C:\Program Files (x86)\Cobian Backup 11
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-10-03 11:13 - 2015-10-03 11:13 - 00001102 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\Users\tom\AppData\Local\AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-10-03 11:13 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-10-03 10:27 - 2015-10-08 06:31 - 00000000 ___DC C:\AdwCleaner
2015-09-30 19:24 - 2015-10-01 06:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-09-23 06:55 - 2015-09-23 07:03 - 00000000 ____D C:\Users\tom\AppData\Local\Microsoft Games
2015-09-21 19:12 - 2015-09-21 19:08 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-21 19:12 - 2015-09-21 19:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\AppData\Roaming\Sun
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\.oracle_jre_usage
2015-09-20 21:06 - 2015-09-20 21:07 - 00664576 _____ C:\Users\tom\Downloads\MicrosoftFixit50562.msi
2015-09-19 20:18 - 2015-09-19 20:18 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Oracle
2015-09-19 13:10 - 2015-09-19 13:10 - 00000000 ____D C:\Users\tom\AppData\Roaming\AVAST Software
2015-09-19 01:18 - 2015-09-19 01:18 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-19 01:18 - 2015-09-19 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-19 01:17 - 2015-10-08 17:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-19 01:17 - 2015-09-19 01:16 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-19 01:17 - 2015-09-19 01:16 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-19 01:16 - 2015-09-19 01:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-19 01:15 - 2015-09-19 01:15 - 00000000 ___DC C:\Program Files\AVAST Software
2015-09-19 01:11 - 2015-09-19 01:12 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-18 19:47 - 2015-09-18 20:30 - 154429024 _____ (AVAST Software) C:\Users\tom\Downloads\avast_free_antivirus_setup.exe
2015-09-16 22:24 - 2015-09-16 22:24 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\tom\Downloads\autoruns.exe
2015-09-12 21:28 - 2015-09-12 21:28 - 00347816 _____ (Microsoft Corporation) C:\Users\tom\Downloads\MicrosoftFixit.Printing.Run(1).exe
2015-09-11 21:21 - 2015-09-11 21:21 - 00000000 ___DC C:\Lexmark
2015-09-11 21:18 - 2015-09-11 21:21 - 24697856 _____ (Lexmark International, Inc. ) C:\Users\tom\Downloads\cjb1200EN.exe
2015-09-11 06:22 - 2015-09-11 06:22 - 00013312 _____ C:\Users\tom\Downloads\Charge Slip Procedures.xls
2015-09-11 01:33 - 2015-09-11 01:33 - 00000000 ____D C:\Users\tom\Downloads\PP1350WGDIWinx86_1611120EN
2015-09-11 01:32 - 2015-09-11 01:33 - 03775807 _____ C:\Users\tom\Downloads\PP1350WGDIWinx86_1611120EN.zip
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ___RD C:\Users\tom\AppData\Roaming\KONICA MINOLTA
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Users\tom\AppData\LocalLow\KONICA MINOLTA
2015-09-11 01:11 - 2015-09-11 01:11 - 00000000 ____D C:\ProgramData\KONICA MINOLTA
2015-09-10 06:33 - 2015-09-10 06:33 - 00000000 ____D C:\Users\tom\Desktop\Old Firefox Data
2015-09-10 01:58 - 2015-09-30 16:29 - 00000000 ___HD C:\$Windows.~BT
2015-09-09 06:21 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 06:21 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 06:21 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 06:21 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 06:21 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 06:21 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 06:21 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 06:21 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 06:21 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 06:21 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 06:21 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 06:21 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 06:21 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 06:21 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 06:21 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 06:21 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 06:21 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 06:21 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 06:21 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 06:21 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 06:21 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 06:21 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 06:21 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 06:21 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 06:21 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 06:21 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 06:21 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 06:21 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 06:21 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 06:21 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 06:21 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 06:21 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 06:21 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 06:21 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 06:21 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 06:21 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 06:21 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 06:21 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 06:21 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 06:21 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 06:21 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 06:21 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 06:21 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 06:21 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 06:21 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 06:21 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 06:21 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 06:20 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 06:20 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 06:20 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 06:20 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 06:20 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 06:20 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 06:20 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 06:20 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 06:20 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 06:20 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 06:20 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 05:26 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 09:54 - 2015-07-25 08:08 - 01508482 _____ C:\Windows\WindowsUpdate.log
2015-10-09 07:54 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 07:54 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 07:46 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 07:44 - 2012-09-02 16:05 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Temp
2015-10-08 13:06 - 2012-09-02 01:03 - 00000000 ____D C:\Users\tom
2015-10-08 06:22 - 2014-06-10 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-08 05:47 - 2015-07-24 22:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-08 05:46 - 2015-07-24 22:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-08 05:25 - 2013-02-15 00:51 - 00000000 ___DC C:\Program Files (x86)\Google
2015-10-05 06:16 - 2009-07-14 00:13 - 00819102 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-04 19:41 - 2013-02-15 00:51 - 00000000 ____D C:\Users\tom\AppData\Local\Google
2015-10-01 06:17 - 2014-09-15 18:31 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-30 22:47 - 2014-06-10 15:38 - 00000000 ____D C:\Windows\ERUNT
2015-09-30 22:47 - 2014-04-13 20:53 - 00002268 ____C C:\DelFix.txt
2015-09-30 22:47 - 2014-02-15 11:19 - 00000000 ___DC C:\Program Files (x86)\Trend Micro
2015-09-30 16:42 - 2015-08-04 04:56 - 00000000 ____D C:\Windows\Panther
2015-09-23 18:44 - 2015-07-14 23:36 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 18:44 - 2015-07-14 23:36 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-23 12:46 - 2013-04-14 14:43 - 00000000 ____D C:\Users\tom\AppData\Local\CrashDumps
2015-09-23 06:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-21 19:12 - 2014-02-07 06:22 - 00000000 ___DC C:\Program Files (x86)\Java
2015-09-21 19:10 - 2015-01-29 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 03:38 - 2015-05-30 14:42 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-19 19:39 - 2012-09-02 01:08 - 00109296 _____ C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-19 19:37 - 2009-07-13 23:45 - 00408136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 13:19 - 2015-08-15 18:01 - 00000000 ___DC C:\Program Files (x86)\Panda Security
2015-09-19 13:15 - 2015-08-15 17:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-09-19 13:14 - 2015-08-15 18:02 - 00000000 ____D C:\Users\tom\AppData\Roaming\Panda Security
2015-09-17 23:09 - 2015-04-24 12:47 - 00000000 ____D C:\Users\tom\Documents\Employment
2015-09-16 06:43 - 2015-05-30 16:12 - 00000000 ____D C:\Users\tom\Documents\Teaching
2015-09-09 14:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 12:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 06:43 - 2010-11-21 02:17 - 00000000 ___DC C:\Program Files\Windows Journal
2015-09-09 05:31 - 2012-09-02 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 05:24 - 2013-08-18 22:26 - 00000000 ____D C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-08-18 16:49 - 2014-09-06 09:25 - 0187620 _____ () C:\Users\tom\AppData\Local\ars.cache
2014-08-18 16:49 - 2014-09-06 09:25 - 0254410 _____ () C:\Users\tom\AppData\Local\census.cache
2014-05-26 11:40 - 2014-11-09 17:59 - 0007168 _____ () C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 16:33 - 2014-08-18 16:33 - 0000036 _____ () C:\Users\tom\AppData\Local\housecall.guid.cache
2014-02-08 20:52 - 2014-02-18 18:55 - 0007611 _____ () C:\Users\tom\AppData\Local\resmon.resmoncfg
2014-08-18 16:45 - 2014-09-06 09:18 - 0000010 _____ () C:\Users\tom\AppData\Local\sponge.last.runtime.cache
2015-05-30 14:05 - 2015-05-30 14:06 - 34766336 _____ () C:\ProgramData\pollev_presenter_installer.msi

Some zero byte size files/folders:
==========================
C:\Windows\System32\olepro32.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 14:12

==================== End of FRST.txt ============================



#8 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 09 October 2015 - 02:21 PM

Hello KliaMia,

do you still have browser hijack / redirects?
If yes - on every browser or only with a special browser?
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 11 October 2015 - 08:10 PM

Hello Jo, 

 

I had no trouble running MBAM and nothing was found in the scan.  I will paste the log for you below.  I had some difficulty installing the ESET Online Scanner but I did eventually get it installed and a scan completed and found five threats. I will also post its log. 

 

A few things to note about the ESET scan:

  -I did not see an option to uncheck "Remove found threats" before starting the scan. 

  -Although I had turned off the AVAST AV until a computer restart, when ESET completed and uninstalled an AVAST pop-up appeared that said "ESET Online Scanner was not fully uninstalled. There are 16 files remaining".  It disappeared without an option to do anything.  I then checked AVAST, and it was still turned off.

  -There was an option at the end of the scan to "Delete quarantined files" that I left unchecked

 

You asked how the computer is running now, so here are a few things I noticed:

   -When I attached one of my portable drives (used currently for work), an error message appeared stating "One of the USBs attached to this computer has malfunctioned and windows does not recongize it".  I moved it to a different drive and didn't see the message again.  I added three portable drives before the ESET scan.

  -I normally use Google Chrome, but I had uninstalled it prior to posting on this forum as I thought it was the cause of my problems.  Mozilla Firefox seems to take a long tiime to load and usually requires that I refresh the browser before it completely loads the page.

  -This may be unrelated, but a sound comes over my speakers randomly that sounds like a bad cell-phone connection.  It was intermittent when I first noticed it after this last scan but is happening about twice a minute now.  This is the only site that is open.

 

Scan logs to follow:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/9/2015
Scan Time: 6:19 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.09.07
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: tom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436036
Time Elapsed: 34 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

G:\HOME-PC\Backup Set 2013-07-07 125059\Backup Files 2013-07-07 125059\Backup files 1.zip    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
G:\HOME-PC\Backup Set 2013-07-07 125059\Backup Files 2013-07-07 125059\Backup files 2.zip    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
G:\HOME-PC\Backup Set 2013-07-07 125059\Backup Files 2014-01-24 174828\Backup files 2.zip    Win32/DownloadAdmin.H potentially unwanted application    deleted - quarantined
G:\KIMBERLY\Backup Set 2014-11-14 074055\Backup Files 2014-11-14 074055\Backup files 5.zip    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Kimberly HP BackUp\Backup Set 2014-02-08 180209\Backup Files 2014-02-08 180209\Backup files 1.zip    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 12 October 2015 - 05:38 AM

Hello KliaMia,

Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 13 October 2015 - 04:47 AM

The three requested logs are pasted below.  I wanted to mention that I had connected three external hard drives for the ESET scan earlier.  I removed these devices after that scan.  Was I supposed to leave them connected?  Thanks.

 

ComboFix 15-10-09.01 - tom 10/12/2015   7:03.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1605 [GMT -5:00]
Running from: c:\users\tom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-12 to 2015-10-12  )))))))))))))))))))))))))))))))
.
.
2015-10-12 12:18 . 2015-10-12 12:18    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-10-12 12:18 . 2015-10-12 12:18    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2015-10-12 12:18 . 2015-10-12 12:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-10-11 18:28 . 2015-10-11 18:28    --------    dc----w-    c:\program files (x86)\ESET
2015-10-08 10:25 . 2015-10-08 10:25    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E26FF50A-D1D9-45F6-8274-1E814B774EC9}\offreg.2192.dll
2015-10-07 06:47 . 2015-10-07 06:47    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E26FF50A-D1D9-45F6-8274-1E814B774EC9}\offreg.2196.dll
2015-10-05 09:57 . 2015-10-05 09:57    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E26FF50A-D1D9-45F6-8274-1E814B774EC9}\offreg.2180.dll
2015-10-05 00:46 . 2015-10-05 00:46    159744    -c--a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-10-05 00:46 . 2015-10-05 00:46    159744    -c--a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-10-05 00:46 . 2015-10-05 00:46    159744    -c--a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-10-05 00:46 . 2015-10-05 00:46    159744    -c--a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-10-05 00:46 . 2015-10-05 00:46    159744    -c--a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-10-05 00:45 . 2015-10-05 00:46    --------    dc----w-    c:\program files (x86)\QuickTime
2015-10-05 00:45 . 2015-10-05 00:45    --------    d-----w-    c:\programdata\Apple Computer
2015-10-04 17:17 . 2015-10-09 18:30    --------    dc----w-    C:\FRST
2015-10-04 16:26 . 2015-10-04 16:26    --------    dc----w-    c:\program files (x86)\Cobian Backup 11
2015-10-04 14:56 . 2015-10-04 14:56    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E26FF50A-D1D9-45F6-8274-1E814B774EC9}\offreg.2128.dll
2015-10-03 16:23 . 2015-10-03 16:23    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E26FF50A-D1D9-45F6-8274-1E814B774EC9}\offreg.1136.dll
2015-10-03 16:13 . 2015-10-03 16:13    --------    dc----w-    c:\program files (x86)\KeyCryptSDK
2015-10-03 16:13 . 2014-12-30 18:18    76520    ----a-w-    c:\windows\system32\drivers\KeyCrypt64.sys
2015-10-03 16:13 . 2015-10-03 16:13    --------    dc----w-    c:\program files (x86)\Zemana AntiLogger Free
2015-10-03 16:13 . 2015-10-03 16:13    --------    d-----w-    c:\users\tom\AppData\Local\AntiLogger Free
2015-10-03 15:27 . 2015-10-08 11:31    --------    dc----w-    C:\AdwCleaner
2015-10-02 14:57 . 2015-08-31 22:45    11062400    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E26FF50A-D1D9-45F6-8274-1E814B774EC9}\mpengine.dll
2015-09-23 11:55 . 2015-09-23 12:03    --------    d-----w-    c:\users\tom\AppData\Local\Microsoft Games
2015-09-22 23:20 . 2015-09-22 23:20    --------    d-----w-    c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-09-22 00:12 . 2015-09-22 00:08    97888    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-22 00:09 . 2015-09-22 00:09    --------    dc----w-    c:\program files (x86)\Common Files\Java
2015-09-22 00:09 . 2015-09-22 00:09    --------    d-----w-    c:\users\tom\.oracle_jre_usage
2015-09-19 18:10 . 2015-09-19 18:10    --------    d-----w-    c:\users\tom\AppData\Roaming\AVAST Software
2015-09-19 06:17 . 2015-09-19 06:16    90968    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2015-09-19 06:17 . 2015-09-19 06:16    65224    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-09-19 06:17 . 2015-09-19 06:16    448968    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-09-19 06:17 . 2015-09-19 06:16    28656    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-09-19 06:17 . 2015-09-19 06:16    274808    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-09-19 06:17 . 2015-09-19 06:16    153744    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-09-19 06:17 . 2015-09-19 06:16    93528    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-09-19 06:17 . 2015-09-19 06:16    1049880    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2015-09-19 06:17 . 2015-09-19 06:16    378880    ----a-w-    c:\windows\system32\aswBoot.exe
2015-09-19 06:16 . 2015-09-19 06:16    43112    ----a-w-    c:\windows\avastSS.scr
2015-09-19 06:15 . 2015-09-19 06:15    --------    dc----w-    c:\program files\AVAST Software
2015-09-19 06:11 . 2015-09-19 06:12    --------    d-----w-    c:\programdata\AVAST Software
2015-09-13 01:56 . 2009-07-14 01:40    38912    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-09 23:19 . 2015-07-25 03:42    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-08 10:46 . 2015-07-25 03:42    109272    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-09-23 23:44 . 2015-07-15 04:36    780488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-23 23:44 . 2015-07-15 04:36    142536    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-20 08:38 . 2015-05-30 19:42    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-09-02 03:04 . 2015-09-09 04:13    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 04:13    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 04:13    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 04:13    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 04:13    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 04:13    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 04:13    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 04:13    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 04:13    3209216    ----a-w-    c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 04:13    372736    ----a-w-    c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 04:13    299520    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 04:15    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 04:15    1887232    ----a-w-    c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 04:15    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 04:15    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 04:15    1391104    ----a-w-    c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 04:15    1241088    ----a-w-    c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 04:15    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 04:15    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2015-08-26 23:37 . 2012-09-03 18:36    134753440    ----a-w-    c:\windows\system32\MRT.exe
2015-08-26 18:07 . 2015-09-09 04:13    2606080    ----a-w-    c:\windows\system32\wuaueng.dll
2015-08-26 18:07 . 2015-09-09 04:13    3165696    ----a-w-    c:\windows\system32\wucltux.dll
2015-08-26 18:07 . 2015-09-09 04:13    192000    ----a-w-    c:\windows\system32\wuwebv.dll
2015-08-26 18:07 . 2015-09-09 04:13    98304    ----a-w-    c:\windows\system32\wudriver.dll
2015-08-26 18:07 . 2015-09-09 04:13    37888    ----a-w-    c:\windows\system32\wups2.dll
2015-08-26 18:07 . 2015-09-09 04:13    36864    ----a-w-    c:\windows\system32\wups.dll
2015-08-26 18:07 . 2015-09-09 04:13    696320    ----a-w-    c:\windows\system32\wuapi.dll
2015-08-26 18:06 . 2015-09-09 04:13    91136    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-08-26 18:06 . 2015-09-09 04:13    12288    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-08-26 18:06 . 2015-09-09 04:13    37376    ----a-w-    c:\windows\system32\wuapp.exe
2015-08-26 18:06 . 2015-09-09 04:13    139776    ----a-w-    c:\windows\system32\wuauclt.exe
2015-08-26 17:56 . 2015-09-09 04:13    173056    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2015-08-26 17:56 . 2015-09-09 04:13    93184    ----a-w-    c:\windows\SysWow64\wudriver.dll
2015-08-26 17:56 . 2015-09-09 04:13    30208    ----a-w-    c:\windows\SysWow64\wups.dll
2015-08-26 17:56 . 2015-09-09 04:13    566784    ----a-w-    c:\windows\SysWow64\wuapi.dll
2015-08-26 17:55 . 2015-09-09 04:13    34816    ----a-w-    c:\windows\SysWow64\wuapp.exe
2015-08-18 01:42 . 2015-09-09 11:21    393304    ----a-w-    c:\windows\system32\iedkcs32.dll
2015-08-15 06:48 . 2015-09-09 11:20    25190400    ----a-w-    c:\windows\system32\mshtml.dll
2015-08-15 06:34 . 2015-09-09 11:21    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-08-15 06:33 . 2015-09-09 11:21    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-08-15 06:18 . 2015-09-09 11:21    66560    ----a-w-    c:\windows\system32\iesetup.dll
2015-08-15 06:18 . 2015-09-09 11:21    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-08-15 06:17 . 2015-09-09 11:20    417792    ----a-w-    c:\windows\system32\html.iec
2015-08-15 06:17 . 2015-09-09 11:21    585216    ----a-w-    c:\windows\system32\vbscript.dll
2015-08-15 06:17 . 2015-09-09 11:21    2886144    ----a-w-    c:\windows\system32\iertutil.dll
2015-08-15 06:17 . 2015-09-09 11:20    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-08-15 06:10 . 2015-09-09 11:21    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2015-08-15 06:09 . 2015-09-09 11:21    34304    ----a-w-    c:\windows\system32\iernonce.dll
2015-08-15 06:06 . 2015-09-09 11:21    615936    ----a-w-    c:\windows\system32\ieui.dll
2015-08-15 06:04 . 2015-09-09 11:21    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-08-15 06:04 . 2015-09-09 11:21    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-08-15 06:04 . 2015-09-09 11:20    817664    ----a-w-    c:\windows\system32\jscript.dll
2015-08-15 06:04 . 2015-09-09 11:20    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-08-15 06:00 . 2015-09-09 11:20    5923328    ----a-w-    c:\windows\system32\jscript9.dll
2015-08-15 05:57 . 2015-09-09 11:21    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-08-15 05:53 . 2015-09-09 11:21    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2015-08-15 05:53 . 2015-09-09 11:21    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2015-08-15 05:46 . 2015-09-09 11:21    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-15 05:42 . 2015-09-09 11:20    199680    ----a-w-    c:\windows\system32\msrating.dll
2015-08-15 05:41 . 2015-09-09 11:20    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2015-08-15 05:40 . 2015-09-09 11:21    504832    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-08-15 05:40 . 2015-09-09 11:21    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2015-08-15 05:39 . 2015-09-09 11:21    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39 . 2015-09-09 11:21    341504    ----a-w-    c:\windows\SysWow64\html.iec
2015-08-15 05:39 . 2015-09-09 11:21    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2015-08-15 05:38 . 2015-09-09 11:21    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29 . 2015-09-09 11:21    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2015-08-15 05:29 . 2015-09-09 11:21    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2015-08-15 05:24 . 2015-09-09 11:21    720384    ----a-w-    c:\windows\system32\ie4uinit.exe
2015-08-15 05:23 . 2015-09-09 11:21    801280    ----a-w-    c:\windows\system32\msfeeds.dll
2015-08-15 05:22 . 2015-09-09 11:20    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-08-15 05:22 . 2015-09-09 11:21    2126336    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-08-15 05:16 . 2015-09-09 11:21    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:16 . 2015-09-09 11:20    14451712    ----a-w-    c:\windows\system32\ieframe.dll
2015-08-15 05:10 . 2015-09-09 11:21    4520448    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-08-15 05:07 . 2015-09-09 11:20    2427392    ----a-w-    c:\windows\system32\wininet.dll
2015-08-15 05:01 . 2015-09-09 11:21    2052608    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2015-08-15 05:01 . 2015-09-09 11:21    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:55 . 2015-09-09 11:21    1545728    ----a-w-    c:\windows\system32\urlmon.dll
2015-08-15 04:43 . 2015-09-09 11:21    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2015-08-15 04:43 . 2015-09-09 11:21    1951232    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-08-06 16:43 . 2015-08-06 16:43    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 16:43 . 2015-08-06 16:43    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2015-08-05 17:56 . 2015-09-09 10:26    1110016    ----a-w-    c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-09 04:23    24576    ----a-w-    c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-09 04:23    275456    ----a-w-    c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 04:23    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
2015-08-04 18:03 . 2015-09-09 04:14    692672    ----a-w-    c:\windows\system32\winload.efi
2015-08-04 18:00 . 2015-09-09 04:14    616360    ----a-w-    c:\windows\system32\winresume.efi
2015-08-04 17:56 . 2015-09-09 04:14    63488    ----a-w-    c:\windows\system32\setbcdlocale.dll
2015-08-04 17:56 . 2015-09-09 04:14    59392    ----a-w-    c:\windows\system32\appidapi.dll
2015-08-04 17:56 . 2015-09-09 04:14    32768    ----a-w-    c:\windows\system32\appidsvc.dll
2015-08-04 17:55 . 2015-09-09 04:14    147456    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
2015-08-04 17:55 . 2015-09-09 04:14    17920    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2015-08-04 17:47 . 2015-09-09 04:14    50688    ----a-w-    c:\windows\SysWow64\appidapi.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-19 6134544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2014-12-30 8205944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EMET_Service;Microsoft EMET Service;c:\program files (x86)\EMET 5.2\EMET_Service.exe;c:\program files (x86)\EMET 5.2\EMET_Service.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-19 06:16    780616    -c--a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(1).dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-12  07:25:50
ComboFix-quarantined-files.txt  2015-10-12 12:25
.
Pre-Run: 424,403,963,904 bytes free
Post-Run: 424,240,275,456 bytes free
.
- - End Of File - - 47B2769E1EAD7BDA8F66FAEF645E78A7
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

04:23:51.0004 0x1304  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
04:24:40.0928 0x1304  ============================================================
04:24:40.0928 0x1304  Current date / time: 2015/10/13 04:24:40.0928
04:24:40.0928 0x1304  SystemInfo:
04:24:40.0928 0x1304  
04:24:40.0928 0x1304  OS Version: 6.1.7601 ServicePack: 1.0
04:24:40.0928 0x1304  Product type: Workstation
04:24:40.0929 0x1304  ComputerName: KIMBERLY
04:24:40.0929 0x1304  UserName: tom
04:24:40.0929 0x1304  Windows directory: C:\Windows
04:24:40.0929 0x1304  System windows directory: C:\Windows
04:24:40.0929 0x1304  Running under WOW64
04:24:40.0929 0x1304  Processor architecture: Intel x64
04:24:40.0929 0x1304  Number of processors: 2
04:24:40.0929 0x1304  Page size: 0x1000
04:24:40.0929 0x1304  Boot type: Normal boot
04:24:40.0930 0x1304  ============================================================
04:24:41.0239 0x1304  KLMD registered as C:\Windows\system32\drivers\11930681.sys
04:24:42.0020 0x1304  System UUID: {B96B58DC-0C46-1EA4-EAEA-28139EE4566B}
04:24:43.0269 0x1304  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:24:43.0291 0x1304  ============================================================
04:24:43.0291 0x1304  \Device\Harddisk0\DR0:
04:24:43.0291 0x1304  MBR partitions:
04:24:43.0291 0x1304  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:24:43.0291 0x1304  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38C7F800
04:24:43.0291 0x1304  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38CB2000, BlocksNum 0x16D3800
04:24:43.0291 0x1304  ============================================================
04:24:43.0335 0x1304  C: <-> \Device\Harddisk0\DR0\Partition2
04:24:43.0381 0x1304  D: <-> \Device\Harddisk0\DR0\Partition3
04:24:43.0381 0x1304  ============================================================
04:24:43.0381 0x1304  Initialize success
04:24:43.0381 0x1304  ============================================================
04:26:06.0315 0x0ff4  ============================================================
04:26:06.0315 0x0ff4  Scan started
04:26:06.0315 0x0ff4  Mode: Manual;
04:26:06.0315 0x0ff4  ============================================================
04:26:06.0315 0x0ff4  KSN ping started
04:26:09.0233 0x0ff4  KSN ping finished: true
04:26:09.0919 0x0ff4  ================ Scan system memory ========================
04:26:09.0919 0x0ff4  System memory - ok
04:26:09.0919 0x0ff4  ================ Scan services =============================
04:26:10.0091 0x0ff4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
04:26:10.0106 0x0ff4  1394ohci - ok
04:26:10.0184 0x0ff4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
04:26:10.0200 0x0ff4  ACPI - ok
04:26:10.0231 0x0ff4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
04:26:10.0231 0x0ff4  AcpiPmi - ok
04:26:10.0325 0x0ff4  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:26:10.0325 0x0ff4  AdobeARMservice - ok
04:26:10.0434 0x0ff4  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:26:10.0449 0x0ff4  AdobeFlashPlayerUpdateSvc - ok
04:26:10.0512 0x0ff4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
04:26:10.0527 0x0ff4  adp94xx - ok
04:26:10.0590 0x0ff4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
04:26:10.0605 0x0ff4  adpahci - ok
04:26:10.0637 0x0ff4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
04:26:10.0637 0x0ff4  adpu320 - ok
04:26:10.0683 0x0ff4  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
04:26:10.0683 0x0ff4  AeLookupSvc - ok
04:26:10.0746 0x0ff4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
04:26:10.0777 0x0ff4  AFD - ok
04:26:10.0793 0x0ff4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
04:26:10.0808 0x0ff4  agp440 - ok
04:26:10.0824 0x0ff4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
04:26:10.0839 0x0ff4  ALG - ok
04:26:10.0871 0x0ff4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
04:26:10.0871 0x0ff4  aliide - ok
04:26:10.0917 0x0ff4  [ B5E2434FC851698C1F119CF1C3935A50, 857C9208BB9292E2221E1685833A35E4144A4E121555880A4AA391ADE1B0325F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
04:26:10.0917 0x0ff4  AMD External Events Utility - ok
04:26:10.0949 0x0ff4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
04:26:10.0949 0x0ff4  amdide - ok
04:26:10.0980 0x0ff4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
04:26:10.0980 0x0ff4  AmdK8 - ok
04:26:11.0557 0x0ff4  [ 9E3B4946F7E1BCA0B763E19D81EDBF2C, 413602EEAFD4320132C9B794D6C1A4F3CB829A2F93AD4027C52ED086D40E3D60 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
04:26:11.0978 0x0ff4  amdkmdag - ok
04:26:12.0041 0x0ff4  [ B9E1C7B7F1865F99B16FF2E1BB94EDB6, A38BD19BAFDC3470758F463942294DFE925A2EFE5251F7A69245DCFB9E53AE85 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
04:26:12.0056 0x0ff4  amdkmdap - ok
04:26:12.0087 0x0ff4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
04:26:12.0087 0x0ff4  AmdPPM - ok
04:26:12.0119 0x0ff4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
04:26:12.0119 0x0ff4  amdsata - ok
04:26:12.0165 0x0ff4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
04:26:12.0181 0x0ff4  amdsbs - ok
04:26:12.0197 0x0ff4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
04:26:12.0197 0x0ff4  amdxata - ok
04:26:12.0228 0x0ff4  [ 352476C98EF3952563A14F767491BBA9, 386EE7663E04479465145CF41A9226446E4C0473EB31FBC9A81D0500166B812A ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
04:26:12.0243 0x0ff4  amd_sata - ok
04:26:12.0259 0x0ff4  [ F4805C309FE48D6939147FE5CCDB1AD4, 2F6C95401A38448460E4B0902A9026B416B2D4133239E04787E4F77152F2DE41 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
04:26:12.0259 0x0ff4  amd_xata - ok
04:26:12.0337 0x0ff4  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
04:26:12.0337 0x0ff4  AppHostSvc - ok
04:26:12.0384 0x0ff4  [ A0711D119BA4B48A1470C768D301013E, 536366F809125D2C2171597C8C2CB3271BE5C6B373152112E0D970749776E00A ] AppID           C:\Windows\system32\drivers\appid.sys
04:26:12.0384 0x0ff4  AppID - ok
04:26:12.0399 0x0ff4  [ 173C90AF5B243B4DD86F95CA154CB58A, 349F566DADC96B31FDC34C4F26545FB880844DBF84E5821AA0D0CAA91FB837E1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
04:26:12.0399 0x0ff4  AppIDSvc - ok
04:26:12.0446 0x0ff4  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
04:26:12.0446 0x0ff4  Appinfo - ok
04:26:12.0477 0x0ff4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
04:26:12.0493 0x0ff4  arc - ok
04:26:12.0509 0x0ff4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
04:26:12.0509 0x0ff4  arcsas - ok
04:26:12.0587 0x0ff4  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:26:12.0587 0x0ff4  aspnet_state - ok
04:26:12.0633 0x0ff4  [ 30E7D7B63BE378C6DCD31434E1C5EBEB, 6F38FBD6B45506E57D4EC6C84C83F0829F280167E14B65643F583B41AA23C18B ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
04:26:12.0633 0x0ff4  aswHwid - ok
04:26:12.0665 0x0ff4  [ 6C3B7781075271AD9DFBD77BC7FBB9F7, AC53FD0EE1D7695219225440D3922EEF0B953F45F0ED3034CF5F1630A6B40607 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
04:26:12.0665 0x0ff4  aswMonFlt - ok
04:26:12.0711 0x0ff4  [ 3C04B80B49697EB7DFE5FA43620F8728, 4BC11901898348318BA807938BEA888BC54FE80ADA17C209C728F14EA4E91F21 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
04:26:12.0711 0x0ff4  aswRdr - ok
04:26:12.0727 0x0ff4  [ AA8CB23B3B4A4B16F49CB54CA04FE0D9, A94D214B43EDAEC52656EA36C2A830E76C40B90E8F4BABEF4F16BA679A429586 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
04:26:12.0727 0x0ff4  aswRvrt - ok
04:26:12.0821 0x0ff4  [ E40965585B901AA60AF26279E09959E0, F3EACB4F1E78903D648DE75CC01642BFACA76C0605A6831EC24201292891B5DE ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
04:26:12.0852 0x0ff4  aswSnx - ok
04:26:12.0899 0x0ff4  [ B54E400C1B044D6D7D9EF95BA865741E, C929B53F53EFD15D3EE64FED23686A01F77E8F7BC74623D02D10D4CFEC3D6BF2 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
04:26:12.0914 0x0ff4  aswSP - ok
04:26:12.0945 0x0ff4  [ 0652346DF90731A87E4C7C9A9C45A8E0, 38B8A760B532254A8CB2FD6B922269A1B96BB5E5F243D130B4BBD09ED50DEDB8 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
04:26:12.0945 0x0ff4  aswStm - ok
04:26:12.0977 0x0ff4  [ 54230972D23E6E4D034D7CB577DC784C, 7F51E81CBAFB143982AF2C68675CF0D46DD17A9A17A8805EBF628FAE84DFF8A9 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
04:26:12.0992 0x0ff4  aswVmm - ok
04:26:13.0008 0x0ff4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
04:26:13.0023 0x0ff4  AsyncMac - ok
04:26:13.0039 0x0ff4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
04:26:13.0039 0x0ff4  atapi - ok
04:26:13.0117 0x0ff4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:26:13.0148 0x0ff4  AudioEndpointBuilder - ok
04:26:13.0195 0x0ff4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
04:26:13.0226 0x0ff4  AudioSrv - ok
04:26:13.0320 0x0ff4  [ 11120878E5276B367E1A10FF8C9B595B, 7C02EEF3733307C31BAC4DA9975EC017AC40D0893D88228C30FFAA536DAA73FB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
04:26:13.0320 0x0ff4  avast! Antivirus - ok
04:26:13.0382 0x0ff4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
04:26:13.0398 0x0ff4  AxInstSV - ok
04:26:13.0445 0x0ff4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
04:26:13.0460 0x0ff4  b06bdrv - ok
04:26:13.0507 0x0ff4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
04:26:13.0523 0x0ff4  b57nd60a - ok
04:26:13.0538 0x0ff4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
04:26:13.0554 0x0ff4  BDESVC - ok
04:26:13.0569 0x0ff4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
04:26:13.0569 0x0ff4  Beep - ok
04:26:13.0632 0x0ff4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
04:26:13.0663 0x0ff4  BFE - ok
04:26:13.0725 0x0ff4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
04:26:13.0772 0x0ff4  BITS - ok
04:26:13.0803 0x0ff4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
04:26:13.0803 0x0ff4  blbdrive - ok
04:26:13.0835 0x0ff4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
04:26:13.0835 0x0ff4  bowser - ok
04:26:13.0866 0x0ff4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
04:26:13.0866 0x0ff4  BrFiltLo - ok
04:26:13.0881 0x0ff4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
04:26:13.0881 0x0ff4  BrFiltUp - ok
04:26:13.0913 0x0ff4  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
04:26:13.0928 0x0ff4  BridgeMP - ok
04:26:13.0959 0x0ff4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
04:26:13.0959 0x0ff4  Browser - ok
04:26:13.0991 0x0ff4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
04:26:14.0006 0x0ff4  Brserid - ok
04:26:14.0022 0x0ff4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
04:26:14.0022 0x0ff4  BrSerWdm - ok
04:26:14.0037 0x0ff4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
04:26:14.0037 0x0ff4  BrUsbMdm - ok
04:26:14.0069 0x0ff4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
04:26:14.0069 0x0ff4  BrUsbSer - ok
04:26:14.0069 0x0ff4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
04:26:14.0084 0x0ff4  BTHMODEM - ok
04:26:14.0131 0x0ff4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
04:26:14.0131 0x0ff4  bthserv - ok
04:26:14.0162 0x0ff4  catchme - ok
04:26:14.0225 0x0ff4  [ 58BF7714A312698108A96D0DE2BB6825, 87E0EC24520C9C421AF6A680FEF42E18911AABA373A9F927C5CE77AD50F8196F ] cbVSCService11  C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
04:26:14.0225 0x0ff4  cbVSCService11 - ok
04:26:14.0240 0x0ff4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
04:26:14.0256 0x0ff4  cdfs - ok
04:26:14.0303 0x0ff4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
04:26:14.0318 0x0ff4  cdrom - ok
04:26:14.0349 0x0ff4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
04:26:14.0365 0x0ff4  CertPropSvc - ok
04:26:14.0381 0x0ff4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
04:26:14.0381 0x0ff4  circlass - ok
04:26:14.0427 0x0ff4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
04:26:14.0459 0x0ff4  CLFS - ok
04:26:14.0521 0x0ff4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:26:14.0521 0x0ff4  clr_optimization_v2.0.50727_32 - ok
04:26:14.0552 0x0ff4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:26:14.0552 0x0ff4  clr_optimization_v2.0.50727_64 - ok
04:26:14.0630 0x0ff4  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:26:14.0646 0x0ff4  clr_optimization_v4.0.30319_32 - ok
04:26:14.0724 0x0ff4  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:26:14.0724 0x0ff4  clr_optimization_v4.0.30319_64 - ok
04:26:14.0755 0x0ff4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
04:26:14.0755 0x0ff4  CmBatt - ok
04:26:14.0786 0x0ff4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
04:26:14.0786 0x0ff4  cmdide - ok
04:26:14.0864 0x0ff4  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
04:26:14.0880 0x0ff4  CNG - ok
04:26:14.0895 0x0ff4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
04:26:14.0895 0x0ff4  Compbatt - ok
04:26:14.0911 0x0ff4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
04:26:14.0927 0x0ff4  CompositeBus - ok
04:26:14.0942 0x0ff4  COMSysApp - ok
04:26:14.0958 0x0ff4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
04:26:14.0958 0x0ff4  crcdisk - ok
04:26:15.0005 0x0ff4  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
04:26:15.0020 0x0ff4  CryptSvc - ok
04:26:15.0067 0x0ff4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
04:26:15.0098 0x0ff4  DcomLaunch - ok
04:26:15.0161 0x0ff4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
04:26:15.0161 0x0ff4  defragsvc - ok
04:26:15.0207 0x0ff4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
04:26:15.0207 0x0ff4  DfsC - ok
04:26:15.0254 0x0ff4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
04:26:15.0285 0x0ff4  Dhcp - ok
04:26:15.0410 0x0ff4  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
04:26:15.0473 0x0ff4  DiagTrack - ok
04:26:15.0504 0x0ff4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
04:26:15.0504 0x0ff4  discache - ok
04:26:15.0551 0x0ff4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
04:26:15.0551 0x0ff4  Disk - ok
04:26:15.0597 0x0ff4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
04:26:15.0613 0x0ff4  Dnscache - ok
04:26:15.0660 0x0ff4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
04:26:15.0675 0x0ff4  dot3svc - ok
04:26:15.0722 0x0ff4  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
04:26:15.0738 0x0ff4  Dot4 - ok
04:26:15.0753 0x0ff4  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:26:15.0753 0x0ff4  Dot4Print - ok
04:26:15.0800 0x0ff4  [ 488669CD1CD3BDCFDD9A5FDA72209069, CCB6BCB23A30CFD016E4086ED010A0E9DA647D3FAD9724200A29938D2B79A3C0 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
04:26:15.0800 0x0ff4  Dot4Scan - ok
04:26:15.0831 0x0ff4  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
04:26:15.0831 0x0ff4  dot4usb - ok
04:26:15.0863 0x0ff4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
04:26:15.0878 0x0ff4  DPS - ok
04:26:15.0925 0x0ff4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
04:26:15.0925 0x0ff4  drmkaud - ok
04:26:16.0003 0x0ff4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
04:26:16.0050 0x0ff4  DXGKrnl - ok
04:26:16.0081 0x0ff4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
04:26:16.0081 0x0ff4  EapHost - ok
04:26:16.0268 0x0ff4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
04:26:16.0409 0x0ff4  ebdrv - ok
04:26:16.0455 0x0ff4  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] EFS             C:\Windows\System32\lsass.exe
04:26:16.0455 0x0ff4  EFS - ok
04:26:16.0533 0x0ff4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
04:26:16.0565 0x0ff4  ehRecvr - ok
04:26:16.0580 0x0ff4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
04:26:16.0596 0x0ff4  ehSched - ok
04:26:16.0643 0x0ff4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
04:26:16.0674 0x0ff4  elxstor - ok
04:26:16.0736 0x0ff4  [ 12B914E8AF6DC6948C54A1FC2C6F4581, CA7EB8CBD374900DB051C6C8A1E3BAC4B35BB56CCD654E86374C96B93F6BA45D ] EMET_Service    C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
04:26:16.0736 0x0ff4  EMET_Service - ok
04:26:16.0752 0x0ff4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
04:26:16.0752 0x0ff4  ErrDev - ok
04:26:16.0814 0x0ff4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
04:26:16.0845 0x0ff4  EventSystem - ok
04:26:16.0892 0x0ff4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
04:26:16.0892 0x0ff4  exfat - ok
04:26:16.0923 0x0ff4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
04:26:16.0939 0x0ff4  fastfat - ok
04:26:16.0986 0x0ff4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
04:26:17.0017 0x0ff4  Fax - ok
04:26:17.0048 0x0ff4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
04:26:17.0048 0x0ff4  fdc - ok
04:26:17.0064 0x0ff4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
04:26:17.0079 0x0ff4  fdPHost - ok
04:26:17.0095 0x0ff4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
04:26:17.0095 0x0ff4  FDResPub - ok
04:26:17.0126 0x0ff4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
04:26:17.0126 0x0ff4  FileInfo - ok
04:26:17.0142 0x0ff4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
04:26:17.0142 0x0ff4  Filetrace - ok
04:26:17.0157 0x0ff4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
04:26:17.0157 0x0ff4  flpydisk - ok
04:26:17.0204 0x0ff4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
04:26:17.0204 0x0ff4  FltMgr - ok
04:26:17.0298 0x0ff4  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
04:26:17.0360 0x0ff4  FontCache - ok
04:26:17.0423 0x0ff4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:26:17.0423 0x0ff4  FontCache3.0.0.0 - ok
04:26:17.0438 0x0ff4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
04:26:17.0438 0x0ff4  FsDepends - ok
04:26:17.0469 0x0ff4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
04:26:17.0469 0x0ff4  Fs_Rec - ok
04:26:17.0516 0x0ff4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
04:26:17.0516 0x0ff4  fvevol - ok
04:26:17.0547 0x0ff4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
04:26:17.0547 0x0ff4  gagp30kx - ok
04:26:17.0610 0x0ff4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
04:26:17.0641 0x0ff4  gpsvc - ok
04:26:17.0672 0x0ff4  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
04:26:17.0688 0x0ff4  grmnusb - ok
04:26:17.0703 0x0ff4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
04:26:17.0703 0x0ff4  hcw85cir - ok
04:26:17.0735 0x0ff4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:26:17.0750 0x0ff4  HdAudAddService - ok
04:26:17.0781 0x0ff4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
04:26:17.0781 0x0ff4  HDAudBus - ok
04:26:17.0813 0x0ff4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
04:26:17.0813 0x0ff4  HidBatt - ok
04:26:17.0828 0x0ff4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
04:26:17.0828 0x0ff4  HidBth - ok
04:26:17.0859 0x0ff4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
04:26:17.0859 0x0ff4  HidIr - ok
04:26:17.0891 0x0ff4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
04:26:17.0891 0x0ff4  hidserv - ok
04:26:17.0937 0x0ff4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
04:26:17.0937 0x0ff4  HidUsb - ok
04:26:17.0969 0x0ff4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
04:26:17.0969 0x0ff4  hkmsvc - ok
04:26:18.0000 0x0ff4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:26:18.0015 0x0ff4  HomeGroupListener - ok
04:26:18.0047 0x0ff4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:26:18.0062 0x0ff4  HomeGroupProvider - ok
04:26:18.0187 0x0ff4  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
04:26:18.0234 0x0ff4  hpqwmiex - ok
04:26:18.0265 0x0ff4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
04:26:18.0265 0x0ff4  HpSAMD - ok
04:26:18.0405 0x0ff4  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
04:26:18.0452 0x0ff4  HPSLPSVC - ok
04:26:18.0515 0x0ff4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
04:26:18.0546 0x0ff4  HTTP - ok
04:26:18.0577 0x0ff4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
04:26:18.0577 0x0ff4  hwpolicy - ok
04:26:18.0608 0x0ff4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
04:26:18.0608 0x0ff4  i8042prt - ok
04:26:18.0671 0x0ff4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
04:26:18.0686 0x0ff4  iaStorV - ok
04:26:18.0764 0x0ff4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:26:18.0795 0x0ff4  idsvc - ok
04:26:18.0827 0x0ff4  IEEtwCollectorService - ok
04:26:19.0248 0x0ff4  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
04:26:19.0497 0x0ff4  igfx - ok
04:26:19.0544 0x0ff4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
04:26:19.0544 0x0ff4  iirsp - ok
04:26:19.0622 0x0ff4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
04:26:19.0669 0x0ff4  IKEEXT - ok
04:26:19.0950 0x0ff4  [ 91ED47813243B455E2D81115A8255F0E, 278B3D4397DB98513A952E3DDCFF9B6E2572167E200AA5B6046B23A9E80CA04B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:26:20.0153 0x0ff4  IntcAzAudAddService - ok
04:26:20.0199 0x0ff4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
04:26:20.0199 0x0ff4  intelide - ok
04:26:20.0246 0x0ff4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
04:26:20.0246 0x0ff4  intelppm - ok
04:26:20.0293 0x0ff4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
04:26:20.0293 0x0ff4  IPBusEnum - ok
04:26:20.0324 0x0ff4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:26:20.0340 0x0ff4  IpFilterDriver - ok
04:26:20.0402 0x0ff4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
04:26:20.0418 0x0ff4  iphlpsvc - ok
04:26:20.0449 0x0ff4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
04:26:20.0465 0x0ff4  IPMIDRV - ok
04:26:20.0480 0x0ff4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
04:26:20.0496 0x0ff4  IPNAT - ok
04:26:20.0496 0x0ff4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
04:26:20.0512 0x0ff4  IRENUM - ok
04:26:20.0512 0x0ff4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
04:26:20.0512 0x0ff4  isapnp - ok
04:26:20.0558 0x0ff4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
04:26:20.0574 0x0ff4  iScsiPrt - ok
04:26:20.0590 0x0ff4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
04:26:20.0590 0x0ff4  kbdclass - ok
04:26:20.0621 0x0ff4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
04:26:20.0621 0x0ff4  kbdhid - ok
04:26:20.0683 0x0ff4  [ 249B4AB4EA96E333AA0F01BF67209817, EEA976B7BAC3B49B52D2E1A3D308D9C5EF81DA4483DEC29CC4056319FA08E5DC ] keycrypt        C:\Windows\system32\DRIVERS\KeyCrypt64.sys
04:26:20.0699 0x0ff4  keycrypt - ok
04:26:20.0714 0x0ff4  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] KeyIso          C:\Windows\system32\lsass.exe
04:26:20.0730 0x0ff4  KeyIso - ok
04:26:20.0761 0x0ff4  [ A405647429DE231CD954D93F792CFBA2, EDE6095A20FE10EB26B3018457A44807A120508E6C514F2EAC12F5BA1F74841E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
04:26:20.0777 0x0ff4  KSecDD - ok
04:26:20.0808 0x0ff4  [ E4DC0909B5EACB5BF50F6252095BCFF2, 18779648B7FD9D3DFFD8F314E2197962DF98884CC9F025BC5D884984C1C0759D ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
04:26:20.0824 0x0ff4  KSecPkg - ok
04:26:20.0855 0x0ff4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
04:26:20.0855 0x0ff4  ksthunk - ok
04:26:20.0886 0x0ff4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
04:26:20.0917 0x0ff4  KtmRm - ok
04:26:20.0948 0x0ff4  [ BD56BAE4403497E31727096CEBC42956, 516AC82FA7DDC4D97E26D33C0C2D085EB0D268E0580B87628FCE07F10625AA30 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
04:26:20.0948 0x0ff4  L1C - ok
04:26:21.0026 0x0ff4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
04:26:21.0058 0x0ff4  LanmanServer - ok
04:26:21.0089 0x0ff4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:26:21.0104 0x0ff4  LanmanWorkstation - ok
04:26:21.0136 0x0ff4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
04:26:21.0136 0x0ff4  lltdio - ok
04:26:21.0167 0x0ff4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
04:26:21.0182 0x0ff4  lltdsvc - ok
04:26:21.0229 0x0ff4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
04:26:21.0229 0x0ff4  lmhosts - ok
04:26:21.0276 0x0ff4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
04:26:21.0292 0x0ff4  LSI_FC - ok
04:26:21.0307 0x0ff4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
04:26:21.0307 0x0ff4  LSI_SAS - ok
04:26:21.0338 0x0ff4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
04:26:21.0338 0x0ff4  LSI_SAS2 - ok
04:26:21.0354 0x0ff4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
04:26:21.0370 0x0ff4  LSI_SCSI - ok
04:26:21.0385 0x0ff4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
04:26:21.0385 0x0ff4  luafv - ok
04:26:21.0448 0x0ff4  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
04:26:21.0463 0x0ff4  MBAMProtector - ok
04:26:21.0557 0x0ff4  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
04:26:21.0604 0x0ff4  MBAMService - ok
04:26:21.0619 0x0ff4  [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
04:26:21.0619 0x0ff4  MBAMWebAccessControl - ok
04:26:21.0650 0x0ff4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
04:26:21.0666 0x0ff4  Mcx2Svc - ok
04:26:21.0697 0x0ff4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
04:26:21.0697 0x0ff4  megasas - ok
04:26:21.0744 0x0ff4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
04:26:21.0744 0x0ff4  MegaSR - ok
04:26:21.0822 0x0ff4  Microsoft SharePoint Workspace Audit Service - ok
04:26:21.0853 0x0ff4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
04:26:21.0869 0x0ff4  MMCSS - ok
04:26:21.0916 0x0ff4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
04:26:21.0916 0x0ff4  Modem - ok
04:26:21.0947 0x0ff4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
04:26:21.0947 0x0ff4  monitor - ok
04:26:21.0962 0x0ff4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
04:26:21.0962 0x0ff4  mouclass - ok
04:26:21.0994 0x0ff4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
04:26:21.0994 0x0ff4  mouhid - ok
04:26:22.0040 0x0ff4  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
04:26:22.0040 0x0ff4  mountmgr - ok
04:26:22.0118 0x0ff4  [ 6215DA3AD492CFBEBEE2ADBED0A6CC22, 07B290B58EF722825D50AF97E10B7098A2118B3F335E1FFF8F9E5E9AF7A0A6CE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:26:22.0118 0x0ff4  MozillaMaintenance - ok
04:26:22.0150 0x0ff4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
04:26:22.0150 0x0ff4  mpio - ok
04:26:22.0181 0x0ff4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
04:26:22.0181 0x0ff4  mpsdrv - ok
04:26:22.0243 0x0ff4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
04:26:22.0290 0x0ff4  MpsSvc - ok
04:26:22.0321 0x0ff4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
04:26:22.0337 0x0ff4  MRxDAV - ok
04:26:22.0368 0x0ff4  [ 43E1F4B0EFDC244D2A83995CCD7846F7, B8FB3CB6C736E20399AF3164197B14E977DDEC8FD164564501A328A8A3A30267 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
04:26:22.0384 0x0ff4  mrxsmb - ok
04:26:22.0430 0x0ff4  [ 62CEA59FF56B66154E08BD51D87392C2, 5DC63583E417659139FACD2365C2F8F3C9867E331F7374BD4F6C6E2386B5F746 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:26:22.0446 0x0ff4  mrxsmb10 - ok
04:26:22.0477 0x0ff4  [ 7D65B5E9573A26C204AA547457DBF544, CE88A733D031DEDBA6ADADB7D9911B3D151A2DDB566A65E0C9E1F07B1A4364AF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:26:22.0493 0x0ff4  mrxsmb20 - ok
04:26:22.0524 0x0ff4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
04:26:22.0524 0x0ff4  msahci - ok
04:26:22.0555 0x0ff4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
04:26:22.0555 0x0ff4  msdsm - ok
04:26:22.0586 0x0ff4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
04:26:22.0602 0x0ff4  MSDTC - ok
04:26:22.0618 0x0ff4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
04:26:22.0633 0x0ff4  Msfs - ok
04:26:22.0649 0x0ff4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
04:26:22.0649 0x0ff4  mshidkmdf - ok
04:26:22.0664 0x0ff4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
04:26:22.0664 0x0ff4  msisadrv - ok
04:26:22.0711 0x0ff4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
04:26:22.0727 0x0ff4  MSiSCSI - ok
04:26:22.0727 0x0ff4  msiserver - ok
04:26:22.0758 0x0ff4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
04:26:22.0774 0x0ff4  MSKSSRV - ok
04:26:22.0789 0x0ff4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
04:26:22.0789 0x0ff4  MSPCLOCK - ok
04:26:22.0789 0x0ff4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
04:26:22.0805 0x0ff4  MSPQM - ok
04:26:22.0836 0x0ff4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
04:26:22.0852 0x0ff4  MsRPC - ok
04:26:22.0883 0x0ff4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
04:26:22.0883 0x0ff4  mssmbios - ok
04:26:22.0898 0x0ff4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
04:26:22.0898 0x0ff4  MSTEE - ok
04:26:22.0914 0x0ff4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
04:26:22.0914 0x0ff4  MTConfig - ok
04:26:22.0930 0x0ff4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
04:26:22.0945 0x0ff4  Mup - ok
04:26:22.0992 0x0ff4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
04:26:23.0008 0x0ff4  napagent - ok
04:26:23.0054 0x0ff4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
04:26:23.0070 0x0ff4  NativeWifiP - ok
04:26:23.0148 0x0ff4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
04:26:23.0195 0x0ff4  NDIS - ok
04:26:23.0210 0x0ff4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
04:26:23.0226 0x0ff4  NdisCap - ok
04:26:23.0242 0x0ff4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
04:26:23.0242 0x0ff4  NdisTapi - ok
04:26:23.0257 0x0ff4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
04:26:23.0273 0x0ff4  Ndisuio - ok
04:26:23.0288 0x0ff4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
04:26:23.0288 0x0ff4  NdisWan - ok
04:26:23.0320 0x0ff4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
04:26:23.0320 0x0ff4  NDProxy - ok
04:26:23.0382 0x0ff4  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
04:26:23.0382 0x0ff4  Net Driver HPZ12 - ok
04:26:23.0460 0x0ff4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
04:26:23.0460 0x0ff4  NetBIOS - ok
04:26:23.0491 0x0ff4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
04:26:23.0507 0x0ff4  NetBT - ok
04:26:23.0522 0x0ff4  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] Netlogon        C:\Windows\system32\lsass.exe
04:26:23.0538 0x0ff4  Netlogon - ok
04:26:23.0632 0x0ff4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
04:26:23.0647 0x0ff4  Netman - ok
04:26:23.0694 0x0ff4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:26:23.0694 0x0ff4  NetMsmqActivator - ok
04:26:23.0725 0x0ff4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:26:23.0725 0x0ff4  NetPipeActivator - ok
04:26:23.0772 0x0ff4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
04:26:23.0788 0x0ff4  netprofm - ok
04:26:23.0803 0x0ff4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:26:23.0819 0x0ff4  NetTcpActivator - ok
04:26:23.0834 0x0ff4  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:26:23.0834 0x0ff4  NetTcpPortSharing - ok
04:26:23.0866 0x0ff4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
04:26:23.0881 0x0ff4  nfrd960 - ok
04:26:23.0912 0x0ff4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
04:26:23.0928 0x0ff4  NlaSvc - ok
04:26:23.0959 0x0ff4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
04:26:23.0959 0x0ff4  Npfs - ok
04:26:23.0975 0x0ff4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
04:26:23.0990 0x0ff4  nsi - ok
04:26:23.0990 0x0ff4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
04:26:24.0006 0x0ff4  nsiproxy - ok
04:26:24.0146 0x0ff4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
04:26:24.0224 0x0ff4  Ntfs - ok
04:26:24.0240 0x0ff4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
04:26:24.0240 0x0ff4  Null - ok
04:26:24.0287 0x0ff4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
04:26:24.0302 0x0ff4  nvraid - ok
04:26:24.0318 0x0ff4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
04:26:24.0318 0x0ff4  nvstor - ok
04:26:24.0349 0x0ff4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
04:26:24.0349 0x0ff4  nv_agp - ok
04:26:24.0365 0x0ff4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
04:26:24.0365 0x0ff4  ohci1394 - ok
04:26:24.0443 0x0ff4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:26:24.0458 0x0ff4  ose - ok
04:26:24.0817 0x0ff4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
04:26:25.0020 0x0ff4  osppsvc - ok
04:26:25.0098 0x0ff4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
04:26:25.0114 0x0ff4  p2pimsvc - ok
04:26:25.0160 0x0ff4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
04:26:25.0192 0x0ff4  p2psvc - ok
04:26:25.0223 0x0ff4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
04:26:25.0238 0x0ff4  Parport - ok
04:26:25.0270 0x0ff4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
04:26:25.0270 0x0ff4  partmgr - ok
04:26:25.0332 0x0ff4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
04:26:25.0348 0x0ff4  PcaSvc - ok
04:26:25.0379 0x0ff4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
04:26:25.0394 0x0ff4  pci - ok
04:26:25.0426 0x0ff4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
04:26:25.0426 0x0ff4  pciide - ok
04:26:25.0457 0x0ff4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
04:26:25.0472 0x0ff4  pcmcia - ok
04:26:25.0488 0x0ff4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
04:26:25.0488 0x0ff4  pcw - ok
04:26:25.0535 0x0ff4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
04:26:25.0566 0x0ff4  PEAUTH - ok
04:26:25.0660 0x0ff4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
04:26:25.0675 0x0ff4  PerfHost - ok
04:26:25.0784 0x0ff4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
04:26:25.0847 0x0ff4  pla - ok
04:26:25.0925 0x0ff4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
04:26:25.0940 0x0ff4  PlugPlay - ok
04:26:25.0972 0x0ff4  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:26:25.0987 0x0ff4  Pml Driver HPZ12 - ok
04:26:26.0003 0x0ff4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
04:26:26.0003 0x0ff4  PNRPAutoReg - ok
04:26:26.0050 0x0ff4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
04:26:26.0065 0x0ff4  PNRPsvc - ok
04:26:26.0112 0x0ff4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
04:26:26.0143 0x0ff4  PolicyAgent - ok
04:26:26.0190 0x0ff4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
04:26:26.0206 0x0ff4  Power - ok
04:26:26.0252 0x0ff4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
04:26:26.0268 0x0ff4  PptpMiniport - ok
04:26:26.0284 0x0ff4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
04:26:26.0299 0x0ff4  Processor - ok
04:26:26.0346 0x0ff4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
04:26:26.0362 0x0ff4  ProfSvc - ok
04:26:26.0377 0x0ff4  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] ProtectedStorage C:\Windows\system32\lsass.exe
04:26:26.0377 0x0ff4  ProtectedStorage - ok
04:26:26.0408 0x0ff4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
04:26:26.0424 0x0ff4  Psched - ok
04:26:26.0518 0x0ff4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
04:26:26.0596 0x0ff4  ql2300 - ok
04:26:26.0627 0x0db8  Object required for P2P: [ 11120878E5276B367E1A10FF8C9B595B ] avast! Antivirus
04:26:26.0642 0x0ff4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
04:26:26.0642 0x0ff4  ql40xx - ok
04:26:26.0689 0x0ff4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
04:26:26.0705 0x0ff4  QWAVE - ok
04:26:26.0736 0x0ff4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
04:26:26.0736 0x0ff4  QWAVEdrv - ok
04:26:26.0752 0x0ff4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
04:26:26.0752 0x0ff4  RasAcd - ok
04:26:26.0783 0x0ff4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
04:26:26.0798 0x0ff4  RasAgileVpn - ok
04:26:26.0814 0x0ff4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
04:26:26.0830 0x0ff4  RasAuto - ok
04:26:26.0845 0x0ff4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
04:26:26.0861 0x0ff4  Rasl2tp - ok
04:26:26.0892 0x0ff4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
04:26:26.0923 0x0ff4  RasMan - ok
04:26:26.0939 0x0ff4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
04:26:26.0939 0x0ff4  RasPppoe - ok
04:26:26.0970 0x0ff4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
04:26:26.0970 0x0ff4  RasSstp - ok
04:26:27.0001 0x0ff4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
04:26:27.0017 0x0ff4  rdbss - ok
04:26:27.0048 0x0ff4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
04:26:27.0048 0x0ff4  rdpbus - ok
04:26:27.0079 0x0ff4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
04:26:27.0079 0x0ff4  RDPCDD - ok
04:26:27.0095 0x0ff4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
04:26:27.0095 0x0ff4  RDPENCDD - ok
04:26:27.0126 0x0ff4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
04:26:27.0126 0x0ff4  RDPREFMP - ok
04:26:27.0173 0x0ff4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
04:26:27.0173 0x0ff4  RDPWD - ok
04:26:27.0204 0x0ff4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
04:26:27.0220 0x0ff4  rdyboost - ok
04:26:27.0251 0x0ff4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
04:26:27.0266 0x0ff4  RemoteAccess - ok
04:26:27.0298 0x0ff4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
04:26:27.0313 0x0ff4  RemoteRegistry - ok
04:26:27.0391 0x0ff4  [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
04:26:27.0407 0x0ff4  RoxioNow Service - ok
04:26:27.0438 0x0ff4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
04:26:27.0438 0x0ff4  RpcEptMapper - ok
04:26:27.0469 0x0ff4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
04:26:27.0469 0x0ff4  RpcLocator - ok
04:26:27.0516 0x0ff4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
04:26:27.0547 0x0ff4  RpcSs - ok
04:26:27.0594 0x0ff4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
04:26:27.0594 0x0ff4  rspndr - ok
04:26:27.0610 0x0ff4  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] SamSs           C:\Windows\system32\lsass.exe
04:26:27.0625 0x0ff4  SamSs - ok
04:26:27.0641 0x0ff4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
04:26:27.0656 0x0ff4  sbp2port - ok
04:26:27.0672 0x0ff4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
04:26:27.0688 0x0ff4  SCardSvr - ok
04:26:27.0703 0x0ff4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
04:26:27.0719 0x0ff4  scfilter - ok
04:26:27.0797 0x0ff4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
04:26:27.0844 0x0ff4  Schedule - ok
04:26:27.0875 0x0ff4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
04:26:27.0890 0x0ff4  SCPolicySvc - ok
04:26:27.0906 0x0ff4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
04:26:27.0922 0x0ff4  SDRSVC - ok
04:26:27.0968 0x0ff4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
04:26:27.0968 0x0ff4  secdrv - ok
04:26:27.0984 0x0ff4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
04:26:28.0000 0x0ff4  seclogon - ok
04:26:28.0015 0x0ff4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
04:26:28.0031 0x0ff4  SENS - ok
04:26:28.0046 0x0ff4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
04:26:28.0062 0x0ff4  SensrSvc - ok
04:26:28.0078 0x0ff4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
04:26:28.0093 0x0ff4  Serenum - ok
04:26:28.0109 0x0ff4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
04:26:28.0124 0x0ff4  Serial - ok
04:26:28.0156 0x0ff4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
04:26:28.0156 0x0ff4  sermouse - ok
04:26:28.0202 0x0ff4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
04:26:28.0218 0x0ff4  SessionEnv - ok
04:26:28.0234 0x0ff4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
04:26:28.0234 0x0ff4  sffdisk - ok
04:26:28.0249 0x0ff4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
04:26:28.0249 0x0ff4  sffp_mmc - ok
04:26:28.0265 0x0ff4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
04:26:28.0265 0x0ff4  sffp_sd - ok
04:26:28.0280 0x0ff4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
04:26:28.0280 0x0ff4  sfloppy - ok
04:26:28.0327 0x0ff4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
04:26:28.0358 0x0ff4  SharedAccess - ok
04:26:28.0390 0x0ff4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:26:28.0405 0x0ff4  ShellHWDetection - ok
04:26:28.0436 0x0ff4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
04:26:28.0436 0x0ff4  SiSRaid2 - ok
04:26:28.0452 0x0ff4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
04:26:28.0468 0x0ff4  SiSRaid4 - ok
04:26:28.0499 0x0ff4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
04:26:28.0499 0x0ff4  Smb - ok
04:26:28.0561 0x0ff4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
04:26:28.0561 0x0ff4  SNMPTRAP - ok
04:26:28.0577 0x0ff4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
04:26:28.0577 0x0ff4  spldr - ok
04:26:28.0655 0x0ff4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
04:26:28.0686 0x0ff4  Spooler - ok
04:26:28.0889 0x0ff4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
04:26:29.0029 0x0ff4  sppsvc - ok
04:26:29.0060 0x0ff4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
04:26:29.0076 0x0ff4  sppuinotify - ok
04:26:29.0154 0x0ff4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
04:26:29.0170 0x0ff4  srv - ok
04:26:29.0201 0x0ff4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
04:26:29.0232 0x0ff4  srv2 - ok
04:26:29.0248 0x0ff4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
04:26:29.0263 0x0ff4  srvnet - ok
04:26:29.0294 0x0ff4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
04:26:29.0310 0x0ff4  SSDPSRV - ok
04:26:29.0326 0x0ff4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
04:26:29.0341 0x0ff4  SstpSvc - ok
04:26:29.0372 0x0ff4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
04:26:29.0372 0x0ff4  stexstor - ok
04:26:29.0435 0x0ff4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
04:26:29.0466 0x0ff4  stisvc - ok
04:26:29.0482 0x0ff4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
04:26:29.0482 0x0ff4  swenum - ok
04:26:29.0528 0x0ff4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
04:26:29.0560 0x0ff4  swprv - ok
04:26:29.0684 0x0ff4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
04:26:29.0747 0x0ff4  SysMain - ok
04:26:29.0762 0x0db8  Object send P2P result: true
04:26:29.0794 0x0ff4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:26:29.0809 0x0ff4  TabletInputService - ok
04:26:29.0840 0x0ff4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
04:26:29.0872 0x0ff4  TapiSrv - ok
04:26:29.0887 0x0ff4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
04:26:29.0903 0x0ff4  TBS - ok
04:26:30.0028 0x0ff4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
04:26:30.0106 0x0ff4  Tcpip - ok
04:26:30.0215 0x0ff4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
04:26:30.0293 0x0ff4  TCPIP6 - ok
04:26:30.0340 0x0ff4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
04:26:30.0340 0x0ff4  tcpipreg - ok
04:26:30.0386 0x0ff4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
04:26:30.0386 0x0ff4  TDPIPE - ok
04:26:30.0418 0x0ff4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
04:26:30.0418 0x0ff4  TDTCP - ok
04:26:30.0464 0x0ff4  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
04:26:30.0480 0x0ff4  tdx - ok
04:26:30.0511 0x0ff4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
04:26:30.0511 0x0ff4  TermDD - ok
04:26:30.0589 0x0ff4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
04:26:30.0620 0x0ff4  TermService - ok
04:26:30.0652 0x0ff4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
04:26:30.0667 0x0ff4  Themes - ok
04:26:30.0698 0x0ff4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
04:26:30.0698 0x0ff4  THREADORDER - ok
04:26:30.0730 0x0ff4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
04:26:30.0745 0x0ff4  TrkWks - ok
04:26:30.0808 0x0ff4  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
04:26:30.0823 0x0ff4  TrueSight - ok
04:26:30.0870 0x0ff4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:26:30.0886 0x0ff4  TrustedInstaller - ok
04:26:30.0932 0x0ff4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
04:26:30.0932 0x0ff4  tssecsrv - ok
04:26:30.0979 0x0ff4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
04:26:30.0979 0x0ff4  TsUsbFlt - ok
04:26:31.0026 0x0ff4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
04:26:31.0026 0x0ff4  TsUsbGD - ok
04:26:31.0073 0x0ff4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
04:26:31.0073 0x0ff4  tunnel - ok
04:26:31.0104 0x0ff4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
04:26:31.0104 0x0ff4  uagp35 - ok
04:26:31.0151 0x0ff4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
04:26:31.0166 0x0ff4  udfs - ok
04:26:31.0213 0x0ff4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
04:26:31.0229 0x0ff4  UI0Detect - ok
04:26:31.0244 0x0ff4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
04:26:31.0244 0x0ff4  uliagpkx - ok
04:26:31.0276 0x0ff4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
04:26:31.0276 0x0ff4  umbus - ok
04:26:31.0307 0x0ff4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
04:26:31.0307 0x0ff4  UmPass - ok
04:26:31.0354 0x0ff4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
04:26:31.0369 0x0ff4  upnphost - ok
04:26:31.0416 0x0ff4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
04:26:31.0432 0x0ff4  usbaudio - ok
04:26:31.0447 0x0ff4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
04:26:31.0463 0x0ff4  usbccgp - ok
04:26:31.0494 0x0ff4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
04:26:31.0510 0x0ff4  usbcir - ok
04:26:31.0541 0x0ff4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
04:26:31.0541 0x0ff4  usbehci - ok
04:26:31.0572 0x0ff4  [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\Windows\system32\drivers\usbfilter.sys
04:26:31.0588 0x0ff4  usbfilter - ok
04:26:31.0619 0x0ff4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
04:26:31.0634 0x0ff4  usbhub - ok
04:26:31.0666 0x0ff4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
04:26:31.0666 0x0ff4  usbohci - ok
04:26:31.0712 0x0ff4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
04:26:31.0712 0x0ff4  usbprint - ok
04:26:31.0759 0x0ff4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
04:26:31.0759 0x0ff4  usbscan - ok
04:26:31.0790 0x0ff4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:26:31.0806 0x0ff4  USBSTOR - ok
04:26:31.0837 0x0ff4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
04:26:31.0837 0x0ff4  usbuhci - ok
04:26:31.0853 0x0ff4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
04:26:31.0868 0x0ff4  UxSms - ok
04:26:31.0900 0x0ff4  [ FDD980360C9D72DA77F4C59376AE95C9, A5C1BCFBCCD031A24BD87D6A193F595B45EA5AC9FEBC198F552EED60AB75238E ] VaultSvc        C:\Windows\system32\lsass.exe
04:26:31.0900 0x0ff4  VaultSvc - ok
04:26:31.0946 0x0ff4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
04:26:31.0946 0x0ff4  vdrvroot - ok
04:26:31.0993 0x0ff4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
04:26:32.0024 0x0ff4  vds - ok
04:26:32.0040 0x0ff4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
04:26:32.0040 0x0ff4  vga - ok
04:26:32.0056 0x0ff4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
04:26:32.0071 0x0ff4  VgaSave - ok
04:26:32.0087 0x0ff4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
04:26:32.0102 0x0ff4  vhdmp - ok
04:26:32.0134 0x0ff4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
04:26:32.0134 0x0ff4  viaide - ok
04:26:32.0165 0x0ff4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
04:26:32.0165 0x0ff4  volmgr - ok
04:26:32.0196 0x0ff4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
04:26:32.0212 0x0ff4  volmgrx - ok
04:26:32.0274 0x0ff4  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
04:26:32.0290 0x0ff4  volsnap - ok
04:26:32.0321 0x0ff4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
04:26:32.0336 0x0ff4  vsmraid - ok
04:26:32.0430 0x0ff4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
04:26:32.0508 0x0ff4  VSS - ok
04:26:32.0524 0x0ff4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
04:26:32.0539 0x0ff4  vwifibus - ok
04:26:32.0586 0x0ff4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
04:26:32.0602 0x0ff4  W32Time - ok
04:26:32.0711 0x0ff4  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
04:26:32.0726 0x0ff4  W3SVC - ok
04:26:32.0758 0x0ff4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
04:26:32.0758 0x0ff4  WacomPen - ok
04:26:32.0789 0x0ff4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
04:26:32.0789 0x0ff4  WANARP - ok
04:26:32.0804 0x0ff4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
04:26:32.0820 0x0ff4  Wanarpv6 - ok
04:26:32.0851 0x0ff4  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
04:26:32.0882 0x0ff4  WAS - ok
04:26:32.0976 0x0ff4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
04:26:33.0023 0x0ff4  WatAdminSvc - ok
04:26:33.0132 0x0ff4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
04:26:33.0210 0x0ff4  wbengine - ok
04:26:33.0226 0x0ff4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
04:26:33.0241 0x0ff4  WbioSrvc - ok
04:26:33.0272 0x0ff4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
04:26:33.0304 0x0ff4  wcncsvc - ok
04:26:33.0319 0x0ff4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:26:33.0335 0x0ff4  WcsPlugInService - ok
04:26:33.0366 0x0ff4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
04:26:33.0366 0x0ff4  Wd - ok
04:26:33.0444 0x0ff4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
04:26:33.0475 0x0ff4  Wdf01000 - ok
04:26:33.0506 0x0ff4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
04:26:33.0522 0x0ff4  WdiServiceHost - ok
04:26:33.0538 0x0ff4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
04:26:33.0538 0x0ff4  WdiSystemHost - ok
04:26:33.0600 0x0ff4  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
04:26:33.0616 0x0ff4  WebClient - ok
04:26:33.0678 0x0ff4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
04:26:33.0694 0x0ff4  Wecsvc - ok
04:26:33.0725 0x0ff4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
04:26:33.0740 0x0ff4  wercplsupport - ok
04:26:33.0772 0x0ff4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
04:26:33.0787 0x0ff4  WerSvc - ok
04:26:33.0818 0x0ff4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
04:26:33.0818 0x0ff4  WfpLwf - ok
04:26:33.0850 0x0ff4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
04:26:33.0850 0x0ff4  WIMMount - ok
04:26:33.0881 0x0ff4  WinDefend - ok
04:26:33.0928 0x0ff4  WinHttpAutoProxySvc - ok
04:26:33.0990 0x0ff4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
04:26:34.0006 0x0ff4  Winmgmt - ok
04:26:34.0130 0x0ff4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
04:26:34.0208 0x0ff4  WinRM - ok
04:26:34.0286 0x0ff4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
04:26:34.0286 0x0ff4  WinUsb - ok
04:26:34.0364 0x0ff4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
04:26:34.0411 0x0ff4  Wlansvc - ok
04:26:34.0489 0x0ff4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:26:34.0505 0x0ff4  wlcrasvc - ok
04:26:34.0645 0x0ff4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:26:34.0739 0x0ff4  wlidsvc - ok
04:26:34.0786 0x0ff4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
04:26:34.0786 0x0ff4  WmiAcpi - ok
04:26:34.0848 0x0ff4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
04:26:34.0848 0x0ff4  wmiApSrv - ok
04:26:34.0879 0x0ff4  WMPNetworkSvc - ok
04:26:34.0910 0x0ff4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
04:26:34.0926 0x0ff4  WPCSvc - ok
04:26:34.0942 0x0ff4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
04:26:34.0957 0x0ff4  WPDBusEnum - ok
04:26:34.0988 0x0ff4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
04:26:34.0988 0x0ff4  ws2ifsl - ok
04:26:35.0020 0x0ff4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
04:26:35.0035 0x0ff4  wscsvc - ok
04:26:35.0035 0x0ff4  WSearch - ok
04:26:35.0207 0x0ff4  [ 39D604E190DFE2E483B637D6796ABAFF, 52DCCEA0DB59F00C615D94CC2B70FC1C335E553E8FC79AAC8C8C7D9EE1F6111D ] wuauserv        C:\Windows\system32\wuaueng.dll
04:26:35.0316 0x0ff4  wuauserv - ok
04:26:35.0363 0x0ff4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
04:26:35.0363 0x0ff4  WudfPf - ok
04:26:35.0410 0x0ff4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
04:26:35.0425 0x0ff4  WUDFRd - ok
04:26:35.0456 0x0ff4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
04:26:35.0472 0x0ff4  wudfsvc - ok
04:26:35.0534 0x0ff4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
04:26:35.0550 0x0ff4  WwanSvc - ok
04:26:35.0597 0x0ff4  ================ Scan global ===============================
04:26:35.0628 0x0ff4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
04:26:35.0675 0x0ff4  [ 8927015C999D55D9B4AC66000EE5343D, 2AC4896880BAD44192822063A31785F4A716D992201B3E6A590A2D75D9729A4A ] C:\Windows\system32\winsrv.dll
04:26:35.0706 0x0ff4  [ 8927015C999D55D9B4AC66000EE5343D, 2AC4896880BAD44192822063A31785F4A716D992201B3E6A590A2D75D9729A4A ] C:\Windows\system32\winsrv.dll
04:26:35.0753 0x0ff4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
04:26:35.0800 0x0ff4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
04:26:35.0815 0x0ff4  [ Global ] - ok
04:26:35.0815 0x0ff4  ================ Scan MBR ==================================
04:26:35.0846 0x0ff4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:26:36.0205 0x0ff4  \Device\Harddisk0\DR0 - ok
04:26:36.0205 0x0ff4  ================ Scan VBR ==================================
04:26:36.0205 0x0ff4  [ 4CC643C941E97DEC710D7F0BEA92BE76 ] \Device\Harddisk0\DR0\Partition1
04:26:36.0221 0x0ff4  \Device\Harddisk0\DR0\Partition1 - ok
04:26:36.0221 0x0ff4  [ 5836FCA9E2330E4262C9ED3607AB39AE ] \Device\Harddisk0\DR0\Partition2
04:26:36.0221 0x0ff4  \Device\Harddisk0\DR0\Partition2 - ok
04:26:36.0236 0x0ff4  [ D6B5E060279F9D0C6466B0E8CDBEB9DC ] \Device\Harddisk0\DR0\Partition3
04:26:36.0236 0x0ff4  \Device\Harddisk0\DR0\Partition3 - ok
04:26:36.0236 0x0ff4  ================ Scan generic autorun ======================
04:26:36.0283 0x0ff4  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
04:26:36.0283 0x0ff4  hpsysdrv - ok
04:26:36.0704 0x0ff4  [ 123CE08362EE48BBA7F9F1D7EB50F24F, B78A49B186475805D7022E22AE163C535F3594F62CEA2759547EC514FA6CBFCC ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
04:26:36.0938 0x0ff4  AvastUI.exe - ok
04:26:37.0048 0x0ff4  [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
04:26:37.0063 0x0ff4  SunJavaUpdateSched - ok
04:26:37.0594 0x0ff4  [ 8D71BB209D84BE4DD6DB335D19A845CB, A7D104DDC14534ADBD5BC11E29E836B23493CB98AB947DF92789CAB2CD69305E ] C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
04:26:37.0921 0x0ff4  ZALFree - ok
04:26:38.0015 0x0ff4  [ F655E4A1AED366E96E5D5AA397E0F255, F8573CCA72FA25079B8CE2FC5D30379487E2905B109C73C741FAB31589FA49E1 ] C:\Program Files (x86)\QuickTime\QTTask.exe
04:26:38.0030 0x0ff4  QuickTime Task - ok
04:26:38.0155 0x0ff4  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
04:26:38.0202 0x0ff4  WinPatrol - ok
04:26:38.0701 0x0ff4  [ F679E30A5F7CE39F7FA134E61BD2D6D3, 84BD25FFF9C47AC5A00E225DCF03D82A79FE036E3B553D2D81254F2F1FC120A1 ] C:\Program Files\CCleaner\CCleaner64.exe
04:26:38.0998 0x0ff4  CCleaner Monitoring - ok
04:26:39.0122 0x0ff4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
04:26:39.0200 0x0ff4  Sidebar - ok
04:26:39.0232 0x0ff4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
04:26:39.0232 0x0ff4  mctadmin - ok
04:26:39.0247 0x0ff4  Waiting for KSN requests completion. In queue: 171
04:26:40.0261 0x0ff4  Waiting for KSN requests completion. In queue: 171
04:26:41.0275 0x0ff4  Waiting for KSN requests completion. In queue: 171
04:26:42.0398 0x0ff4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.4.2233.1299 ), 0x41000 ( enabled : updated )
04:26:42.0430 0x0ff4  Win FW state via NFP2: enabled ( trusted )
04:26:45.0362 0x0ff4  ============================================================
04:26:45.0362 0x0ff4  Scan finished
04:26:45.0362 0x0ff4  ============================================================
04:26:45.0378 0x1164  Detected object count: 0
04:26:45.0378 0x1164  Actual detected object count: 0
04:36:47.0453 0x0d0c  Deinitialize success
 

 

 

Farbar Service Scanner Version: 26-07-2015
Ran by tom (administrator) on 13-10-2015 at 04:40:26
Running from "C:\Users\tom\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#12 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 13 October 2015 - 04:57 AM

The three requested logs are pasted below.  I wanted to mention that I had connected three external hard drives for the ESET scan earlier.  I removed these devices after that scan.  Was I supposed to leave them connected?  Thanks.

No, you can leave these devices removed after that scan.

For me this pc looks clean.
Are there still any malware related issues with your computer?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 15 October 2015 - 01:13 PM

Hi Jo,

 

Computer seemed to be running considerably better last evening.  I reinstalled my Chrome browser that I had removed before I posted on this forum.  Since I used it mainly and was most familiar with how was working prior to your help, I thought I could give you a more accurate report on how it was working.  I hope that was okay.

Although it is better, I am still seeing a few browser issues that may or may not be part of the problem.

 

Both Mozilla Firefox and Google Chrome are loading webpages very slowly.  This actually wasn't a problem earlier but has become one recently.  The pages also will move up or down on their own, without me using the mouse or keyboard, and my mouse doesn't always react when clicked.

 

That's all I've noticed so far, but it does seem better.



#14 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 AM

Posted 15 October 2015 - 03:10 PM

SFC /Scannow

Run the System File Checker tool (SFC.exe) from command prompt.
http://support.microsoft.com/kb/929833/en-us

Then copy the C:\Windows\Logs\CBS\CBS.log to the desktop. Then zip this file from the desktop and upload to a service such as SendSpace and just provide the link here with your next post.
 

***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 KliaMia

KliaMia
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 16 October 2015 - 07:46 PM

I ran the System File Checker tool, and I uploaded a zipped file of the log using the service, SendSpace. The link for this log is:  https://www.sendspace.com/file/wubh0b

 

This is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
Ran by tom (administrator) on KIMBERLY (16-10-2015 18:48:55)
Running from C:\Users\tom\Desktop\Downloads
Loaded Profiles: tom (Available Profiles: tom & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-19] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6953FB2F-DF78-4E38-A26E-FB93FCF70395}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4156657441-31240855-2336214866-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-21] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tom\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-08-30] (Cisco WebEx LLC)
FF Extension: HTTPS-Everywhere - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\https-everywhere@eff.org [2015-09-10]
FF Extension: Flashblock - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-09-10]
FF Extension: WOT - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-16]
FF Extension: NoScript - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-10]
FF Extension: Adblock Plus - C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\i3wdzzca.default-1441884800134\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-19]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-14]
CHR Extension: (Google Docs) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Google Drive) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-14]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-10-14]
CHR Extension: (YouTube) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Adblock Plus) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-14]
CHR Extension: (Google Search) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-14]
CHR Extension: (Google Sheets) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-14]
CHR Extension: (HTTPS Everywhere) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-14]
CHR Extension: (Flashcontrol) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-14]
CHR Extension: (Gmail) - C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-19] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-19] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-16 18:31 - 2015-10-16 18:31 - 00095330 _____ C:\Users\tom\Desktop\SFCKliaMia.zip
2015-10-16 14:35 - 2015-10-16 09:52 - 00948406 _____ C:\Users\tom\Desktop\CBS.log
2015-10-16 00:17 - 2015-10-16 00:23 - 00001775 _____ C:\ProgramData\hpzinstall.log
2015-10-14 18:22 - 2015-10-15 19:33 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-14 18:22 - 2015-10-14 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-14 18:20 - 2015-10-16 18:25 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 18:20 - 2015-10-16 18:25 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 18:20 - 2015-10-14 18:20 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-14 18:20 - 2015-10-14 18:20 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-13 04:40 - 2015-10-13 04:40 - 00002345 _____ C:\Users\tom\Desktop\FSS.txt
2015-10-13 04:37 - 2015-10-13 04:37 - 00899072 _____ (Farbar) C:\Users\tom\Desktop\FSS.exe
2015-10-13 04:35 - 2015-10-13 04:35 - 00013791 _____ C:\Users\tom\Desktop\TDSSKiller.3.1.0.5_13.10.2015_04.23.50_log.txt - Shortcut.lnk
2015-10-13 04:23 - 2015-10-13 04:23 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\tom\Desktop\tdsskiller.exe
2015-10-12 07:39 - 2015-10-12 07:39 - 00020970 _____ C:\Users\tom\Desktop\Combofix.txt
2015-10-12 07:25 - 2015-10-12 07:25 - 00020970 ____C C:\ComboFix.txt
2015-10-12 06:58 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-12 06:58 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-12 06:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-12 06:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-12 06:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-12 06:58 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-12 06:58 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-12 06:58 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-12 06:57 - 2015-10-12 07:25 - 00000000 ___DC C:\Qoobox
2015-10-12 06:56 - 2015-10-12 06:56 - 05636349 ____R (Swearware) C:\Users\tom\Desktop\ComboFix.exe
2015-10-11 18:21 - 2015-10-11 18:21 - 00001762 _____ C:\Users\tom\Desktop\MyEsetScan.txt
2015-10-11 13:28 - 2015-10-11 13:28 - 00000000 ___DC C:\Program Files (x86)\ESET
2015-10-09 07:36 - 2015-10-09 07:36 - 00001025 _____ C:\Users\tom\Desktop\FRST64.exe - Shortcut.lnk
2015-10-08 18:28 - 2015-10-08 18:28 - 00001081 _____ C:\Users\tom\Desktop\FRST10-08-15.txt - Shortcut.lnk
2015-10-08 13:20 - 2015-10-08 13:20 - 00001226 _____ C:\Users\tom\Desktop\JRT.txt
2015-10-08 06:36 - 2015-10-08 06:36 - 00000673 _____ C:\Users\tom\Desktop\AdwCleaner[S4].txt
2015-10-08 06:23 - 2015-10-08 06:23 - 00001184 _____ C:\Users\tom\Desktop\mbar-log-2015-10-08 (05-47-30).txt - Shortcut.lnk
2015-10-08 05:42 - 2015-10-08 06:22 - 00000000 ____D C:\Users\tom\Desktop\mbar
2015-10-08 05:39 - 2015-10-08 05:39 - 00000818 _____ C:\Users\tom\Desktop\checkup.txt
2015-10-04 19:46 - 2015-10-04 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-04 19:45 - 2015-10-04 19:46 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-10-04 19:45 - 2015-10-04 19:45 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-04 12:17 - 2015-10-16 18:49 - 00000000 ___DC C:\FRST
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ___DC C:\Program Files (x86)\Cobian Backup 11
2015-10-04 11:26 - 2015-10-04 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-10-03 11:13 - 2015-10-03 11:13 - 00001102 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\Zemana AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ___DC C:\Program Files (x86)\KeyCryptSDK
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\Users\tom\AppData\Local\AntiLogger Free
2015-10-03 11:13 - 2015-10-03 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-10-03 11:13 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-10-03 10:27 - 2015-10-08 06:31 - 00000000 ___DC C:\AdwCleaner
2015-09-30 19:24 - 2015-10-16 00:45 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-09-23 06:55 - 2015-09-23 07:03 - 00000000 ____D C:\Users\tom\AppData\Local\Microsoft Games
2015-09-21 19:12 - 2015-09-21 19:08 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-21 19:12 - 2015-09-21 19:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\AppData\Roaming\Sun
2015-09-21 19:09 - 2015-09-21 19:09 - 00000000 ____D C:\Users\tom\.oracle_jre_usage
2015-09-20 21:06 - 2015-09-20 21:07 - 00664576 _____ C:\Users\tom\Downloads\MicrosoftFixit50562.msi
2015-09-19 20:18 - 2015-09-19 20:18 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Oracle
2015-09-19 13:10 - 2015-09-19 13:10 - 00000000 ____D C:\Users\tom\AppData\Roaming\AVAST Software
2015-09-19 01:18 - 2015-09-19 01:18 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-19 01:18 - 2015-09-19 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-19 01:17 - 2015-10-15 12:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-19 01:17 - 2015-09-19 01:16 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-19 01:17 - 2015-09-19 01:16 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-19 01:17 - 2015-09-19 01:16 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-19 01:16 - 2015-09-19 01:16 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-19 01:15 - 2015-09-19 01:15 - 00000000 ___DC C:\Program Files\AVAST Software
2015-09-19 01:11 - 2015-09-19 01:12 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-18 19:47 - 2015-09-18 20:30 - 154429024 _____ (AVAST Software) C:\Users\tom\Downloads\avast_free_antivirus_setup.exe
2015-09-16 22:24 - 2015-09-16 22:24 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\tom\Downloads\autoruns.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-16 18:23 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-16 18:23 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-16 10:04 - 2015-07-25 08:08 - 01779668 ____N C:\Windows\WindowsUpdate.log
2015-10-16 05:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-16 00:21 - 2011-10-10 19:27 - 00000000 ___DC C:\Program Files (x86)\Hp
2015-10-15 01:16 - 2009-07-14 00:13 - 00819102 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-14 18:21 - 2013-02-15 00:51 - 00000000 ___DC C:\Program Files (x86)\Google
2015-10-14 18:02 - 2015-07-25 09:17 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-14 07:00 - 2015-07-24 22:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 06:59 - 2015-07-25 09:17 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-14 06:59 - 2015-07-25 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-12 07:19 - 2009-07-13 21:34 - 00000215 ____C C:\Windows\system.ini
2015-10-09 07:44 - 2012-09-02 16:05 - 00000000 ____D C:\Users\tom\AppData\LocalLow\Temp
2015-10-08 13:06 - 2012-09-02 01:03 - 00000000 ____D C:\Users\tom
2015-10-08 06:22 - 2014-06-10 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-05 09:50 - 2015-07-25 09:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-07-25 09:17 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-05 09:50 - 2015-07-24 22:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-04 19:41 - 2013-02-15 00:51 - 00000000 ____D C:\Users\tom\AppData\Local\Google
2015-10-01 06:17 - 2014-09-15 18:31 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-30 22:47 - 2014-06-10 15:38 - 00000000 ____D C:\Windows\ERUNT
2015-09-30 22:47 - 2014-04-13 20:53 - 00002268 ____C C:\DelFix.txt
2015-09-30 22:47 - 2014-02-15 11:19 - 00000000 ___DC C:\Program Files (x86)\Trend Micro
2015-09-30 16:42 - 2015-08-04 04:56 - 00000000 ____D C:\Windows\Panther
2015-09-30 16:29 - 2015-09-10 01:58 - 00000000 ____D C:\$Windows.~BT
2015-09-23 18:44 - 2015-07-14 23:36 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 18:44 - 2015-07-14 23:36 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-23 12:46 - 2013-04-14 14:43 - 00000000 ____D C:\Users\tom\AppData\Local\CrashDumps
2015-09-23 06:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-21 19:12 - 2014-02-07 06:22 - 00000000 ___DC C:\Program Files (x86)\Java
2015-09-21 19:10 - 2015-01-29 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 03:38 - 2015-05-30 14:42 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-19 19:39 - 2012-09-02 01:08 - 00109296 _____ C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-19 19:37 - 2009-07-13 23:45 - 00408136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-19 13:19 - 2015-08-15 18:01 - 00000000 ___DC C:\Program Files (x86)\Panda Security
2015-09-19 13:15 - 2015-08-15 17:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-09-19 13:14 - 2015-08-15 18:02 - 00000000 ____D C:\Users\tom\AppData\Roaming\Panda Security
2015-09-17 23:09 - 2015-04-24 12:47 - 00000000 ____D C:\Users\tom\Documents\Employment
2015-09-16 06:43 - 2015-05-30 16:12 - 00000000 ____D C:\Users\tom\Documents\Teaching
 
==================== Files in the root of some directories =======
 
2014-08-18 16:49 - 2014-09-06 09:25 - 0187620 _____ () C:\Users\tom\AppData\Local\ars.cache
2014-08-18 16:49 - 2014-09-06 09:25 - 0254410 _____ () C:\Users\tom\AppData\Local\census.cache
2014-05-26 11:40 - 2014-11-09 17:59 - 0007168 _____ () C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-18 16:33 - 2014-08-18 16:33 - 0000036 _____ () C:\Users\tom\AppData\Local\housecall.guid.cache
2014-02-08 20:52 - 2014-02-18 18:55 - 0007611 _____ () C:\Users\tom\AppData\Local\resmon.resmoncfg
2014-08-18 16:45 - 2014-09-06 09:18 - 0000010 _____ () C:\Users\tom\AppData\Local\sponge.last.runtime.cache
2015-10-16 00:17 - 2015-10-16 00:23 - 0001775 _____ () C:\ProgramData\hpzinstall.log
2015-05-30 14:05 - 2015-05-30 14:06 - 34766336 _____ () C:\ProgramData\pollev_presenter_installer.msi
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\olepro32.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-11 00:01
 
==================== End of FRST.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users