Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Zeroot-B infection or not? - Windows 7


  • This topic is locked This topic is locked
17 replies to this topic

#1 amjamm

amjamm

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 20 February 2016 - 01:58 PM

I have Avast virus software 11.1.2245.  On 1/27/16 I was alerted to this rootkit which Avast apparently quarantined.  I ran multiple scans and it has never indicated that it is present again.  
 
 
 
Today was the first day that I have had a chance to run some additional diagnostics.  I ran RootkitRemover: 
 
[ TimeStamp: 20160220 121236 ]Rootkit Remover v0.8.9.209 [Dec  7 2015 - 22:57:24]
McAfee Labs.
 
Windows build 6.1.7601 x64 Service Pack 1
Checking for updates ...
 
 
Scanning for user-mode threats ...
 
Scanning for kernel-mode threats ...
    Scan Result --> No trojan or viruses found!
Scan Finished
 
I ran MalwareBytes with a clean scan.  
 
I ran aswMBR Quickscan:
 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-02-20 12:39:14
-----------------------------
12:39:14.246    OS Version: Windows x64 6.1.7601 Service Pack 1
12:39:14.246    Number of processors: 4 586 0x3C03
12:39:14.246    ComputerName: ACERDESKTOP2015  UserName: Amber
12:39:15.121    Initialize success
12:39:15.218    VM: initialized successfully
12:39:15.218    VM: Intel CPU supported 
12:39:21.066    VM: supported disk I/O ataport.SYS
12:39:25.100    AVAST engine defs: 16022000
12:39:40.673    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:39:40.673    Disk 0 Vendor: WDC_WD10EZEX-21M2NA0 01.01A01 Size: 953869MB BusType: 11
12:39:40.767    VM: Disk 0 MBR read successfully
12:39:40.782    Disk 0 MBR scan
12:39:40.782    Disk 0 Windows 7 default MBR code
12:39:40.798    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18000 MB offset 2048
12:39:40.829    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 36866048
12:39:40.860    Disk 0 default boot code
12:39:40.892    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       478662 MB offset 37070848
12:39:40.892    Disk 0 Partition - 00     0F   Extended LBA            457104 MB offset 1017372672
12:39:40.925    Disk 0 Partition 4 00     07      HPFS/NTFS NTFS       457103 MB offset 1017374720
12:39:40.972    Disk 0 scanning C:\Windows\system32\drivers
12:39:47.597    Service scanning
12:40:01.176    Modules scanning
12:40:01.176    Disk 0 trace - called modules:
12:40:01.207    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:40:01.207    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077c3060]
12:40:01.207    3 CLASSPNP.SYS[fffff88001a4843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80072772e0]
12:40:01.634    AVAST engine scan C:\Windows
12:40:03.214    AVAST engine scan C:\Windows\system32
12:41:48.494    AVAST engine scan C:\Windows\system32\drivers
12:42:00.420    AVAST engine scan C:\Users\Amber
12:55:31.642    AVAST engine scan C:\ProgramData
12:57:28.772    Disk 0 statistics 4600847/0/27 @ 2.51 MB/s
12:57:28.787    Scan finished successfully
13:01:33.858    Disk 0 MBR has been saved successfully to "C:\Users\Amber\Downloads\MBR.dat"
13:01:33.858    The log file has been saved successfully to "C:\Users\Amber\Downloads\aswMBR 022016.txt"
 
When I tried to run aswMBR c:\, twice, it wouldn't complete the scan.  
 
I have been following the thread http://www.bleepingcomputer.com/forums/t/550578/apparent-infection-of-unknown-type/ but got to the ComboFix part and stopped.  
 
I have not rebooted my computer since the infection on 1/27/16.  
 
Now I will say help and thank you for your assistance!!
 
Amber

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 20 February 2016 - 02:44 PM

TDSSKiller ran today with nothing found:

 

14:39:06.0552 0x536c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
14:39:14.0084 0x536c  ============================================================
14:39:14.0084 0x536c  Current date / time: 2016/02/20 14:39:14.0084
14:39:14.0084 0x536c  SystemInfo:
14:39:14.0084 0x536c  
14:39:14.0084 0x536c  OS Version: 6.1.7601 ServicePack: 1.0
14:39:14.0084 0x536c  Product type: Workstation
14:39:14.0085 0x536c  ComputerName: ACERDESKTOP2015
14:39:14.0085 0x536c  UserName: Amber
14:39:14.0085 0x536c  Windows directory: C:\Windows
14:39:14.0085 0x536c  System windows directory: C:\Windows
14:39:14.0085 0x536c  Running under WOW64
14:39:14.0085 0x536c  Processor architecture: Intel x64
14:39:14.0085 0x536c  Number of processors: 4
14:39:14.0085 0x536c  Page size: 0x1000
14:39:14.0085 0x536c  Boot type: Normal boot
14:39:14.0085 0x536c  ============================================================
14:39:15.0804 0x536c  KLMD registered as C:\Windows\system32\drivers\92816985.sys
14:39:16.0289 0x536c  System UUID: {0E570570-9771-68B8-85C4-71B0E31899A7}
14:39:17.0307 0x536c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:39:17.0708 0x536c  ============================================================
14:39:17.0708 0x536c  \Device\Harddisk0\DR0:
14:39:17.0708 0x536c  MBR partitions:
14:39:17.0708 0x536c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
14:39:17.0708 0x536c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x3A6E35B0
14:39:17.0752 0x536c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3CA3E800, BlocksNum 0x37CC7800
14:39:17.0752 0x536c  ============================================================
14:39:17.0783 0x536c  C: <-> \Device\Harddisk0\DR0\Partition2
14:39:17.0821 0x536c  F: <-> \Device\Harddisk0\DR0\Partition3
14:39:17.0821 0x536c  ============================================================
14:39:17.0821 0x536c  Initialize success
14:39:17.0821 0x536c  ============================================================
14:39:25.0361 0xa414  ============================================================
14:39:25.0361 0xa414  Scan started
14:39:25.0361 0xa414  Mode: Manual; 
14:39:25.0361 0xa414  ============================================================
14:39:25.0361 0xa414  KSN ping started
14:39:28.0524 0xa414  KSN ping finished: true
14:39:29.0161 0xa414  ================ Scan system memory ========================
14:39:29.0161 0xa414  System memory - ok
14:39:29.0162 0xa414  ================ Scan services =============================
14:39:29.0247 0xa414  0030861453939669mcinstcleanup - ok
14:39:29.0344 0xa414  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:39:29.0369 0xa414  1394ohci - ok
14:39:29.0502 0xa414  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:39:29.0529 0xa414  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:39:29.0578 0xa414  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:39:29.0582 0xa414  ACDaemon - ok
14:39:29.0601 0xa414  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:39:29.0609 0xa414  ACPI - ok
14:39:29.0626 0xa414  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:39:29.0627 0xa414  AcpiPmi - ok
14:39:29.0668 0xa414  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:39:29.0671 0xa414  AdobeARMservice - ok
14:39:29.0758 0xa414  [ 785FD0E36CA75D90DD50042E2594BC63, 471A5ED43A3E18A5A69C28F7F351558E90F20416D9C532ADF50888808090AE89 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:39:29.0772 0xa414  AdobeFlashPlayerUpdateSvc - ok
14:39:29.0812 0xa414  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:39:29.0832 0xa414  adp94xx - ok
14:39:29.0853 0xa414  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:39:29.0860 0xa414  adpahci - ok
14:39:29.0874 0xa414  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:39:29.0879 0xa414  adpu320 - ok
14:39:29.0909 0xa414  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:39:29.0911 0xa414  AeLookupSvc - ok
14:39:29.0939 0xa414  [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
14:39:29.0941 0xa414  Afc - ok
14:39:29.0997 0xa414  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
14:39:30.0022 0xa414  AFD - ok
14:39:30.0037 0xa414  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:39:30.0040 0xa414  agp440 - ok
14:39:30.0067 0xa414  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:39:30.0071 0xa414  ALG - ok
14:39:30.0086 0xa414  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:39:30.0088 0xa414  aliide - ok
14:39:30.0096 0xa414  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:39:30.0097 0xa414  amdide - ok
14:39:30.0109 0xa414  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:39:30.0112 0xa414  AmdK8 - ok
14:39:30.0122 0xa414  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:39:30.0125 0xa414  AmdPPM - ok
14:39:30.0141 0xa414  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:39:30.0145 0xa414  amdsata - ok
14:39:30.0166 0xa414  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:39:30.0172 0xa414  amdsbs - ok
14:39:30.0186 0xa414  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:39:30.0188 0xa414  amdxata - ok
14:39:30.0230 0xa414  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
14:39:30.0235 0xa414  AppID - ok
14:39:30.0254 0xa414  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:39:30.0256 0xa414  AppIDSvc - ok
14:39:30.0290 0xa414  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
14:39:30.0293 0xa414  Appinfo - ok
14:39:30.0305 0xa414  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:39:30.0312 0xa414  AppMgmt - ok
14:39:30.0325 0xa414  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:39:30.0328 0xa414  arc - ok
14:39:30.0340 0xa414  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:39:30.0344 0xa414  arcsas - ok
14:39:30.0437 0xa414  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:39:30.0442 0xa414  aspnet_state - ok
14:39:30.0460 0xa414  [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
14:39:30.0462 0xa414  aswHwid - ok
14:39:30.0473 0xa414  [ 42AE0F2BF37CE46EB01A753F96FCC9B8, 3FCECB863664CA9877BF00B7B9E781608BD19CB9E409C98A45D1AFA4E7187882 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
14:39:30.0475 0xa414  aswKbd - ok
14:39:30.0578 0xa414  [ 68E76C1675AC171A84F5B7230652E19D, A707A4E51110B15FF7D73C95D4D9C1E457FC9D93E1479BDB67EBDDDD6AC28D8E ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:39:30.0580 0xa414  aswMonFlt - ok
14:39:30.0634 0xa414  [ E017E15F8EFD7675976743A8FBECCEBB, 64B3628E65AA0BC9093374726C76418CF4CB99743E8BE98A969CF5CA82E6D7EE ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
14:39:30.0660 0xa414  aswNdisFlt - ok
14:39:30.0683 0xa414  [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
14:39:30.0686 0xa414  aswRdr - ok
14:39:30.0706 0xa414  [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:39:30.0709 0xa414  aswRvrt - ok
14:39:30.0753 0xa414  [ 0BCDF7DF06B4407A7EB0443AADB3DD27, 3D33FFBECFE4766FE66B1269B7B218D03D7ED9E58A9C27E8D8B84474F30DBB19 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:39:30.0773 0xa414  aswSnx - ok
14:39:30.0815 0xa414  [ 619CA9F210F0F36F8162E5B7BFDDA5CD, D0D87549BD32F575E518B510085F86D434C3B948733391A6F7959918D761F29B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:39:30.0825 0xa414  aswSP - ok
14:39:30.0833 0xa414  [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
14:39:30.0837 0xa414  aswStm - ok
14:39:30.0862 0xa414  [ E4ABC023E251D2BB6B98C9FCAF5CF16D, 2A94320A3EF16E641B693BF6EABABB57C891B914B00F73ACD7ADB8CA5089EC40 ] aswTap          C:\Windows\system32\DRIVERS\aswTap.sys
14:39:30.0864 0xa414  aswTap - ok
14:39:30.0893 0xa414  [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:39:30.0899 0xa414  aswVmm - ok
14:39:30.0918 0xa414  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:39:30.0920 0xa414  AsyncMac - ok
14:39:30.0928 0xa414  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:39:30.0929 0xa414  atapi - ok
14:39:30.0968 0xa414  [ 65DD42A358451920A703EEEC1AB4995B, 7690EFB12E928ECF3D3D3155F7D1F7A8FEEE742212ABE5319166EA8DB5601884 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
14:39:30.0971 0xa414  AthBTPort - ok
14:39:31.0008 0xa414  [ A86B98891402E303B9C7CFF976814F61, 1FC9C3479967E0C11D84278653585CB5F005D72B2987F361FE5C72E3974A6F67 ] AtherosSvc      C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
14:39:31.0015 0xa414  AtherosSvc - ok
14:39:31.0107 0xa414  [ 2532FB9BD2BF6C175E4D55755E5D7406, B86617259A84C8F0A52A7DB4649DFEA7932DC5840F1F415B69B579DBF3AE7C81 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
14:39:31.0180 0xa414  athr - ok
14:39:31.0219 0xa414  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:39:31.0233 0xa414  AudioEndpointBuilder - ok
14:39:31.0246 0xa414  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:39:31.0255 0xa414  AudioSrv - ok
14:39:31.0315 0xa414  [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:39:31.0319 0xa414  avast! Antivirus - ok
14:39:31.0340 0xa414  [ 21144F53F79975801AB9A9A027707A85, 445F4838EF0B42A94D997244FE72744E72C7D669C169BC60F23DD3286AF32051 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
14:39:31.0344 0xa414  avast! Firewall - ok
14:39:31.0347 0xa414  AvastVBoxSvc - ok
14:39:31.0370 0xa414  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:39:31.0373 0xa414  AxInstSV - ok
14:39:31.0398 0xa414  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:39:31.0408 0xa414  b06bdrv - ok
14:39:31.0433 0xa414  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:39:31.0438 0xa414  b57nd60a - ok
14:39:31.0447 0xa414  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:39:31.0450 0xa414  BDESVC - ok
14:39:31.0456 0xa414  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:39:31.0456 0xa414  Beep - ok
14:39:31.0482 0xa414  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:39:31.0497 0xa414  BFE - ok
14:39:31.0528 0xa414  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:39:31.0554 0xa414  BITS - ok
14:39:31.0558 0xa414  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:39:31.0559 0xa414  blbdrive - ok
14:39:31.0569 0xa414  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:39:31.0571 0xa414  bowser - ok
14:39:31.0631 0xa414  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:39:31.0632 0xa414  BrFiltLo - ok
14:39:31.0634 0xa414  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:39:31.0635 0xa414  BrFiltUp - ok
14:39:31.0648 0xa414  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:39:31.0651 0xa414  Browser - ok
14:39:31.0665 0xa414  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:39:31.0669 0xa414  Brserid - ok
14:39:31.0680 0xa414  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:39:31.0682 0xa414  BrSerWdm - ok
14:39:31.0684 0xa414  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:39:31.0686 0xa414  BrUsbMdm - ok
14:39:31.0688 0xa414  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:39:31.0689 0xa414  BrUsbSer - ok
14:39:31.0710 0xa414  [ 15BE0FCECAE5BC00FB3D339D3D1CF4E4, 7F77C73404044270AA0A4C9D6BD838564B5356ACA935982390A6EA11FA653AE0 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
14:39:31.0716 0xa414  BTATH_A2DP - ok
14:39:31.0720 0xa414  [ 1FFA5E05F2DE32D9E65CFDA4B33D50FD, 9EC578F563A90C60F893817548195781893405AC8ED7F87C3B5F94F9842161A5 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
14:39:31.0724 0xa414  btath_avdt - ok
14:39:31.0747 0xa414  [ AF7DEA6A0E93AF8517A310D189B656BE, 008FE5102EE6B73A8D9AFC2B0E563C6A3567167380FCEDC538278240D2AE1FD4 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
14:39:31.0748 0xa414  BTATH_BUS - ok
14:39:31.0773 0xa414  [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:39:31.0777 0xa414  BTATH_HCRP - ok
14:39:31.0795 0xa414  [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:39:31.0798 0xa414  BTATH_LWFLT - ok
14:39:31.0812 0xa414  [ 859A116D748FBA603AF94C251DC5CF97, D64061721BE01F86386C4B0168B166C6AD076630B2229036E1D368D877389D46 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
14:39:31.0817 0xa414  BTATH_RCP - ok
14:39:31.0847 0xa414  [ EE5173015C478E7DCAD45F302D5BE35A, 65627E1C4041B09A7D223D4013D52E6428960B2BB2C6476D7DC1D070E8508C0E ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
14:39:31.0864 0xa414  BtFilter - ok
14:39:31.0870 0xa414  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:39:31.0871 0xa414  BthEnum - ok
14:39:31.0874 0xa414  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:39:31.0876 0xa414  BTHMODEM - ok
14:39:31.0885 0xa414  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:39:31.0888 0xa414  BthPan - ok
14:39:31.0908 0xa414  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:39:31.0918 0xa414  BTHPORT - ok
14:39:31.0929 0xa414  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:39:31.0931 0xa414  bthserv - ok
14:39:31.0944 0xa414  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:39:31.0946 0xa414  BTHUSB - ok
14:39:31.0953 0xa414  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:39:31.0955 0xa414  cdfs - ok
14:39:31.0978 0xa414  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:39:31.0981 0xa414  cdrom - ok
14:39:31.0991 0xa414  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:39:31.0993 0xa414  CertPropSvc - ok
14:39:32.0005 0xa414  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:39:32.0006 0xa414  circlass - ok
14:39:32.0032 0xa414  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
14:39:32.0038 0xa414  CLFS - ok
14:39:32.0089 0xa414  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:32.0096 0xa414  clr_optimization_v2.0.50727_32 - ok
14:39:32.0136 0xa414  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:39:32.0142 0xa414  clr_optimization_v2.0.50727_64 - ok
14:39:32.0194 0xa414  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:39:32.0200 0xa414  clr_optimization_v4.0.30319_32 - ok
14:39:32.0229 0xa414  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:39:32.0236 0xa414  clr_optimization_v4.0.30319_64 - ok
14:39:32.0248 0xa414  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:39:32.0250 0xa414  CmBatt - ok
14:39:32.0257 0xa414  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:39:32.0260 0xa414  cmdide - ok
14:39:32.0299 0xa414  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:39:32.0316 0xa414  CNG - ok
14:39:32.0329 0xa414  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:39:32.0330 0xa414  Compbatt - ok
14:39:32.0339 0xa414  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:39:32.0341 0xa414  CompositeBus - ok
14:39:32.0343 0xa414  COMSysApp - ok
14:39:32.0422 0xa414  [ FED1B2DDD08EAAB95E21EB7DE7DED737, 490B7402A5DFB72426F2F2DFF4F84ACF4E75DCCFD69715584399CD40742E17E8 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:39:32.0438 0xa414  cphs - ok
14:39:32.0448 0xa414  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:39:32.0450 0xa414  crcdisk - ok
14:39:32.0480 0xa414  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:39:32.0486 0xa414  CryptSvc - ok
14:39:32.0507 0xa414  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
14:39:32.0522 0xa414  CSC - ok
14:39:32.0547 0xa414  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
14:39:32.0573 0xa414  CscService - ok
14:39:32.0589 0xa414  [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
14:39:32.0593 0xa414  ctxusbm - ok
14:39:32.0670 0xa414  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
14:39:32.0672 0xa414  dbupdate - ok
14:39:32.0676 0xa414  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
14:39:32.0678 0xa414  dbupdatem - ok
14:39:32.0720 0xa414  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:39:32.0740 0xa414  DcomLaunch - ok
14:39:32.0810 0xa414  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:39:32.0816 0xa414  defragsvc - ok
14:39:32.0828 0xa414  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:39:32.0831 0xa414  DfsC - ok
14:39:32.0851 0xa414  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:39:32.0856 0xa414  Dhcp - ok
14:39:32.0943 0xa414  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
14:39:33.0017 0xa414  DiagTrack - ok
14:39:33.0026 0xa414  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:39:33.0028 0xa414  discache - ok
14:39:33.0049 0xa414  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:39:33.0052 0xa414  Disk - ok
14:39:33.0059 0xa414  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:39:33.0062 0xa414  dmvsc - ok
14:39:33.0078 0xa414  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:39:33.0083 0xa414  Dnscache - ok
14:39:33.0091 0xa414  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:39:33.0098 0xa414  dot3svc - ok
14:39:33.0103 0xa414  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:39:33.0107 0xa414  DPS - ok
14:39:33.0128 0xa414  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:39:33.0129 0xa414  drmkaud - ok
14:39:33.0165 0xa414  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:39:33.0190 0xa414  DXGKrnl - ok
14:39:33.0202 0xa414  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:39:33.0205 0xa414  EapHost - ok
14:39:33.0273 0xa414  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:39:33.0333 0xa414  ebdrv - ok
14:39:33.0369 0xa414  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] EFS             C:\Windows\System32\lsass.exe
14:39:33.0375 0xa414  EFS - ok
14:39:33.0430 0xa414  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:39:33.0456 0xa414  ehRecvr - ok
14:39:33.0470 0xa414  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:39:33.0473 0xa414  ehSched - ok
14:39:33.0491 0xa414  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:39:33.0500 0xa414  elxstor - ok
14:39:33.0578 0xa414  [ 4F7E75A08DBF89423C2EF9DC89BD923B, 79F849704225CE8F3FF501888BEE0FBC1308FF6F590B9CD67015C9CFA0A708E3 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
14:39:33.0602 0xa414  EpsonCustomerParticipation - ok
14:39:33.0646 0xa414  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
14:39:33.0658 0xa414  EpsonScanSvc - ok
14:39:33.0700 0xa414  [ 86032A47AD0105130FE7808C903E2086, ACCCA35483B7E8F9FC72A65031E024C469DF94FCCF2C5CC37C9B3BED4F1C676E ] EPSON_PM_RPCV4_06 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
14:39:33.0707 0xa414  EPSON_PM_RPCV4_06 - ok
14:39:33.0719 0xa414  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:39:33.0721 0xa414  ErrDev - ok
14:39:33.0746 0xa414  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:39:33.0756 0xa414  EventSystem - ok
14:39:33.0766 0xa414  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:39:33.0770 0xa414  exfat - ok
14:39:33.0780 0xa414  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:39:33.0784 0xa414  fastfat - ok
14:39:33.0814 0xa414  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:39:33.0829 0xa414  Fax - ok
14:39:33.0839 0xa414  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:39:33.0841 0xa414  fdc - ok
14:39:33.0853 0xa414  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:39:33.0855 0xa414  fdPHost - ok
14:39:33.0860 0xa414  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:39:33.0862 0xa414  FDResPub - ok
14:39:33.0875 0xa414  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:39:33.0877 0xa414  FileInfo - ok
14:39:33.0889 0xa414  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:39:33.0890 0xa414  Filetrace - ok
14:39:33.0902 0xa414  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:39:33.0903 0xa414  flpydisk - ok
14:39:33.0920 0xa414  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:39:33.0994 0xa414  FltMgr - ok
14:39:34.0223 0xa414  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
14:39:34.0243 0xa414  FontCache - ok
14:39:34.0266 0xa414  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:39:34.0267 0xa414  FontCache3.0.0.0 - ok
14:39:34.0273 0xa414  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:39:34.0275 0xa414  FsDepends - ok
14:39:34.0278 0xa414  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:39:34.0279 0xa414  Fs_Rec - ok
14:39:34.0289 0xa414  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:39:34.0290 0xc9a8  Object required for P2P: [ 21144F53F79975801AB9A9A027707A85 ] avast! Firewall
14:39:34.0294 0xa414  fvevol - ok
14:39:34.0303 0xa414  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:39:34.0305 0xa414  gagp30kx - ok
14:39:34.0348 0xa414  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:39:34.0353 0xa414  GamesAppService - ok
14:39:34.0382 0xa414  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:39:34.0398 0xa414  gpsvc - ok
14:39:34.0438 0xa414  [ 32096F187020A54D29C95B3A1467D963, 2A50686C1FC921B02F6B7472AC09B2CFD9DE290D22DD0342A94AB8E95AC3DC6C ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:39:34.0439 0xa414  GREGService - ok
14:39:34.0468 0xa414  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:39:34.0470 0xa414  gupdate - ok
14:39:34.0474 0xa414  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:39:34.0476 0xa414  gupdatem - ok
14:39:34.0549 0xa414  [ 3F95931AEEA6DEF9FC02C565D2EFC145, A77CE97B0143A035D7C2655C2BF31008D4D555EF63CCF188EC58D5611782E635 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
14:39:34.0551 0xa414  hcmon - ok
14:39:34.0553 0xa414  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:39:34.0555 0xa414  hcw85cir - ok
14:39:34.0567 0xa414  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:39:34.0573 0xa414  HdAudAddService - ok
14:39:34.0590 0xa414  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:39:34.0593 0xa414  HDAudBus - ok
14:39:34.0596 0xa414  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:39:34.0597 0xa414  HidBatt - ok
14:39:34.0601 0xa414  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:39:34.0604 0xa414  HidBth - ok
14:39:34.0607 0xa414  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:39:34.0608 0xa414  HidIr - ok
14:39:34.0617 0xa414  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:39:34.0619 0xa414  hidserv - ok
14:39:34.0627 0xa414  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:39:34.0628 0xa414  HidUsb - ok
14:39:34.0636 0xa414  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:39:34.0639 0xa414  hkmsvc - ok
14:39:34.0650 0xa414  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:39:34.0656 0xa414  HomeGroupListener - ok
14:39:34.0679 0xa414  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:39:34.0685 0xa414  HomeGroupProvider - ok
14:39:34.0688 0xa414  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:39:34.0690 0xa414  HpSAMD - ok
14:39:34.0721 0xa414  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:39:34.0736 0xa414  HTTP - ok
14:39:34.0747 0xa414  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:39:34.0748 0xa414  hwpolicy - ok
14:39:34.0752 0xa414  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:39:34.0755 0xa414  i8042prt - ok
14:39:34.0775 0xa414  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:39:34.0782 0xa414  iaStorV - ok
14:39:34.0820 0xa414  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:39:34.0836 0xa414  idsvc - ok
14:39:34.0839 0xa414  IEEtwCollectorService - ok
14:39:34.0924 0xa414  [ 623DB9620F552B480690AD882AFACED1, F44039122CF6001CB40A4032D3C108D9A83F06FC700A5B47D83EF605F83C9D2F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:39:34.0999 0xa414  igfx - ok
14:39:35.0021 0xa414  [ C33BE074F83F4C5514D3A81F59A060A5, 632614417B41651B3F902A8CA4A9BEFE0D64962FBE978D073CCD6973DF1D0869 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
14:39:35.0027 0xa414  igfxCUIService1.0.0.0 - ok
14:39:35.0034 0xa414  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:39:35.0036 0xa414  iirsp - ok
14:39:35.0060 0xa414  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:39:35.0085 0xa414  IKEEXT - ok
14:39:35.0180 0xa414  [ 44ED7064A8CFF33E6D2BCC81412145F7, FFC2D581044D7E43D0287D13F33AA97CDF1F03D4B167ACD6BE551E92C9551C0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:39:35.0255 0xa414  IntcAzAudAddService - ok
14:39:35.0283 0xa414  [ 890144FA6AB42F2B54EE633BF96A019A, 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:39:35.0290 0xa414  IntcDAud - ok
14:39:35.0340 0xa414  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:39:35.0356 0xa414  Intel® Capability Licensing Service Interface - ok
14:39:35.0385 0xa414  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
14:39:35.0402 0xa414  Intel® Capability Licensing Service TCP IP Interface - ok
14:39:35.0405 0xa414  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:39:35.0406 0xa414  intelide - ok
14:39:35.0419 0xa414  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:39:35.0421 0xa414  intelppm - ok
14:39:35.0428 0xa414  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:39:35.0431 0xa414  IPBusEnum - ok
14:39:35.0438 0xa414  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:39:35.0440 0xa414  IpFilterDriver - ok
14:39:35.0458 0xa414  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:39:35.0467 0xa414  iphlpsvc - ok
14:39:35.0483 0xa414  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:39:35.0485 0xa414  IPMIDRV - ok
14:39:35.0499 0xa414  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:39:35.0501 0xa414  IPNAT - ok
14:39:35.0511 0xa414  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:39:35.0512 0xa414  IRENUM - ok
14:39:35.0515 0xa414  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:39:35.0517 0xa414  isapnp - ok
14:39:35.0542 0xa414  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:39:35.0547 0xa414  iScsiPrt - ok
14:39:35.0567 0xa414  [ 83E5C169258459BC8D069C08106E6779, 1D5441EA2779CFC5A93A1372A7C34CD968A75D58A71107858468A1640721F47E ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
14:39:35.0568 0xa414  iusb3hcs - ok
14:39:35.0586 0xa414  [ A858FEA618433EA053858F4C63A411EA, A194E8C07332847ABC09CC55ABB3D4AA9FEC29F053A3025FCAC7841AFE5F21F2 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
14:39:35.0592 0xa414  iusb3hub - ok
14:39:35.0620 0xa414  [ C77F6D488C5F4A7AB4357895BD6EC1FF, EED9B5A71E2C58E15482F36218815E9D9C091F9CEC43D1FD9E90BCAD6A8DB216 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
14:39:35.0636 0xa414  iusb3xhc - ok
14:39:35.0670 0xa414  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:39:35.0673 0xa414  jhi_service - ok
14:39:35.0687 0xa414  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:39:35.0689 0xa414  kbdclass - ok
14:39:35.0700 0xa414  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:39:35.0702 0xa414  kbdhid - ok
14:39:35.0710 0xa414  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] KeyIso          C:\Windows\system32\lsass.exe
14:39:35.0712 0xa414  KeyIso - ok
14:39:35.0744 0xa414  [ 0F776895884B8DC430A307D57FD867BB, F9E8C8A04D757CEAD86938BEEFFAD9750589037E16FB1A2B0A90E4484E1A6B65 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:39:35.0750 0xa414  KSecDD - ok
14:39:35.0767 0xa414  [ 28E75F316CCCD79337E4957C53017D4B, 3BABDA50B4CE72F7F9A0FD7A33DDB19463A01F188D46354E0B411FC0389C01BE ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:39:35.0771 0xa414  KSecPkg - ok
14:39:35.0778 0xa414  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:39:35.0779 0xa414  ksthunk - ok
14:39:35.0799 0xa414  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:39:35.0809 0xa414  KtmRm - ok
14:39:35.0835 0xa414  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:39:35.0843 0xa414  LanmanServer - ok
14:39:35.0866 0xa414  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:39:35.0871 0xa414  LanmanWorkstation - ok
14:39:35.0897 0xa414  [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:39:35.0903 0xa414  Live Updater Service - ok
14:39:35.0920 0xa414  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:39:35.0922 0xa414  lltdio - ok
14:39:35.0936 0xa414  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:39:35.0944 0xa414  lltdsvc - ok
14:39:35.0955 0xa414  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:39:35.0958 0xa414  lmhosts - ok
14:39:35.0988 0xa414  [ E2952760B05A256FB1412D20A41C89C1, B5AF47DF90D5DC8E6549DE1AFF897669E8200D08083D43DF86E34F6EE19C59DA ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:39:35.0995 0xa414  LMS - ok
14:39:36.0009 0xa414  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:39:36.0012 0xa414  LSI_FC - ok
14:39:36.0026 0xa414  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:39:36.0029 0xa414  LSI_SAS - ok
14:39:36.0032 0xa414  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:39:36.0034 0xa414  LSI_SAS2 - ok
14:39:36.0044 0xa414  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:39:36.0047 0xa414  LSI_SCSI - ok
14:39:36.0050 0xa414  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:39:36.0053 0xa414  luafv - ok
14:39:36.0080 0xa414  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:39:36.0082 0xa414  MBAMProtector - ok
14:39:36.0157 0xa414  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
14:39:36.0186 0xa414  MBAMScheduler - ok
14:39:36.0219 0xa414  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
14:39:36.0244 0xa414  MBAMService - ok
14:39:36.0268 0xa414  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
14:39:36.0272 0xa414  MBAMSwissArmy - ok
14:39:36.0298 0xa414  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:39:36.0300 0xa414  MBAMWebAccessControl - ok
14:39:36.0332 0xa414  [ 5096855DA1FB50A028ACA15B5CC358D9, 15A84A1FD6856CFFF6D9C5D0F5F29A71781033A5E388B3E310306600600D1221 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
14:39:36.0336 0xa414  McAfee SiteAdvisor Service - ok
14:39:36.0359 0xa414  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
14:39:36.0369 0xa414  mcdbus - ok
14:39:36.0385 0xa414  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:39:36.0390 0xa414  Mcx2Svc - ok
14:39:36.0399 0xa414  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:39:36.0401 0xa414  megasas - ok
14:39:36.0410 0xa414  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:39:36.0416 0xa414  MegaSR - ok
14:39:36.0430 0xa414  [ EB1D78140D6634C32A46AB1006105EDC, 586F988A7272A7E3F6AA2CC9A001A08A3D178A011AE8C095BB7EAD9FFB45AAB1 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
14:39:36.0434 0xa414  MEIx64 - ok
14:39:36.0462 0xa414  [ FB4F8875C0927BB29EC052D09950AE96, 78B8ECD9A16F94FE1C1FD23B17250A2089789AC9E33B162F0ECAB9893B6B1142 ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
14:39:36.0464 0xa414  mfesapsn - ok
14:39:36.0532 0xa414  MFE_RR - ok
14:39:36.0548 0xa414  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:39:36.0551 0xa414  MMCSS - ok
14:39:36.0563 0xa414  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:39:36.0565 0xa414  Modem - ok
14:39:36.0585 0xa414  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:39:36.0587 0xa414  monitor - ok
14:39:36.0603 0xa414  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:39:36.0604 0xa414  mouclass - ok
14:39:36.0613 0xa414  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:39:36.0614 0xa414  mouhid - ok
14:39:36.0642 0xa414  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:39:36.0742 0xa414  mountmgr - ok
14:39:36.0764 0xa414  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:39:36.0805 0xa414  mpio - ok
14:39:36.0937 0xa414  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:39:36.0939 0xa414  mpsdrv - ok
14:39:37.0151 0xa414  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:39:37.0186 0xa414  MpsSvc - ok
14:39:37.0211 0xa414  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:39:37.0217 0xa414  MRxDAV - ok
14:39:37.0253 0xa414  [ 32B85C4923D895B2FB35821A799BA38D, 7A7E5D08F745DB9B498B4BE946325FF7DAA7FA27589D9423FCA4558D20780026 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:39:37.0259 0xa414  mrxsmb - ok
14:39:37.0297 0xa414  [ A572BEF41F3C55D7DAF24D2340C91FEC, 1E51EEFEABCDCB664CD39437C2275B160860FB433EAA8DC905D5BC742FD03529 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:39:37.0307 0xa414  mrxsmb10 - ok
14:39:37.0322 0xa414  [ C49F1C4CA74FC52AFB2E892D8E50EA39, 9E7A2453627A82AFF4CE3F285AFF105C3F92F423C07E5C43E76BEC523841B8F7 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:39:37.0324 0xc9a8  Object send P2P result: true
14:39:37.0328 0xa414  mrxsmb20 - ok
14:39:37.0357 0xa414  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:39:37.0360 0xa414  msahci - ok
14:39:37.0372 0xa414  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:39:37.0377 0xa414  msdsm - ok
14:39:37.0391 0xa414  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:39:37.0398 0xa414  MSDTC - ok
14:39:37.0422 0xa414  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:39:37.0424 0xa414  Msfs - ok
14:39:37.0437 0xa414  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:39:37.0438 0xa414  mshidkmdf - ok
14:39:37.0447 0xa414  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:39:37.0450 0xa414  msisadrv - ok
14:39:37.0469 0xa414  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:39:37.0477 0xa414  MSiSCSI - ok
14:39:37.0480 0xa414  msiserver - ok
14:39:37.0497 0xa414  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:39:37.0499 0xa414  MSKSSRV - ok
14:39:37.0503 0xa414  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:39:37.0505 0xa414  MSPCLOCK - ok
14:39:37.0509 0xa414  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:39:37.0513 0xa414  MSPQM - ok
14:39:37.0542 0xa414  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:39:37.0559 0xa414  MsRPC - ok
14:39:37.0567 0xa414  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:39:37.0569 0xa414  mssmbios - ok
14:39:37.0571 0xa414  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:39:37.0572 0xa414  MSTEE - ok
14:39:37.0574 0xa414  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:39:37.0575 0xa414  MTConfig - ok
14:39:37.0586 0xa414  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:39:37.0588 0xa414  Mup - ok
14:39:37.0618 0xa414  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:39:37.0628 0xa414  napagent - ok
14:39:37.0643 0xa414  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:39:37.0649 0xa414  NativeWifiP - ok
14:39:37.0735 0xa414  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        c:\Program Files (x86)\Nero\Update\NASvc.exe
14:39:37.0765 0xa414  NAUpdate - ok
14:39:37.0819 0xa414  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:39:37.0846 0xa414  NDIS - ok
14:39:37.0858 0xa414  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:39:37.0860 0xa414  NdisCap - ok
14:39:37.0876 0xa414  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:39:37.0877 0xa414  NdisTapi - ok
14:39:37.0885 0xa414  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:39:37.0887 0xa414  Ndisuio - ok
14:39:37.0897 0xa414  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:39:37.0901 0xa414  NdisWan - ok
14:39:37.0912 0xa414  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:39:37.0914 0xa414  NDProxy - ok
14:39:37.0923 0xa414  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:39:37.0925 0xa414  NetBIOS - ok
14:39:37.0940 0xa414  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:39:37.0945 0xa414  NetBT - ok
14:39:37.0952 0xa414  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] Netlogon        C:\Windows\system32\lsass.exe
14:39:37.0954 0xa414  Netlogon - ok
14:39:37.0966 0xa414  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:39:37.0974 0xa414  Netman - ok
14:39:38.0029 0xa414  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:38.0037 0xa414  NetMsmqActivator - ok
14:39:38.0054 0xa414  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:38.0061 0xa414  NetPipeActivator - ok
14:39:38.0082 0xa414  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:39:38.0099 0xa414  netprofm - ok
14:39:38.0106 0xa414  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:38.0109 0xa414  NetTcpActivator - ok
14:39:38.0112 0xa414  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:39:38.0115 0xa414  NetTcpPortSharing - ok
14:39:38.0122 0xa414  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:39:38.0124 0xa414  nfrd960 - ok
14:39:38.0150 0xa414  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:39:38.0157 0xa414  NlaSvc - ok
14:39:38.0164 0xa414  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:39:38.0166 0xa414  Npfs - ok
14:39:38.0172 0xa414  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:39:38.0175 0xa414  nsi - ok
14:39:38.0179 0xa414  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:39:38.0180 0xa414  nsiproxy - ok
14:39:38.0221 0xa414  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:39:38.0256 0xa414  Ntfs - ok
14:39:38.0267 0xa414  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:39:38.0268 0xa414  Null - ok
14:39:38.0279 0xa414  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:39:38.0282 0xa414  nvraid - ok
14:39:38.0338 0xa414  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:39:38.0341 0xa414  nvstor - ok
14:39:38.0355 0xa414  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:39:38.0358 0xa414  nv_agp - ok
14:39:38.0361 0xa414  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:39:38.0363 0xa414  ohci1394 - ok
14:39:38.0445 0xa414  [ 052989472E3B737FC4636C011A6BAA4D, E3507BB262C02E8D69EC55A845B5850D405C53C4CA47C3D18A05E574762A3E92 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
14:39:38.0454 0xa414  Olympus DVR Service - ok
14:39:38.0502 0xa414  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:38.0513 0xa414  ose - ok
14:39:38.0699 0xa414  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:39:38.0812 0xa414  osppsvc - ok
14:39:38.0829 0xa414  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:39:38.0836 0xa414  p2pimsvc - ok
14:39:38.0855 0xa414  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:39:38.0863 0xa414  p2psvc - ok
14:39:38.0867 0xa414  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:39:38.0869 0xa414  Parport - ok
14:39:38.0875 0xa414  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:39:38.0877 0xa414  partmgr - ok
14:39:38.0900 0xa414  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:39:38.0905 0xa414  PcaSvc - ok
14:39:38.0917 0xa414  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:39:38.0921 0xa414  pci - ok
14:39:38.0924 0xa414  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:39:38.0925 0xa414  pciide - ok
14:39:38.0941 0xa414  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:39:38.0945 0xa414  pcmcia - ok
14:39:38.0955 0xa414  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:39:38.0956 0xa414  pcw - ok
14:39:38.0980 0xa414  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:39:38.0995 0xa414  PEAUTH - ok
14:39:39.0081 0xa414  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:39:39.0120 0xa414  PeerDistSvc - ok
14:39:39.0172 0xa414  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:39:39.0175 0xa414  PerfHost - ok
14:39:39.0218 0xa414  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:39:39.0247 0xa414  pla - ok
14:39:39.0271 0xa414  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:39:39.0279 0xa414  PlugPlay - ok
14:39:39.0361 0xa414  [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
14:39:39.0395 0xa414  PMBDeviceInfoProvider - ok
14:39:39.0409 0xa414  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:39:39.0412 0xa414  PNRPAutoReg - ok
14:39:39.0419 0xa414  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:39:39.0427 0xa414  PNRPsvc - ok
14:39:39.0454 0xa414  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:39:39.0464 0xa414  PolicyAgent - ok
14:39:39.0482 0xa414  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:39:39.0487 0xa414  Power - ok
14:39:39.0512 0xa414  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:39:39.0514 0xa414  PptpMiniport - ok
14:39:39.0523 0xa414  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:39:39.0525 0xa414  Processor - ok
14:39:39.0549 0xa414  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:39:39.0554 0xa414  ProfSvc - ok
14:39:39.0561 0xa414  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] ProtectedStorage C:\Windows\system32\lsass.exe
14:39:39.0563 0xa414  ProtectedStorage - ok
14:39:39.0576 0xa414  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:39:39.0579 0xa414  Psched - ok
14:39:39.0621 0xa414  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:39:39.0655 0xa414  ql2300 - ok
14:39:39.0666 0xa414  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:39:39.0669 0xa414  ql40xx - ok
14:39:39.0683 0xa414  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:39:39.0688 0xa414  QWAVE - ok
14:39:39.0695 0xa414  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:39:39.0697 0xa414  QWAVEdrv - ok
14:39:39.0699 0xa414  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:39:39.0700 0xa414  RasAcd - ok
14:39:39.0721 0xa414  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:39:39.0723 0xa414  RasAgileVpn - ok
14:39:39.0737 0xa414  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:39:39.0741 0xa414  RasAuto - ok
14:39:39.0753 0xa414  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:39:39.0756 0xa414  Rasl2tp - ok
14:39:39.0775 0xa414  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:39:39.0781 0xa414  RasMan - ok
14:39:39.0791 0xa414  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:39:39.0793 0xa414  RasPppoe - ok
14:39:39.0799 0xa414  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:39:39.0802 0xa414  RasSstp - ok
14:39:39.0815 0xa414  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:39:39.0820 0xa414  rdbss - ok
14:39:39.0823 0xa414  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:39:39.0825 0xa414  rdpbus - ok
14:39:39.0830 0xa414  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:39:39.0831 0xa414  RDPCDD - ok
14:39:39.0848 0xa414  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:39:39.0851 0xa414  RDPDR - ok
14:39:39.0861 0xa414  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:39:39.0862 0xa414  RDPENCDD - ok
14:39:39.0870 0xa414  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:39:39.0871 0xa414  RDPREFMP - ok
14:39:39.0889 0xa414  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:39:39.0893 0xa414  RDPWD - ok
14:39:39.0906 0xa414  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:39:39.0910 0xa414  rdyboost - ok
14:39:39.0921 0xa414  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:39:39.0925 0xa414  RemoteAccess - ok
14:39:39.0932 0xa414  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:39:39.0936 0xa414  RemoteRegistry - ok
14:39:39.0962 0xa414  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:39:39.0966 0xa414  RFCOMM - ok
14:39:39.0973 0xa414  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:39:39.0977 0xa414  RpcEptMapper - ok
14:39:39.0983 0xa414  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:39:39.0985 0xa414  RpcLocator - ok
14:39:40.0004 0xa414  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:39:40.0012 0xa414  RpcSs - ok
14:39:40.0025 0xa414  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:39:40.0027 0xa414  rspndr - ok
14:39:40.0060 0xa414  [ E19B192DBCC88AF99476A0DB4993F3F3, D70C0FE49A0AA530DD5B537A2C3898635632BBE32E86B6A3E384D928080AB1B0 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
14:39:40.0065 0xa414  RSUSBVSTOR - ok
14:39:40.0099 0xa414  [ 46596144363B912105F70016F0E2F908, 199FF8BFA60D8E9662F3C785146FAED3231B514D260F795B2B9857DC1EEB2E4B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:39:40.0116 0xa414  RTL8167 - ok
14:39:40.0127 0xa414  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:39:40.0128 0xa414  s3cap - ok
14:39:40.0136 0xa414  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] SamSs           C:\Windows\system32\lsass.exe
14:39:40.0137 0xa414  SamSs - ok
14:39:40.0147 0xa414  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:39:40.0149 0xa414  sbp2port - ok
14:39:40.0160 0xa414  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:39:40.0165 0xa414  SCardSvr - ok
14:39:40.0169 0xa414  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:39:40.0171 0xa414  scfilter - ok
14:39:40.0210 0xa414  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
14:39:40.0235 0xa414  Schedule - ok
14:39:40.0252 0xa414  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:39:40.0255 0xa414  SCPolicySvc - ok
14:39:40.0266 0xa414  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:39:40.0270 0xa414  SDRSVC - ok
14:39:40.0282 0xa414  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:39:40.0283 0xa414  secdrv - ok
14:39:40.0294 0xa414  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:39:40.0297 0xa414  seclogon - ok
14:39:40.0315 0xa414  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:39:40.0318 0xa414  SENS - ok
14:39:40.0323 0xa414  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:39:40.0326 0xa414  SensrSvc - ok
14:39:40.0329 0xa414  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:39:40.0330 0xa414  Serenum - ok
14:39:40.0351 0xa414  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
14:39:40.0353 0xa414  Serial - ok
14:39:40.0356 0xa414  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:39:40.0358 0xa414  sermouse - ok
14:39:40.0372 0xa414  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:39:40.0376 0xa414  SessionEnv - ok
14:39:40.0379 0xa414  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:39:40.0380 0xa414  sffdisk - ok
14:39:40.0382 0xa414  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:39:40.0383 0xa414  sffp_mmc - ok
14:39:40.0385 0xa414  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:39:40.0387 0xa414  sffp_sd - ok
14:39:40.0389 0xa414  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:39:40.0390 0xa414  sfloppy - ok
14:39:40.0407 0xa414  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:39:40.0415 0xa414  SharedAccess - ok
14:39:40.0430 0xa414  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:39:40.0439 0xa414  ShellHWDetection - ok
14:39:40.0448 0xa414  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:39:40.0449 0xa414  SiSRaid2 - ok
14:39:40.0461 0xa414  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:39:40.0464 0xa414  SiSRaid4 - ok
14:39:40.0488 0xa414  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:39:40.0494 0xa414  SkypeUpdate - ok
14:39:40.0509 0xa414  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:39:40.0511 0xa414  Smb - ok
14:39:40.0519 0xa414  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:39:40.0521 0xa414  SNMPTRAP - ok
14:39:40.0532 0xa414  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:39:40.0534 0xa414  spldr - ok
14:39:40.0556 0xa414  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:39:40.0570 0xa414  Spooler - ok
14:39:40.0642 0xa414  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:39:40.0710 0xa414  sppsvc - ok
14:39:40.0719 0xa414  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:39:40.0722 0xa414  sppuinotify - ok
14:39:40.0740 0xa414  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:39:40.0748 0xa414  srv - ok
14:39:40.0756 0xa414  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:39:40.0763 0xa414  srv2 - ok
14:39:40.0775 0xa414  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:39:40.0778 0xa414  srvnet - ok
14:39:40.0790 0xa414  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:39:40.0795 0xa414  SSDPSRV - ok
14:39:40.0806 0xa414  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:39:40.0809 0xa414  SstpSvc - ok
14:39:40.0822 0xa414  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:39:40.0823 0xa414  stexstor - ok
14:39:40.0848 0xa414  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:39:40.0863 0xa414  stisvc - ok
14:39:40.0875 0xa414  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:39:40.0877 0xa414  storflt - ok
14:39:40.0888 0xa414  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
14:39:40.0891 0xa414  StorSvc - ok
14:39:40.0910 0xa414  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:39:40.0912 0xa414  storvsc - ok
14:39:40.0924 0xa414  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:39:40.0926 0xa414  swenum - ok
14:39:40.0949 0xa414  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:39:40.0962 0xa414  swprv - ok
14:39:41.0029 0xa414  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
14:39:41.0080 0xa414  SysMain - ok
14:39:41.0116 0xa414  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:39:41.0119 0xa414  TabletInputService - ok
14:39:41.0135 0xa414  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:39:41.0141 0xa414  TapiSrv - ok
14:39:41.0152 0xa414  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:39:41.0155 0xa414  TBS - ok
14:39:41.0206 0xa414  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:39:41.0249 0xa414  Tcpip - ok
14:39:41.0293 0xa414  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:39:41.0319 0xa414  TCPIP6 - ok
14:39:41.0330 0xa414  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:39:41.0332 0xa414  tcpipreg - ok
14:39:41.0344 0xa414  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:39:41.0345 0xa414  TDPIPE - ok
14:39:41.0365 0xa414  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:39:41.0366 0xa414  TDTCP - ok
14:39:41.0393 0xa414  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:39:41.0395 0xa414  tdx - ok
14:39:41.0416 0xa414  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:39:41.0418 0xa414  TermDD - ok
14:39:41.0450 0xa414  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:39:41.0461 0xa414  TermService - ok
14:39:41.0468 0xa414  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:39:41.0471 0xa414  Themes - ok
14:39:41.0490 0xa414  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:39:41.0492 0xa414  THREADORDER - ok
14:39:41.0506 0xa414  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:39:41.0510 0xa414  TrkWks - ok
14:39:41.0537 0xa414  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:39:41.0541 0xa414  TrustedInstaller - ok
14:39:41.0554 0xa414  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:39:41.0555 0xa414  tssecsrv - ok
14:39:41.0565 0xa414  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:39:41.0567 0xa414  TsUsbFlt - ok
14:39:41.0570 0xa414  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:39:41.0571 0xa414  TsUsbGD - ok
14:39:41.0588 0xa414  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:39:41.0591 0xa414  tunnel - ok
14:39:41.0594 0xa414  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:39:41.0596 0xa414  uagp35 - ok
14:39:41.0614 0xa414  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:39:41.0620 0xa414  udfs - ok
14:39:41.0634 0xa414  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:39:41.0637 0xa414  UI0Detect - ok
14:39:41.0646 0xa414  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:39:41.0648 0xa414  uliagpkx - ok
14:39:41.0663 0xa414  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:39:41.0666 0xa414  umbus - ok
14:39:41.0685 0xa414  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:39:41.0686 0xa414  UmPass - ok
14:39:41.0702 0xa414  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:39:41.0707 0xa414  UmRdpService - ok
14:39:41.0721 0xa414  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:39:41.0728 0xa414  upnphost - ok
14:39:41.0751 0xa414  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:39:41.0753 0xa414  usbccgp - ok
14:39:41.0757 0xa414  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:39:41.0760 0xa414  usbcir - ok
14:39:41.0766 0xa414  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:39:41.0767 0xa414  usbehci - ok
14:39:41.0782 0xa414  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:39:41.0788 0xa414  usbhub - ok
14:39:41.0796 0xa414  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:39:41.0798 0xa414  usbohci - ok
14:39:41.0815 0xa414  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:39:41.0817 0xa414  usbprint - ok
14:39:41.0832 0xa414  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:39:41.0835 0xa414  usbscan - ok
14:39:41.0846 0xa414  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:39:41.0850 0xa414  USBSTOR - ok
14:39:41.0864 0xa414  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:39:41.0867 0xa414  usbuhci - ok
14:39:41.0876 0xa414  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:39:41.0882 0xa414  UxSms - ok
14:39:41.0894 0xa414  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] VaultSvc        C:\Windows\system32\lsass.exe
14:39:41.0898 0xa414  VaultSvc - ok
14:39:41.0925 0xa414  VBoxAswDrv - ok
14:39:41.0938 0xa414  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:39:41.0940 0xa414  vdrvroot - ok
14:39:41.0971 0xa414  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:39:41.0999 0xa414  vds - ok
14:39:42.0002 0xa414  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:39:42.0004 0xa414  vga - ok
14:39:42.0014 0xa414  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:39:42.0016 0xa414  VgaSave - ok
14:39:42.0027 0xa414  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:39:42.0032 0xa414  vhdmp - ok
14:39:42.0038 0xa414  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:39:42.0040 0xa414  viaide - ok
14:39:42.0072 0xa414  [ 225E1E03B2AABE2D493FCDB459303701, 6123280A48E973AC9696954879CF5F791E6D52CBE0BD07F291437D1A82413891 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
14:39:42.0075 0xa414  VMAuthdService - ok
14:39:42.0087 0xa414  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:39:42.0092 0xa414  vmbus - ok
14:39:42.0095 0xa414  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:39:42.0097 0xa414  VMBusHID - ok
14:39:42.0109 0xa414  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
14:39:42.0119 0xa414  vmci - ok
14:39:42.0135 0xa414  [ B6DE5224D881BF17ADDE4C88AE553423, AC9C113080313855BC93E99BEFAC4B942E93D8E4CF024607F596CA9D7F8F8A14 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
14:39:42.0137 0xa414  vmkbd - ok
14:39:42.0140 0xa414  [ A3412EC3FF7A5AC2CA3A3951476BFA9C, 8A3D241168205B6B5348F44DF89875067CDD5B29BE8CF14ADA8403225AE2A379 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
14:39:42.0141 0xa414  VMnetAdapter - ok
14:39:42.0150 0xa414  [ F76AD463DBE8D30CB715A09DF9FF2BE9, 5B2184582496ED0EE8582C6AD3BCF49674690C585439B6F57B43ADC12DF941F6 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
14:39:42.0152 0xa414  VMnetBridge - ok
14:39:42.0171 0xa414  [ 98E73D79FCD3D48E31EE999B5DF1B0ED, FBDC884BD9376C7E8727BACCF6482207166634F4B2644C8C794295094B29426E ] VMnetDHCP       C:\Windows\SysWOW64\vmnetdhcp.exe
14:39:42.0179 0xa414  VMnetDHCP - ok
14:39:42.0187 0xa414  [ B564A598B9B31E9358B2D6C9BC96D710, 19A9EFC08AE11A31169F712C577EBAFFF0A37311271FD46F02873286C8281DB7 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
14:39:42.0189 0xa414  VMnetuserif - ok
14:39:42.0209 0xa414  [ 5C33E873349CF67272A8B342AC963A6E, 9CB419F422C88C0055440E1AF94716C537E9D9CD34DF6F2AE81C3D2CDDD1FD31 ] vmusb           C:\Windows\system32\DRIVERS\vmusb.sys
14:39:42.0211 0xa414  vmusb - ok
14:39:42.0282 0xa414  [ 15D702F235BD1077007A180EEFB9DBB8, 610794EB9AF68789F46D193EF11B406D190096DF9EC557563798D625806D5704 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
14:39:42.0305 0xa414  VMUSBArbService - ok
14:39:42.0323 0xa414  [ 0769FDF4C15D9EDD3CAAC148A8EDC2E5, 65E5CA9461C47491E83EBD755C10AE1665E71D2B73F2CE97A59B9E7380D42E8D ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
14:39:42.0332 0xa414  VMware NAT Service - ok
14:39:42.0340 0xa414  [ 8FCCBE30DC217C244CE38DD7F9B673C3, C1E6E65A435D764695C4B9411ED623D626D8A744E3E09752FBB66260D9ACE8D6 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
14:39:42.0343 0xa414  vmx86 - ok
14:39:42.0353 0xa414  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:39:42.0355 0xa414  volmgr - ok
14:39:42.0371 0xa414  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:39:42.0377 0xa414  volmgrx - ok
14:39:42.0384 0xa414  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:39:42.0389 0xa414  volsnap - ok
14:39:42.0407 0xa414  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:39:42.0410 0xa414  vsmraid - ok
14:39:42.0424 0xa414  [ 1C7DC94FDCABD06D24C3A532DC33FB34, 5403724E70ABBE1070958CA58496DB2237F35CAB37296E1ECB64D4A0FE432AC1 ] vsock           C:\Windows\system32\drivers\vsock.sys
14:39:42.0426 0xa414  vsock - ok
14:39:42.0464 0xa414  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:39:42.0498 0xa414  VSS - ok
14:39:42.0508 0xa414  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:39:42.0509 0xa414  vwifibus - ok
14:39:42.0524 0xa414  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:39:42.0526 0xa414  vwififlt - ok
14:39:42.0553 0xa414  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:39:42.0555 0xa414  vwifimp - ok
14:39:42.0579 0xa414  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:39:42.0593 0xa414  W32Time - ok
14:39:42.0605 0xa414  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:39:42.0607 0xa414  WacomPen - ok
14:39:42.0636 0xa414  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:39:42.0638 0xa414  WANARP - ok
14:39:42.0647 0xa414  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:39:42.0648 0xa414  Wanarpv6 - ok
14:39:42.0707 0xa414  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:39:42.0732 0xa414  WatAdminSvc - ok
14:39:42.0774 0xa414  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:39:42.0808 0xa414  wbengine - ok
14:39:42.0826 0xa414  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:39:42.0832 0xa414  WbioSrvc - ok
14:39:42.0846 0xa414  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:39:42.0854 0xa414  wcncsvc - ok
14:39:42.0864 0xa414  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:39:42.0867 0xa414  WcsPlugInService - ok
14:39:42.0870 0xa414  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:39:42.0872 0xa414  Wd - ok
14:39:42.0890 0xa414  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
14:39:42.0892 0xa414  WDC_SAM - ok
14:39:42.0912 0xa414  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:39:42.0929 0xa414  Wdf01000 - ok
14:39:42.0950 0xa414  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:39:42.0954 0xa414  WdiServiceHost - ok
14:39:42.0957 0xa414  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:39:42.0960 0xa414  WdiSystemHost - ok
14:39:43.0006 0xa414  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
14:39:43.0059 0xa414  WebClient - ok
14:39:43.0084 0xa414  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:39:43.0110 0xa414  Wecsvc - ok
14:39:43.0124 0xa414  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:39:43.0132 0xa414  wercplsupport - ok
14:39:43.0154 0xa414  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:39:43.0162 0xa414  WerSvc - ok
14:39:43.0174 0xa414  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:39:43.0176 0xa414  WfpLwf - ok
14:39:43.0186 0xa414  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:39:43.0188 0xa414  WIMMount - ok
14:39:43.0202 0xa414  WinDefend - ok
14:39:43.0208 0xa414  WinHttpAutoProxySvc - ok
14:39:43.0255 0xa414  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:39:43.0287 0xa414  Winmgmt - ok
14:39:43.0447 0xa414  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:39:43.0493 0xa414  WinRM - ok
14:39:43.0542 0xa414  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:39:43.0547 0xa414  WinUsb - ok
14:39:43.0614 0xa414  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:39:43.0658 0xa414  Wlansvc - ok
14:39:43.0662 0xa414  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:39:43.0663 0xa414  WmiAcpi - ok
14:39:43.0677 0xa414  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:39:43.0681 0xa414  wmiApSrv - ok
14:39:43.0693 0xa414  WMPNetworkSvc - ok
14:39:43.0702 0xa414  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:39:43.0706 0xa414  WPCSvc - ok
14:39:43.0719 0xa414  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:39:43.0724 0xa414  WPDBusEnum - ok
14:39:43.0732 0xa414  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:39:43.0734 0xa414  ws2ifsl - ok
14:39:43.0743 0xa414  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:39:43.0748 0xa414  wscsvc - ok
14:39:43.0750 0xa414  WSearch - ok
14:39:43.0831 0xa414  [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:39:43.0887 0xa414  wuauserv - ok
14:39:43.0914 0xa414  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:39:43.0917 0xa414  WudfPf - ok
14:39:43.0934 0xa414  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:39:43.0939 0xa414  WUDFRd - ok
14:39:43.0962 0xa414  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:39:43.0966 0xa414  wudfsvc - ok
14:39:43.0981 0xa414  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:39:43.0987 0xa414  WwanSvc - ok
14:39:44.0067 0xa414  ================ Scan global ===============================
14:39:44.0089 0xa414  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
14:39:44.0120 0xa414  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
14:39:44.0231 0xa414  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
14:39:44.0248 0xa414  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:39:44.0273 0xa414  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
14:39:44.0282 0xa414  [ Global ] - ok
14:39:44.0282 0xa414  ================ Scan MBR ==================================
14:39:44.0306 0xa414  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:39:44.0414 0xbe30  Object required for P2P: [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdate
14:39:44.0540 0xa414  \Device\Harddisk0\DR0 - ok
14:39:44.0540 0xa414  ================ Scan VBR ==================================
14:39:44.0542 0xa414  [ 4831DB8892BB992461AFFE3A7B8AE636 ] \Device\Harddisk0\DR0\Partition1
14:39:44.0566 0xa414  \Device\Harddisk0\DR0\Partition1 - ok
14:39:44.0568 0xa414  [ 70C9163DB3147E4811183D2F83798C1F ] \Device\Harddisk0\DR0\Partition2
14:39:44.0573 0xa414  \Device\Harddisk0\DR0\Partition2 - ok
14:39:44.0576 0xa414  [ CDF7D4C628CA47ADE11EF26FF149CC4C ] \Device\Harddisk0\DR0\Partition3
14:39:44.0578 0xa414  \Device\Harddisk0\DR0\Partition3 - ok
14:39:44.0578 0xa414  ================ Scan generic autorun ======================
14:39:44.0872 0xa414  [ 7F9E5AD3AD1C0CCCF8094E28911B5068, 76D043B7DE0A175B8AA510F49F5983C9852FD4F38AE0FB023D9A339BB63AC269 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:39:45.0116 0xa414  RTHDVCPL - ok
14:39:45.0167 0xa414  [ 29208DF007E34DD15E22225D6825BEDD, F4162EB293B41C0CDB76B3415E77B69C18183A96641DEC2C8A59DB905D529C27 ] C:\Program Files\Smart PDF Tools Pro\SmartSoft PDF Printer Agent.exe
14:39:45.0172 0xa414  SmartSoft PDF Printer Agent - ok
14:39:45.0232 0xa414  [ B564816DFDF049D256D519827DA08DD8, B0FDD843D0214A6CA5AE65E8232E6993FBE3A161B57CEB0F03FCA2166B060D3C ] C:\PROGRA~1\Eraser\Eraser.exe
14:39:45.0256 0xa414  Eraser - ok
14:39:45.0258 0xa414  mcui_exe - ok
14:39:45.0314 0xa414  [ 5956CEBC6E2DF8BB255DE08901533985, 3F9362485F64FC50429297CA339ED5964FF0889B855307E2A944A08818434CE3 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
14:39:45.0319 0xa414  USB3MON - ok
14:39:45.0367 0xa414  [ 265B74F227EF875CB15158E872BFFAA9, 809D6DC752D440C321358D64B4E564D22AF98363FE008355A392754D2AFD5608 ] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
14:39:45.0378 0xa414  Hotkey Utility - ok
14:39:45.0542 0xa414  [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
14:39:45.0692 0xa414  AvastUI.exe - ok
14:39:45.0720 0xa414  [ 4260CDD7292900C79EF2F360C28100C1, 6022554523FA23CC596F4917D7A7BBA7C0C8B9F13AD4DF5AAE92C78A9BEF4E5C ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
14:39:45.0722 0xa414  ConnectionCenter - ok
14:39:45.0789 0xa414  [ 4D91715CE8F3477FACC7A4694419412E, 155467E7B78B91E22F599E1284CDAC09125E8FC087A4CE3D3CE6BCAEC5522DCF ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
14:39:45.0809 0xa414  FUFAXRCV - ok
14:39:45.0840 0xa414  [ BD1E0BDA531412F93119AD12ACC76859, CD76D105DE54A7462B4B56E5A3650DEF69E2F3551E6BABCC96AA49BCC1B9DFBE ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
14:39:45.0865 0xa414  FUFAXSTM - ok
14:39:45.0904 0xa414  [ 476670EF58A13B05B69E35EF4F363A50, A1CF1EFC443175E4C2BFDF0700A6A4152009521C3BDD4AC6F27A21B26F311B4F ] C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\Notification.exe
14:39:45.0907 0xa414  Olympus Notification - ok
14:39:45.0935 0xa414  [ C830AB4179B17593BE3FAD6917FDAF47, 6F3051D29675DC886BBA83CB0531789C1483A969A49A690DA0381BACCD5B21B7 ] C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\UpdateManager.exe
14:39:45.0939 0xa414  Olympus DSS UpdateManager - ok
14:39:45.0985 0xa414  Dropbox - ok
14:39:46.0056 0xa414  [ 4ABA86D5B0D440F33BDBDBDAEA065C42, 434E035E4748D0E4CEB08E655FF9A1739FF7E0099CCCC42122A24736DE3DE7E3 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
14:39:46.0088 0xa414  EEventManager - ok
14:39:46.0117 0xa414  [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
14:39:46.0125 0xa414  ArcSoft Connection Service - ok
14:39:46.0251 0xa414  [ 302775179EAFEF7290A10DF0E1F0016D, ADE7BA48EE7377FACD3C2D0D814B8BF9E73F530A75215DC10EC498D4CE52430D ] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
14:39:46.0327 0xa414  PMBVolumeWatcher - ok
14:39:46.0394 0xa414  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:39:46.0419 0xa414  Sidebar - ok
14:39:46.0439 0xa414  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:39:46.0442 0xa414  mctadmin - ok
14:39:46.0464 0xa414  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:39:46.0481 0xa414  Sidebar - ok
14:39:46.0485 0xa414  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:39:46.0487 0xa414  mctadmin - ok
14:39:46.0533 0xa414  [ 63740680B14C2EEE08B11ADADFA98DA1, FA5FF3FB479005F4F2E7B319906A5D52F3704185A1CAA79A9066546AC084108E ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
14:39:46.0548 0xa414  GoogleChromeAutoLaunch_B541A8D354ED80445B89E73989F98B03 - ok
14:39:46.0592 0xa414  [ 764BE29C9F78D949191C995B9BA4492A, A42EADC8546859A717F149C044235410B5908837B471889B281195C860AC558D ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINME.EXE
14:39:46.0597 0xa414  EPLTarget\P0000000000000000 - ok
14:39:46.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:47.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:48.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:49.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:50.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:51.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:52.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:53.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:54.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:55.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:56.0598 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:57.0599 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:58.0599 0xa414  Waiting for KSN requests completion. In queue: 394
14:39:59.0599 0xa414  Waiting for KSN requests completion. In queue: 394
14:40:00.0078 0xbe30  Object send P2P result: true
14:40:00.0078 0xbe30  Object required for P2P: [ A1F58FFF448E4099297D6EE0641D4D0E ] dbupdatem
14:40:00.0599 0xa414  Waiting for KSN requests completion. In queue: 393
14:40:01.0599 0xa414  Waiting for KSN requests completion. In queue: 393
14:40:02.0599 0xa414  Waiting for KSN requests completion. In queue: 393
14:40:03.0209 0xbe30  Object send P2P result: true
14:40:03.0230 0xbe30  Object required for P2P: [ 5096855DA1FB50A028ACA15B5CC358D9 ] McAfee SiteAdvisor Service
14:40:03.0599 0xa414  Waiting for KSN requests completion. In queue: 278
14:40:04.0599 0xa414  Waiting for KSN requests completion. In queue: 278
14:40:05.0599 0xa414  Waiting for KSN requests completion. In queue: 278
14:40:06.0141 0xbe30  Object send P2P result: true
14:40:06.0599 0xa414  Waiting for KSN requests completion. In queue: 98
14:40:07.0672 0xa414  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated )
14:40:07.0676 0xa414  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41010 ( enabled )
14:40:10.0533 0xa414  ============================================================
14:40:10.0533 0xa414  Scan finished
14:40:10.0533 0xa414  ============================================================
14:40:10.0547 0x8cc0  Detected object count: 0
14:40:10.0547 0x8cc0  Actual detected object count: 0


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 20 February 2016 - 11:54 PM

Greetings amjamm and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 21 February 2016 - 06:03 AM

Hi Gary - 
 
Thank you for helping me.  
 
Please call me Amber.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
Ran by Amber (administrator) on ACERDESKTOP2015 (21-02-2016 05:44:23)
Running from C:\Users\Amber\Desktop
Loaded Profiles: Amber (Available Profiles: Amber)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Smart PDF Tools Pro\SmartSoft PDF Printer Agent.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\Notification.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Temp\scoped_dir_9296_27147\old_chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The OpenVPN Project) C:\Program Files\AVAST Software\Avast\OpenVPN\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [SmartSoft PDF Printer Agent] => C:\Program Files\Smart PDF Tools Pro\SmartSoft PDF Printer Agent.exe [52984 2012-06-05] ()
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [979344 2010-04-10] (The Eraser Project)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-09] (Intel Corporation)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [636520 2012-02-06] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-20] (AVAST Software)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Olympus Notification] => C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\Notification.exe [172032 2010-05-27] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [Olympus DSS UpdateManager] => C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\UpdateManager.exe [200704 2010-05-27] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-02] (Qualcomm®Atheros®)
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\Run: [GoogleChromeAutoLaunch_B541A8D354ED80445B89E73989F98B03] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-15] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\MountPoints2: {197473d7-92bc-11e5-8685-3010b3620cea} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\MountPoints2: {84745e93-921f-11e5-bce3-3010b3620cea} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\MountPoints2: {dea52b4f-ed38-11e4-b6da-3010b3620cea} - E:\SETUP.EXE
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk [2015-08-21]
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk [2016-01-22]
ShortcutTarget: Epson Other Registration.lnk -> C:\Users\Amber\AppData\Roaming\Leadertech\PowerRegister\Epson Other Registration.exe (Aviata/Epson)
Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2016-01-08]
ShortcutTarget: Epson scanner Registration.lnk -> C:\Users\Amber\AppData\Roaming\Leadertech\PowerRegister\Epson scanner Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-04-27]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F2DCCF8-2D83-4F4D-BAD3-62366BA4347B}: [DhcpNameServer] 192.0.2.3
Tcpip\..\Interfaces\{75272BC4-6D8F-4A64-A94D-E85326A2521B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76CC0D65-9D13-4810-9B3F-5B7B019135E2}: [DhcpNameServer] 77.234.40.79
 
Internet Explorer:
==================
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
URLSearchHook: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 -> DefaultScope {478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} URL = 
SearchScopes: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 -> {478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-20] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-20] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-20]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-20]
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Honey) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-02-20]
CHR Extension: (Google Search) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Avast SafePrice) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-31]
CHR Extension: (Google Sheets) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (SiteAdvisor) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-07]
CHR Extension: (Google Docs Offline) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Ghostery) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0030861453939669mcinstcleanup; C:\Windows\TEMP\003086~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-02] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-20] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-16] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-14] (SEIKO EPSON CORPORATION)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-04-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [176128 2010-05-27] (OLYMPUS IMAGING CORP.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-13] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-20] (AVAST Software)
R3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-04-26] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-20] (AVAST Software)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-04-02] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
S3 MFE_RR; \??\C:\Users\Amber\AppData\Local\Temp\mfe_rr.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
U3 aswMBR; \??\C:\Users\Amber\AppData\Local\Temp\aswMBR.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 05:44 - 2016-02-21 05:44 - 00031357 _____ C:\Users\Amber\Desktop\FRST.txt
2016-02-21 05:44 - 2016-02-21 05:44 - 00000000 ____D C:\FRST
2016-02-21 05:42 - 2016-02-21 05:42 - 00899584 _____ (Farbar) C:\Users\Amber\Downloads\FSS.exe
2016-02-21 05:41 - 2016-02-21 05:41 - 02371072 _____ (Farbar) C:\Users\Amber\Desktop\FRST64.exe
2016-02-20 14:39 - 2016-02-20 14:44 - 00232312 _____ C:\TDSSKiller.3.1.0.9_20.02.2016_14.39.06_log.txt
2016-02-20 14:37 - 2016-02-20 14:38 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Amber\Downloads\tdsskiller.exe
2016-02-20 14:35 - 2016-02-20 14:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-02-20 14:13 - 2016-02-20 14:26 - 162284424 _____ (Kaspersky Lab) C:\Users\Amber\Downloads\kis16.0.0.614a bcden_9295.exe
2016-02-20 13:13 - 2016-02-20 13:14 - 05657688 _____ (Swearware) C:\Users\Amber\Downloads\ComboFix.exe
2016-02-20 13:01 - 2016-02-20 13:01 - 00002416 _____ C:\Users\Amber\Downloads\aswMBR 022016.txt
2016-02-20 13:01 - 2016-02-20 13:01 - 00000512 _____ C:\Users\Amber\Downloads\MBR.dat
2016-02-20 12:37 - 2016-02-20 12:37 - 05200384 _____ (AVAST Software) C:\Users\Amber\Downloads\aswmbr.exe
2016-02-20 12:25 - 2016-02-20 12:25 - 00030311 _____ C:\Users\Amber\AppData\LocalLow\wbk448B.tmp
2016-02-20 10:20 - 2016-02-20 10:20 - 00784152 _____ (McAfee, Inc.) C:\Users\Amber\Downloads\rootkitremover.exe
2016-02-19 10:38 - 2016-02-19 10:38 - 00000253 _____ C:\Users\Amber\Downloads\Years_Ago_Now.bibtex
2016-02-19 08:51 - 2016-02-19 08:51 - 00006031 _____ C:\Users\Amber\AppData\Local\recently-used.xbel
2016-02-18 14:50 - 2016-02-18 14:50 - 00122750 _____ C:\Users\Amber\Downloads\Retirement - EW Martin.pdf
2016-02-17 04:26 - 2016-02-17 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-13 11:16 - 2016-02-13 11:16 - 00536556 _____ C:\Users\Amber\Downloads\flier final nwf ambassador april 2 2016.pdf
2016-02-12 19:55 - 2016-02-12 19:55 - 00031252 _____ C:\Users\Amber\Downloads\Fred Binstock - Resume 101415 (1).pdf
2016-02-12 11:15 - 2016-02-12 11:15 - 00001444 _____ C:\Users\Amber\Downloads\launch (17).ica
2016-02-09 13:27 - 2016-02-09 13:27 - 00797877 _____ C:\Users\Amber\Downloads\New Doc (2).pdf
2016-02-08 16:42 - 2016-02-08 16:43 - 11375394 _____ C:\Users\Amber\Downloads\New Doc.pdf
2016-02-08 16:08 - 2016-02-08 16:08 - 00484409 _____ C:\Users\Amber\Downloads\Host Application - revised Jan 2016 (1).pdf
2016-02-03 20:37 - 2016-02-04 20:05 - 00601088 _____ C:\Users\Amber\AppData\Roaming\SharedSettings.ccs
2016-02-03 20:37 - 2016-02-03 20:37 - 00001444 _____ C:\Users\Public\Desktop\Responsive Site Designer.lnk
2016-02-03 20:37 - 2016-02-03 20:37 - 00000000 ____D C:\Users\Amber\Documents\CoffeeCup Software
2016-02-03 20:37 - 2016-02-03 20:37 - 00000000 ____D C:\Users\Amber\AppData\Roaming\Responsive Site Designer
2016-02-03 20:37 - 2016-02-03 20:37 - 00000000 ____D C:\Users\Amber\AppData\Local\Responsive Site Designer
2016-02-03 20:37 - 2016-02-03 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2016-02-03 20:36 - 2016-02-03 20:36 - 00000000 ____D C:\Program Files\CoffeeCup Software
2016-02-03 20:33 - 2016-02-03 20:35 - 45632728 _____ (CoffeeCup Software, Inc.) C:\Users\Amber\Downloads\responsive-site-designer-trial-win-en-1.2-958 (1).exe
2016-02-03 20:30 - 2016-02-03 20:32 - 45632728 _____ (CoffeeCup Software, Inc.) C:\Users\Amber\Downloads\responsive-site-designer-trial-win-en-1.2-958.exe
2016-02-02 16:16 - 2016-02-02 16:17 - 00433357 _____ C:\Users\Amber\Downloads\1 - Nick Codispoti - Harvest CFO - Resume.pdf
2016-01-29 15:01 - 2016-01-29 15:01 - 00001445 _____ C:\Users\Amber\Downloads\launch (15).ica
2016-01-28 12:21 - 2016-01-28 17:17 - 00001444 _____ C:\Users\Amber\Downloads\launch (14).ica
2016-01-27 07:19 - 2016-01-27 07:19 - 00001446 _____ C:\Users\Amber\Downloads\launch (13).ica
2016-01-26 11:30 - 2016-01-26 11:30 - 00000000 ____D C:\Users\Amber\Documents\Sony PMB
2016-01-26 10:43 - 2016-01-26 10:43 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
2016-01-26 10:43 - 2016-01-26 10:43 - 00002163 _____ C:\Users\Public\Desktop\PlayMemories Home.lnk
2016-01-26 10:43 - 2016-01-26 10:43 - 00002067 _____ C:\Users\Public\Desktop\PlayMemories Home Help.lnk
2016-01-26 10:43 - 2016-01-26 10:43 - 00000000 ____D C:\Users\Amber\AppData\Roaming\Sony Corporation
2016-01-26 10:43 - 2016-01-26 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2016-01-26 10:43 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-01-26 10:39 - 2016-01-26 10:39 - 00000000 ____D C:\Program Files (x86)\Sony
2016-01-26 10:25 - 2016-01-26 10:25 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-01-25 13:56 - 2016-01-25 13:56 - 00863477 _____ C:\Users\Amber\Downloads\FFT Brochure - revised Jan 2016.pdf
2016-01-25 13:56 - 2016-01-25 13:56 - 00484409 _____ C:\Users\Amber\Downloads\Host Application - revised Jan 2016.pdf
2016-01-25 13:56 - 2016-01-25 13:56 - 00439485 _____ C:\Users\Amber\Downloads\Vendor Application - revised Jan 2016.pdf
2016-01-25 13:56 - 2016-01-25 13:56 - 00113730 _____ C:\Users\Amber\Downloads\Host Guidelines - revised Jan 2015 (1).pdf
2016-01-25 13:56 - 2016-01-25 13:56 - 00109561 _____ C:\Users\Amber\Downloads\Vendor Guidelines - revised Jan 2015 (1).pdf
2016-01-25 12:07 - 2016-01-25 12:07 - 00273346 _____ C:\Users\Amber\Downloads\Logo 2002.pdf
2016-01-24 09:25 - 2016-01-24 09:25 - 00353935 _____ C:\Users\Amber\Downloads\1 - Mike Lane - Harvest CFO - Resume (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 05:37 - 2016-01-07 20:37 - 00000909 _____ C:\Windows\Tasks\EPSON Perfection V39 Update.job
2016-02-21 05:33 - 2014-06-17 02:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-21 05:30 - 2015-07-02 13:30 - 00000911 _____ C:\Windows\Tasks\EPSON XP-820 Series Update {14DBD6D1-C3FE-4C6A-B6DB-512C13A6A2B1}.job
2016-02-21 05:29 - 2015-08-04 11:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 05:27 - 2015-10-08 14:59 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-21 04:58 - 2015-04-26 14:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 02:58 - 2015-04-26 14:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-20 22:15 - 2009-07-13 23:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-20 22:15 - 2009-07-13 23:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-20 20:27 - 2015-10-08 14:59 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-20 13:05 - 2015-08-08 10:12 - 00000000 ____D C:\Users\Amber\AppData\Local\CrashDumps
2016-02-20 09:51 - 2015-06-30 06:57 - 00000000 ____D C:\Users\Amber\AppData\Local\VMware
2016-02-20 09:51 - 2009-07-14 00:13 - 00785926 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-20 09:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-20 09:39 - 2015-08-10 13:07 - 00000000 ____D C:\Users\Amber\.gimp-2.8
2016-02-20 09:38 - 2015-12-20 14:18 - 00003062 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1450639083
2016-02-19 17:04 - 2015-04-26 14:17 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 09:32 - 2015-10-08 15:14 - 00000000 ___RD C:\Users\Amber\Dropbox
2016-02-19 08:50 - 2015-08-10 13:24 - 00000000 ____D C:\Users\Amber\AppData\Local\gtk-2.0
2016-02-17 04:27 - 2015-10-08 14:59 - 00000000 ____D C:\Users\Amber\AppData\Local\Dropbox
2016-02-17 04:26 - 2015-10-08 14:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-15 10:42 - 2015-07-16 17:26 - 00000000 _____ C:\Users\Amber\Documents\SmartSoft PDF Printer Port
2016-02-15 10:42 - 2015-04-27 18:59 - 00000000 ____D C:\Program Files\Smart PDF Tools Pro
2016-02-10 04:34 - 2014-06-17 02:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 04:34 - 2014-06-17 02:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 04:34 - 2014-06-17 02:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-08 05:52 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-08 05:50 - 2015-06-30 06:57 - 00000000 ____D C:\Users\Amber\AppData\Roaming\VMware
2016-02-02 02:53 - 2015-04-26 14:17 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 02:53 - 2015-04-26 14:17 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 12:51 - 2015-08-24 11:38 - 00000000 ____D C:\Users\Amber\Desktop\AOS BIlling
2016-01-31 07:03 - 2016-01-07 20:44 - 00000000 ____D C:\Users\Amber\AppData\Roaming\ArcSoft
2016-01-28 06:09 - 2015-05-14 07:35 - 00000000 ____D C:\Users\Amber\AppData\Roaming\Skype
2016-01-27 19:07 - 2014-06-17 02:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-27 05:37 - 2015-06-09 21:31 - 00000000 ____D C:\Users\Amber\Documents\My Labels
2016-01-22 07:21 - 2015-04-25 16:28 - 00125448 _____ C:\Users\Amber\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-22 03:35 - 2015-06-29 06:27 - 00000000 ____D C:\ProgramData\VMware
2016-01-22 03:35 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 03:35 - 2009-07-13 23:45 - 00463736 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-22 03:03 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
 
==================== Files in the root of some directories =======
 
2016-02-03 20:37 - 2016-02-04 20:05 - 0601088 _____ () C:\Users\Amber\AppData\Roaming\SharedSettings.ccs
2015-09-10 02:26 - 2015-09-10 02:26 - 0002005 _____ () C:\Users\Amber\AppData\Local\2C587D54A05A4492AC6A2A28A0E11CC1.File Folder Label.lbx
2015-12-19 15:31 - 2015-12-19 15:31 - 0002026 _____ () C:\Users\Amber\AppData\Local\AFEFAE93740E422e94AEB4CE06E9341A.File Folder Label.lbx
2015-12-02 04:42 - 2015-12-02 04:42 - 0001991 _____ () C:\Users\Amber\AppData\Local\C1D2FF8E6A4D4634933C9989361146C4.Filetab.lbx
2015-06-10 02:18 - 2015-06-10 02:18 - 0001365 _____ () C:\Users\Amber\AppData\Local\E1B7E57D0D594c9f88FA8C800D4263A7.Layout1.lbx
2016-02-19 08:51 - 2016-02-19 08:51 - 0006031 _____ () C:\Users\Amber\AppData\Local\recently-used.xbel
2014-10-07 00:50 - 2014-10-07 00:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Amber\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9miccg.dll
C:\Users\Amber\AppData\Local\Temp\_is341A.exe
C:\Users\Amber\AppData\Local\Temp\_is476B.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-08 01:51
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Amber (2016-02-21 05:44:54)
Running from C:\Users\Amber\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-04-25 21:27:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3417452393-3087154131-1498492752-500 - Administrator - Disabled)
Amber (S-1-5-21-3417452393-3087154131-1498492752-1000 - Administrator - Enabled) => C:\Users\Amber
Guest (S-1-5-21-3417452393-3087154131-1498492752-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3417452393-3087154131-1498492752-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.55 - ArcSoft)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brother P-touch Editor 5.1 (HKLM-x32\...\{BF6D28AE-0CAB-4950-AC4A-0AD38DA4C2E8}) (Version: 5.1.0311 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CoffeeCup Responsive Site Designer (HKLM\...\CoffeeCup Responsive Site Designer 1.2-958) (Version: 1.2-958 - CoffeeCup Software, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Document Capture Pro (HKLM-x32\...\{8085E93B-74B0-4E42-8A58-EEC5F5F7746C}) (Version: 1.06.0006 - Seiko Epson Corporation)
Document Express DjVu Plug-in (HKLM\...\{3677A6FF-9C6F-48B7-B0DC-E958C2FE4FFF}) (Version: 6.1.35472 - Cuminas Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Easy Photo Scan (HKLM-x32\...\{EDB34773-E7B0-483A-8602-8EBAA7524F8F}) (Version: 1.00.0002 - Seiko Epson Corporation)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{747C2710-1D8F-46DD-ADF0-6EE0D980F13C}) (Version: 3.10.0039 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.50.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Perfection V370 Photo Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON Perfection V370 Photo_is1) (Version: 3.0.2.0 - Epson America Inc.)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.31.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.00 - SEIKO EPSON Corp.)
EPSON XP-820 Series Printer Uninstall (HKLM\...\EPSON XP-820 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-820 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-820 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Eraser 6.0.7.1893 (HKLM\...\{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}) (Version: 6.7.1893 - The Eraser Project)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.5.0.229 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.141 - McAfee, Inc.)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Olympus DSS Player Pro (HKLM-x32\...\{91A32CD1-96A5-41D0-BCE6-9CE25531A875}) (Version: 5.0.10 - OLYMPUS IMAGING CORP.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Perfection V19_V39 User Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V19_V39 User Guide_is1) (Version: 1.0 - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.320 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.31 - Qualcomm Atheros)
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.1.24 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
RootsMagic 3.2.5.0 (HKLM-x32\...\RootsMagic_is1) (Version:  - RootsMagic, Inc.)
SafeZone Stable 1.48.2066.76 (x32 Version: 1.48.2066.76 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Smart PDF Tools Pro 6.3.0.495 (HKLM\...\Smart PDF Tools Pro_is1) (Version: 6.3.0.495 - Smart Soft)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.2 - VMware, Inc)
VMware Player (Version: 7.1.2 - VMware, Inc.) Hidden
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {292BA938-3A2F-4F62-83AA-ECFBF5A86CD3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-18] (AVAST Software)
Task: {2F6DD2FD-AA9B-418E-BB6C-D66E1B351806} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-16] (Dropbox, Inc.)
Task: {33840219-CA7D-4F27-B6C2-9B6FF6A7852A} - System32\Tasks\SafeZone scheduled Autoupdate 1450639083 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-17] (Avast Software)
Task: {4E50F55E-31B3-4595-8BFC-7E151A258C75} - System32\Tasks\EPSON XP-820 Series Update {14DBD6D1-C3FE-4C6A-B6DB-512C13A6A2B1} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNME.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {8DD6BE45-7923-47A9-A54E-0B1342503741} - System32\Tasks\EPSON Perfection V39 Update => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {90E5EF0C-72FD-4BB6-9F05-2596852D7CA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-20] (AVAST Software)
Task: {974ACAB2-4C00-483A-8C77-39E48508B45F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9CE831AE-B327-4A20-B5DC-D2E0BFB4E3F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
Task: {BB972ED2-C0E4-4013-9121-DF9BB412D342} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {C104CBB4-3ACF-4511-B080-59568D276601} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-16] (Dropbox, Inc.)
Task: {D4330CE8-2107-49E2-B9E9-812BCCBF9BEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {E5367672-ACFC-458A-A294-1DDB9FA711B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON Perfection V39 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V39,ES010D.DAT /F:UpdateAmberĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-820 Series Update {14DBD6D1-C3FE-4C6A-B6DB-512C13A6A2B1}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNME.EXE:/EXE:{14DBD6D1-C3FE-4C6A-B6DB-512C13A6A2B1} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-07 01:07 - 2013-02-21 00:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-04-27 18:59 - 2012-06-05 11:45 - 00340728 _____ () C:\Program Files\Smart PDF Tools Pro\ExplorerExt_x64.dll
2014-04-02 04:22 - 2014-04-02 04:22 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2015-04-27 18:59 - 2012-06-05 11:57 - 00052984 _____ () C:\Program Files\Smart PDF Tools Pro\SmartSoft PDF Printer Agent.exe
2015-12-20 14:04 - 2015-12-20 14:04 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-20 14:03 - 2015-12-20 14:03 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-21 23:53 - 2016-01-21 23:53 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012200\algo.dll
2015-12-20 14:04 - 2015-12-20 14:04 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-20 14:04 - 2015-12-20 14:04 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-02-20 09:04 - 2016-02-20 09:04 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022000\algo.dll
2016-02-21 05:07 - 2016-02-21 05:07 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022100\algo.dll
2015-05-31 06:59 - 2015-05-31 06:59 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-10-07 00:47 - 2013-12-09 18:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2009-09-12 22:08 - 2009-09-12 22:08 - 00028496 _____ () C:\Program Files (x86)\Citrix\ICA Client\vdtuin.dll
2016-01-14 18:54 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 18:54 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2015-12-20 14:04 - 2015-12-20 14:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-07 01:07 - 2013-02-21 00:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-10 23:43 - 2016-01-12 13:44 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-17 04:26 - 2016-01-12 13:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-02-17 04:26 - 2016-01-12 13:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-10 23:43 - 2016-01-12 13:44 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-10 23:43 - 2016-01-12 13:44 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-10 23:43 - 2016-02-16 13:39 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-10 23:43 - 2016-01-12 13:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-02-17 04:26 - 2016-01-12 13:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-10 23:43 - 2016-02-16 13:39 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-10 23:43 - 2016-01-12 13:44 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-02-17 04:26 - 2016-02-16 13:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-10 23:43 - 2016-01-12 13:45 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-17 04:26 - 2016-02-16 13:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-02-17 04:26 - 2016-02-16 13:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-10 23:43 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-10 23:43 - 2016-02-16 13:39 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-17 04:26 - 2016-01-12 13:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-10 23:43 - 2016-01-12 13:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-10 23:43 - 2016-01-12 13:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-11 19:31 - 2016-02-16 13:39 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-10 23:43 - 2016-01-12 13:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-10 23:43 - 2016-01-12 13:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-10 23:43 - 2016-01-12 13:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-02-17 04:26 - 2016-02-16 13:38 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-02-17 04:26 - 2016-01-12 13:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-10 23:43 - 2016-02-16 13:39 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-10 23:43 - 2016-01-12 13:44 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-02-17 04:26 - 2016-01-12 13:44 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-02-17 04:26 - 2016-01-12 13:45 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-11 19:31 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 19:31 - 2016-02-16 13:39 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-11 19:31 - 2016-02-16 13:39 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-11 19:31 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-02-17 04:26 - 2016-02-16 13:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-10 23:43 - 2016-01-12 13:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-11 19:31 - 2016-02-16 13:39 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-02-17 04:26 - 2016-02-16 13:39 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-10 23:43 - 2016-01-12 13:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-02-17 04:26 - 2016-01-12 13:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-02-17 04:26 - 2016-01-12 13:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-10 23:43 - 2016-02-16 13:39 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-02-17 04:26 - 2016-02-16 13:39 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-10-08 15:03 - 2016-01-12 13:52 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-02-19 17:03 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 17:03 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-02-19 17:03 - 2016-02-17 23:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
2015-04-26 10:03 - 2015-04-26 10:03 - 00083968 _____ () C:\Program Files\AVAST Software\Avast\OpenVpn\lzo2.dll
2015-04-26 10:03 - 2015-04-26 10:03 - 00065024 _____ () C:\Program Files\AVAST Software\Avast\OpenVpn\libpkcs11-helper-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 77.234.40.79 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BC11CD8E-FAC4-4029-98C6-7B38F603617A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{064A519F-7398-4285-8592-506C4138A495}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B13FA069-0824-4E2E-82B5-C8E03F702B8D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{6F539259-AE0E-43E2-AFFE-BFFE77D3A328}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{34139F31-FA48-4D2E-92EA-A7B10085466D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{51376256-AF35-460E-BBAB-B395FBA83F45}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{7BB26C91-9239-4DA4-BD44-3A91CC539821}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8763DF83-9366-4768-88C3-BE8CA7BD0788}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{F8708B71-CB28-4092-B047-3A6797413DAD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{784D814C-B3C1-458B-B37B-F6ACF82FB899}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{DBD432FB-7F14-482F-8422-1F541425A73A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{C43614D1-38E0-41EE-B4C2-E865F0CF8050}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{6E4F74B0-8010-40A2-90F3-4BC729F0E6C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{14176D6F-CAAF-42A3-891C-D56ED328D341}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{6CE63A19-78B1-48B1-B9BA-E641F3A189DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{7FA5E4E2-4653-4DDD-A73D-608B85C7E0FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{357F7E58-1AC8-4FD5-BBE4-1C2C40016C43}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E798E73E-DB85-4DF9-B835-37A54BCC4CD8}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{BDD8D0BC-312E-47FC-9A0C-39CFFA357176}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{9A834080-B710-4E6A-910A-EF029E7930CC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{15467B45-ADE1-42CE-99E8-7DB919686AFC}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{39389D9E-D06D-4ECC-92F6-6F2804202178}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{FF4A4399-021D-49F4-9587-E2EDDACC1060}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{8BB11A23-92AC-400E-BD2B-4EAD9E2EB1CC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{82C698EF-A4FF-462D-A060-F9E3ABB5DF93}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\TranscriptionModule.exe
FirewallRules: [{FCD2796B-54C4-41D4-8EA3-DE2242DC3044}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\TranscriptionModule.exe
FirewallRules: [{C5545B31-E225-476F-B963-026B75DAEF8F}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\TranscriptionModule.exe
FirewallRules: [{3E10233A-0BB1-4440-8B35-E35B3B25ECA7}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\TranscriptionModule.exe
FirewallRules: [{1641FE6F-8D95-4A7F-B892-DC00965BF208}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\UAService.exe
FirewallRules: [{AC094D7A-192E-4DE8-969B-85B7BEA4EBC8}] => (Allow) C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\UAService.exe
FirewallRules: [{52610E25-00EA-4491-9D63-2E0B1211F2BD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8E570C87-6120-49A2-953C-83A695D8DA98}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{464E2E13-8A2F-4AC4-8B2D-A07CE680D576}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{010E2566-5002-4C9C-8EF3-DC8FE96FCDEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-01-2016 21:43:55 Installed Microsoft Office Professional 2010
21-01-2016 03:00:22 Windows Update
22-01-2016 03:00:26 Windows Update
26-01-2016 10:43:34 Installed DirectX
26-01-2016 12:18:32 Windows Update
06-02-2016 06:48:54 Scheduled Checkpoint
07-02-2016 02:03:43 Windows Update
20-02-2016 15:16:16 Scheduled Checkpoint
21-02-2016 02:05:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/20/2016 01:40:51 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (02/20/2016 01:04:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x5684255b
Exception code: 0xc0000005
Fault offset: 0x0002e3c6
Faulting process id: 0x852c
Faulting application start time: 0xaswmbr.exe0
Faulting application path: aswmbr.exe1
Faulting module path: aswmbr.exe2
Report Id: aswmbr.exe3
 
Error: (02/20/2016 01:03:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x5684255b
Exception code: 0xc0000005
Fault offset: 0x0002e3c6
Faulting process id: 0x2404
Faulting application start time: 0xaswmbr.exe0
Faulting application path: aswmbr.exe1
Faulting module path: aswmbr.exe2
Report Id: aswmbr.exe3
 
Error: (02/19/2016 06:35:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (02/18/2016 11:27:38 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (02/18/2016 04:35:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (02/17/2016 10:22:25 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={900D2057-1311-4CDF-80D1-FEA9F32C6248}: The user AcerDesktop2015\Amber dialed a connection named ENT which has failed. The error code returned on failure is 806.
 
Error: (02/17/2016 09:17:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (02/16/2016 02:05:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (02/15/2016 07:28:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (02/10/2016 04:23:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdatem) service failed to start due to the following error: 
%%1053
 
Error: (02/10/2016 04:23:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdatem) service to connect.
 
Error: (02/10/2016 04:23:54 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdatem/comsvc{E225E692-4B47-4777-9BED-4FD7FE257F0E}
 
Error: (02/07/2016 10:42:14 AM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The SSL connection request has failed. The attached data contains the server certificate.
 
Error: (02/07/2016 10:42:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.
 
Error: (02/02/2016 07:31:08 AM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={94499A7F-F6CE-42D3-ABA6-B643C65CC890}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
 
Error: (02/02/2016 07:29:03 AM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={F532C188-3709-4086-974B-A708557A21D7}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
 
Error: (02/01/2016 03:36:17 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={ABB0B886-6FC1-4371-AA90-2A8E4CB8319C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
 
Error: (02/01/2016 02:08:10 PM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={405759EF-1AB0-4174-A761-32C297CB7817}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
 
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
 
Error: (02/01/2016 11:44:13 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{78471691-AA4E-44FA-9C68-B5A262447CD6} because another computer on the network has the same name.  The server could not start.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-31 19:10:57.925
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.885
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.885
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.885
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.815
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.795
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.795
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.785
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.625
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-08-31 19:10:57.605
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 62%
Total physical RAM: 8001.45 MB
Available physical RAM: 2971.01 MB
Total Virtual: 16001.11 MB
Available Virtual: 6818.79 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:467.44 GB) (Free:254.24 GB) NTFS
Drive e: (OFFICE14) (CDROM) (Total:0.86 GB) (Free:0 GB) UDF
Drive f: (New Volume) (Fixed) (Total:446.39 GB) (Free:48.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 71791884)
Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=467.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=446.4 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 
 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 21 February 2016 - 09:28 AM

Nice to meet you Amber. Can you tell me if you are, or have been in the Czech Republic?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\MountPoints2: {dea52b4f-ed38-11e4-b6da-3010b3620cea} - E:\SETUP.EXE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 -> DefaultScope {478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} URL = 
SearchScopes: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 -> {478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} URL = 
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 MFE_RR; \??\C:\Users\Amber\AppData\Local\Temp\mfe_rr.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
U3 aswMBR; \??\C:\Users\Amber\AppData\Local\Temp\aswMBR.sys [X]
2016-02-20 12:25 - 2016-02-20 12:25 - 00030311 _____ C:\Users\Amber\AppData\LocalLow\wbk448B.tmp
C:\Users\Amber\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9miccg.dll
C:\Users\Amber\AppData\Local\Temp\_is341A.exe
C:\Users\Amber\AppData\Local\Temp\_is476B.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Czech Republic?
  • Fixlog
  • Zoek report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 21 February 2016 - 11:08 AM

No, I am not from the Czech Republic nor have I visited there.  

 

It's very nice to meet you too!

 

Amber

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Amber (2016-02-21 10:20:37) Run:1
Running from C:\Users\Amber\Desktop
Loaded Profiles: Amber (Available Profiles: Amber)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\...\MountPoints2: {dea52b4f-ed38-11e4-b6da-3010b3620cea} - E:\SETUP.EXE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 -> DefaultScope {478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} URL = 
SearchScopes: HKU\S-1-5-21-3417452393-3087154131-1498492752-1000 -> {478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} URL = 
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 MFE_RR; \??\C:\Users\Amber\AppData\Local\Temp\mfe_rr.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
U3 aswMBR; \??\C:\Users\Amber\AppData\Local\Temp\aswMBR.sys [X]
2016-02-20 12:25 - 2016-02-20 12:25 - 00030311 _____ C:\Users\Amber\AppData\LocalLow\wbk448B.tmp
C:\Users\Amber\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9miccg.dll
C:\Users\Amber\AppData\Local\Temp\_is341A.exe
C:\Users\Amber\AppData\Local\Temp\_is476B.exe
*****************
 
"HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea52b4f-ed38-11e4-b6da-3010b3620cea}" => key removed successfully
HKCR\CLSID\{dea52b4f-ed38-11e4-b6da-3010b3620cea} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3417452393-3087154131-1498492752-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{478E6F75-D4D0-4A65-82FB-DF3F6FF31E22}" => key removed successfully
HKCR\CLSID\{478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} => key not found. 
AvastVBoxSvc => service could not remove
MFE_RR => service removed successfully
VBoxAswDrv => service could not remove
aswMBR => service removed successfully
C:\Users\Amber\AppData\LocalLow\wbk448B.tmp => moved successfully
C:\Users\Amber\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9miccg.dll => moved successfully
C:\Users\Amber\AppData\Local\Temp\_is341A.exe => moved successfully
C:\Users\Amber\AppData\Local\Temp\_is476B.exe => moved successfully
 
==== End of Fixlog 10:20:38 ====
 
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Amber on Sun 02/21/2016 at 10:25:00.86.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Amber\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
2/21/2016 10:26:31 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Evernote deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Smart PDF Tools Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\Notification.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\PROGRA~2\Citrix\ICACLI~1\WFICA32.EXE
C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\AVAST Software\Avast\OpenVpn\openvpn.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Amber\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\{54BCD1A8-CD69-4890-8389-906D63E0603A} deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\4b0011ad.msi" deleted
 
==== System Specs ======================
 
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8002 MB
CPU Info: Intel® Core™ i5-4460  CPU @ 3.20GHz
CPU Speed: 3244.3 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | avast! SecureLine TAP Adapter v3 | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR5BWB222 Wireless Network Adapter | VMware Virtual Ethernet Adapter for VMnet1 | VMware Virtual Ethernet Adapter for VMnet8
CD / DVD Drives: 2x (D: | E: | ) D: HL-DT-STDVDRAM GHB0N     | E: MagicISOVirtual DVD-ROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  467.4GB | F:  446.4GB
Hard Disks - Free: C:  253.8GB | F:  48.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 05/22/14 | ACRSYS - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Acer Aspire TC-605
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
Default Browser: Google Chrome 48.0.2564.116
Internet Explorer Version: 11.0.9600.18163 
Google Chrome version: 48.0.2564.116
Adobe Reader version: 11.0.12.18
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Amber\AppData\Local\Temp ====
2016-02-17 22:08:29 761204CE1F26D946B2ACE5D5FF2D5D16 1579928 ----a-w- C:\Users\Amber\AppData\Local\Temp\13712_5028\software_reporter_tool.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-02-04 01:36:44 -------- d-----w- C:\Program Files\CoffeeCup Software
======= C:\PROGRA~2 =====
2016-01-26 15:39:26 -------- d-----w- C:\PROGRA~2\Sony
======= C: =====
====== C:\Users\Amber\AppData\Roaming ======
2016-02-19 13:51:08 D64E62CC3D629C3055625B9B51BC984D 6031 ----a-w- C:\Users\Amber\AppData\Local\recently-used.xbel
2016-02-04 01:37:29 -------- d-----w- C:\Users\Amber\AppData\Local\Responsive Site Designer
2016-02-04 01:37:28 21D33B763800D9C34BDD118327B00C84 601088 ----a-w- C:\Users\Amber\AppData\Roaming\SharedSettings.ccs
2016-02-04 01:37:28 -------- d-----w- C:\Users\Amber\AppData\Roaming\Responsive Site Designer
2016-01-31 13:30:09 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2016-01-26 15:43:24 -------- d-----w- C:\Users\Amber\AppData\Roaming\Sony Corporation
====== C:\Users\Amber ======
2016-02-21 10:42:13 D4213F04FA7A059784A73549AC6550E3 899584 ----a-w- C:\Users\Amber\Downloads\FSS.exe
2016-02-21 10:41:22 B2C83CC1B67D0EF04E1F86C4B432B508 2371072 ----a-w- C:\Users\Amber\Desktop\FRST64.exe
2016-02-20 19:37:50 8AF92D125EFC48D4A4F0140777AA2FD4 4727984 ----a-w- C:\Users\Amber\Downloads\tdsskiller.exe
2016-02-20 19:35:38 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2016-02-20 19:13:58 8F03E65FF4C2A54A84EA7BDF252A1B59 162284424 ----a-w- C:\Users\Amber\Downloads\kis16.0.0.614a bcden_9295.exe
2016-02-20 17:37:03 6B58415594929888D1B79ED3103ECB56 5200384 ----a-w- C:\Users\Amber\Downloads\aswmbr.exe
2016-02-17 09:26:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-04 01:37:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2016-01-26 15:43:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2016-01-26 15:25:33 -------- d-----w- C:\ProgramData\Sony Corporation
 
====== C: exe-files ==
2016-02-21 10:42:13 D4213F04FA7A059784A73549AC6550E3 899584 ----a-w- C:\Users\Amber\Downloads\FSS.exe
2016-02-21 10:41:22 B2C83CC1B67D0EF04E1F86C4B432B508 2371072 ----a-w- C:\Users\Amber\Desktop\FRST64.exe
2016-02-20 19:37:50 8AF92D125EFC48D4A4F0140777AA2FD4 4727984 ----a-w- C:\Users\Amber\Downloads\tdsskiller.exe
2016-02-20 19:13:58 8F03E65FF4C2A54A84EA7BDF252A1B59 162284424 ----a-w- C:\Users\Amber\Downloads\kis16.0.0.614a bcden_9295.exe
2016-02-20 17:37:03 6B58415594929888D1B79ED3103ECB56 5200384 ----a-w- C:\Users\Amber\Downloads\aswmbr.exe
2016-02-20 14:38:23 D8F1F88E92F854F1E4DE50020D6C5210 1361400 ----a-w- C:\Windows\Temp\SafeZone Installer\installer.exe
2016-02-19 22:03:54 741EEB114A704A80A1951045FA50A8C7 77976 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source57748_18282\Chrome-bin\wow_helper.exe
2016-02-19 22:03:54 63740680B14C2EEE08B11ADADFA98DA1 746648 ----a-w- C:\Program Files (x86)\Google\Chrome\Temp\source57748_18282\Chrome-bin\chrome.exe
2016-02-19 21:59:34 45AB0193BCF8693503AF810B1E60D7FE 879512 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.116\48.0.2564.116_48.0.2564.109_chrome_updater.exe
2016-02-18 03:52:57 761204CE1F26D946B2ACE5D5FF2D5D16 1579928 ----a-w- C:\Users\Amber\AppData\Local\Google\Chrome\User Data\SwReporter\6.44.3\software_reporter_tool.exe
2016-02-17 22:08:29 761204CE1F26D946B2ACE5D5FF2D5D16 1579928 ----a-w- C:\Users\Amber\AppData\Local\Temp\13712_5028\software_reporter_tool.exe
2016-02-17 09:26:10 3B116ADE27A0CE53021AC74D5632DC75 173032 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe
2016-02-17 09:26:09 679AA16EED91927FAA40736D9B408B88 25122080 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
2016-02-17 09:25:02 AE0A0D869F0AA3D790FB40BF1673C237 70766040 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.14.7\DropboxClient_3.14.7.exe
=== C: other files ==
2016-02-21 11:01:44 F7FCB2E68105D7E8ECFB7E1C8B554C9E 102314 ----a-w- C:\Users\Amber\Downloads\Summary.zip
2016-02-21 11:01:26 F7FCB2E68105D7E8ECFB7E1C8B554C9E 102314 ----a-w- C:\Users\Amber\Desktop\Summary.zip
2016-02-17 09:26:09 C328AF98CA42AD89E948E31FA0F4BC74 58480 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx.sys
2016-02-17 09:26:09 5E7989A23ADB365A2B5F69CB55DE5A1E 48752 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx.sys
 
==== Orphaned Tasks deleted from Registry ======================
 
avast Emergency Update deleted
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3417452393-3087154131-1498492752-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_B541A8D354ED80445B89E73989F98B03"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINME.EXE /EPT EPLTarget\P0000000000000000 /M XP-820 Series"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"Olympus Notification"="C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\Notification.exe"
"Olympus DSS UpdateManager"="C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\UpdateManager.exe"
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun"
"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_B541A8D354ED80445B89E73989F98B03"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINME.EXE /EPT EPLTarget\P0000000000000000 /M XP-820 Series"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SmartSoft PDF Printer Agent"="C:\Program Files\Smart PDF Tools Pro\SmartSoft PDF Printer Agent.exe"
"Eraser"="C:\PROGRA~1\Eraser\Eraser.exe --atRestart"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
 
==== Startup Folders ======================
 
2016-01-08 01:47:05 1182 ----a-w- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson Other Registration.lnk
2016-01-08 16:20:21 1196 ----a-w- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
2015-04-28 00:34:59 997 ----a-w- C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
2015-08-21 19:55:01 2166 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/10/2016 04:34 AM]
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [12/16/2015 08:22 PM]
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [12/16/2015 08:22 PM]
C:\Windows\tasks\EPSON Perfection V39 Update.job --a------ C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [11/22/2013 01:30 AM]
C:\Windows\tasks\EPSON XP-820 Series Update {14DBD6D1-C3FE-4C6A-B6DB-512C13A6A2B1}.job --a------ C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNME.exe [11/21/2013 12:30 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:I6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\EPSON Perfection V39 Update" [C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe]
"C:\Windows\SysNative\tasks\EPSON XP-820 Series Update {14DBD6D1-C3FE-4C6A-B6DB-512C13A6A2B1}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNME.EXE]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1450639083" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [11/23/2015 11:53 AM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [12/20/2015 02:04 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[12/20/2015 02:03 PM]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[12/02/2015 10:37 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/20/2015 02:03 PM]
 
Google Slides - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Honey - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
Google Search - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast SafePrice - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Sheets - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Docs Offline - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Ghostery - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
Chrome Web Store Payments - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savella.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savella.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.shoefitr.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.shoefitr.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.kellyservices.us_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.kellyservices.us_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.dealsplus.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.dealsplus.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dealsplus.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.dealsplus.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage-journal deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zabasearch.com_0.localstorage deleted successfully
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zabasearch.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{478E6F75-D4D0-4A65-82FB-DF3F6FF31E22}"
HKLM\SearchScopes\{478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{478E6F75-D4D0-4A65-82FB-DF3F6FF31E22}"
HKLM\Wow6432Node\SearchScopes\{478E6F75-D4D0-4A65-82FB-DF3F6FF31E22} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F274703B9DB704042955ECD6A611693A deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B307472F-7BD9-4040-9255-CE6D6A1196A3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F274703B9DB704042955ECD6A611693A deleted successfully
 
==== HijackThis Entries ======================
 
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [Olympus Notification] C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\Notification.exe
O4 - HKLM\..\Run: [Olympus DSS UpdateManager] "C:\Program Files (x86)\OLYMPUS\DSSPlayerPro\UpdateManager.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B541A8D354ED80445B89E73989F98B03] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-820 Series"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Epson Other Registration.lnk = Amber\AppData\Roaming\Leadertech\PowerRegister\Epson Other Registration.exe
O4 - Startup: Epson scanner Registration.lnk = Amber\AppData\Roaming\Leadertech\PowerRegister\Epson scanner Registration.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Device Detector 4.lnk = C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0030861453939669) (0030861453939669mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\003086~1.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\SysWOW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\SysWOW64\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=38 folders=5 109438311 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Amber\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Amber\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Amber\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPXAVPNE\home.mcafee.com"  not found
 
==== EOF on Sun 02/21/2016 at 11:01:32.86 ======================
 

The computer seems fine, although I have to admit, I didn't notice anything out of the ordinary before.  Do you think that I had an infection?

 

Amber



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 21 February 2016 - 03:22 PM

Hi Amber,

Based on your original description it seems you may have been infected. Things are looking pretty good now.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Tcpip\..\Interfaces\{1F2DCCF8-2D83-4F4D-BAD3-62366BA4347B}: [DhcpNameServer] 192.0.2.3
Tcpip\..\Interfaces\{76CC0D65-9D13-4810-9B3F-5B7B019135E2}: [DhcpNameServer] 77.234.40.79
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log

Edited by Oh My!, 21 February 2016 - 06:19 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 21 February 2016 - 06:00 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:20-02-2016
Ran by Amber (2016-02-21 16:03:36) Run:2
Running from C:\Users\Amber\Desktop
Loaded Profiles: Amber (Available Profiles: Amber)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Tcpip\..\Interfaces\{1F2DCCF8-2D83-4F4D-BAD3-62366BA4347B}: [DhcpNameServer] 192.0.2.3
Tcpip\..\Interfaces\{76CC0D65-9D13-4810-9B3F-5B7B019135E2}: [DhcpNameServer] 77.234.40.79
*****************
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F2DCCF8-2D83-4F4D-BAD3-62366BA4347B}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76CC0D65-9D13-4810-9B3F-5B7B019135E2}\\DhcpNameServer => value removed successfully
 
==== End of Fixlog 16:03:36 ====
 
C:\Users\Amber\Dropbox\Downloaded Software\cbsidlm-tr1_13-File_Shredder-SEO-10662831.exe Win32/DownloadAdmin.G potentially unwanted application deleted
C:\Users\Amber\Dropbox\Downloaded Software\cbsidlm-tr1_5-Photo_Story_3_for_Windows-10339154.exe Win32/DownloadAdmin.G potentially unwanted application deleted
C:\Users\Amber\Dropbox\Downloaded Software\cnet2_setup_magicdisc106_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
C:\Users\Amber\Dropbox\Downloaded Software\Nero-8.2.8.0_eng_update(2).exe Win32/Toolbar.AskSBar potentially unwanted application deleted
C:\Users\Amber\Dropbox\Downloaded Software\nerophotoshowdeluxe-5-win-en.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
C:\Users\Amber\Dropbox\Downloaded Software\Nero_BackItUp-4.2.16.0_update.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
C:\Users\Amber\Dropbox\Downloaded Software\YouTubeDownloaderSetup271.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
F:\CMNW121 Software Downloads\cnet2_bitpim-1_0_7-setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
F:\Downloaded Software\cbsidlm-tr1_13-File_Shredder-SEO-10662831.exe Win32/DownloadAdmin.G potentially unwanted application deleted
F:\Downloaded Software\cbsidlm-tr1_5-Photo_Story_3_for_Windows-10339154.exe Win32/DownloadAdmin.G potentially unwanted application deleted
F:\Downloaded Software\cnet2_setup_magicdisc106_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
F:\Downloaded Software\Nero-8.2.8.0_eng_update(2).exe Win32/Toolbar.AskSBar potentially unwanted application deleted
F:\Downloaded Software\nerophotoshowdeluxe-5-win-en.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
F:\Downloaded Software\Nero_BackItUp-4.2.16.0_update.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
F:\Downloaded Software\YouTubeDownloaderSetup271.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
F:\Downloaded Software CMNW\cbsidlm-tr1_6-Ethereal__Network_Protocol_Analyzer-10492160.exe Win32/DownloadAdmin.G potentially unwanted application deleted
F:\Downloaded Software CMNW\cnet2_bitpim-1_0_7-setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
F:\Downloaded Software CMNW\CMNW121 Software Downloads\cnet2_bitpim-1_0_7-setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
 

I can't download screen317.  See attached.  I have tried it in multiple browsers and on multiple devices, same response.  Please advise further action on this.  

 

Amber

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 21 February 2016 - 06:20 PM

That site must be down. I modified the link so it goes to another download site. Please attempt it again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 21 February 2016 - 06:48 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (47.0.2526.111) 
 Google Chrome (48.0.2564.109) 
 Google Chrome (48.0.2564.116) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast OpenVpn openvpn.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 21 February 2016 - 07:04 PM

That looks outstanding. If you are not having any issues I think we are done.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 21 February 2016 - 07:33 PM

Wonderful!  How can I learn to do what you do????



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 21 February 2016 - 07:47 PM

Great.

BleepingComputer has a Malware Removal Training Program for those who want to learn how to identify and remove malware. Spots open up as vacancies arise so it sometimes requires checking in periodically to see if any training slots are open. I will tell you the training program is lengthy and not for the faint of heart. Click on the link I provided above and take a peek at it. If you are interested and want more information feel free to send me a Personal Message.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 amjamm

amjamm
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:57 AM

Posted 22 February 2016 - 07:20 AM

Gary -

 

Thank you for your help and all the great info provided above.  I will likely apply for the Training Program later in the year when my schedule is freed up.  

 

Thanks again!

 

Amber



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:57 AM

Posted 22 February 2016 - 10:20 AM

You are quite welcome. Shoot me a PM if you apply.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users