Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Errors,No Internet,Possible Virus/Malware


  • This topic is locked This topic is locked
29 replies to this topic

#1 zacloret711

zacloret711

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 10 April 2016 - 01:48 PM

Hello all, I'm a newbie here to the forums but have had computer experience in the past and I am just at a stand still. About a week ago i began getting these Bad Image errors for certain things, mostly Update.exes, the area affected it says is
C:\windows\system32\fwpuclnt, Error Status 0xc000012f.
My internet works just fine with my second computer, the one i am currently using, but when connected to my problem laptop it says limited access and i can not use the web. I have tried doing system restores in both normal and safe modes but to no avail. Skype will randomly start up and have to be forced closed. I do believe it is some kind of malware/virus, but perhaps a driver is missing or damaged(?). When pulling up msconfig i cannot enable/disable anything either. Malwarebytes didnt find anything but here are the FRST and Addition txts.Attached File  Addition1.txt   30.62KB   1 downloadsAttached File  FRST1.txt   43.35KB   2 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Pablow (administrator) on HAMBLASTER (09-04-2016 18:41:26)
Running from C:\Users\Pablow\Desktop
Loaded Profiles: Pablow (Available Profiles: Pablow & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc64.exe
(Mr. John aka japamd) C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2014-03-12] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-07-06] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Logan_S2P] => C:\Program Files (x86)\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe [253952 2007-06-10] ()
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-15] (AVAST Software)
HKLM-x32\...\Run: [pamfax] => C:\ProgramData\SquirrelMachineInstalls\pamfax.exe [88206848 2016-02-26] (PamConsult GmbH.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {0a414282-873d-11e5-bfa3-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {141c787f-268c-11e5-bf08-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {1dcd7d8f-318e-11e5-bf1a-a0481c0a3dd2} - "W:\Install.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {26b84df2-29c3-11e5-bf0b-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9ada2-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9ada5-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9af3f-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f9504-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f967e-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f9689-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {bc2986f9-24b7-11e5-bf04-a0481c0a3dd2} - "W:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {d75457d5-2407-11e5-bf02-a0481c0a3dd2} - "W:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {eee9d91d-2c03-11e5-bf15-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {f3077fdd-28d8-11e5-bf0a-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {f31366b1-25d9-11e5-bf06-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [321472 2012-07-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-04-08] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-22] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{520248E2-7B2B-4A6D-B854-92D043499192}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7EA0CE25-5A01-40F7-A50D-4DE149C7298D}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_28&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtD0AtA0D0DtBtA0AyCyEtN0D0Tzu0StCtBzzyEtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCzztB0FtAtD0EtGtC0F0EtAtG0FzytCtAtGyEyC0FyCtG0AyEyCzzyB0A0D0FyD0AtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0A0B0CtByCtG0D0DyC0BtGyE0FyDtDtG0ByB0D0BtG0Ezz0CzyyE0EyEtByEyDtD0C2QtN0A0LzuyE%26cr%3D823506415%26a%3Dwncy_pwrisofs_15_28%26os%3DWindows 8.1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> DefaultScope {41D5D576-40E7-4BB5-B046-F15C2756050B} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtD0AtA0D0DtBtA0AyCyEtN0D0Tzu0StCtBzzyEtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCzztB0FtAtD0EtGtC0F0EtAtG0FzytCtAtGyEyC0FyCtG0AyEyCzzyB0A0D0FyD0AtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0A0B0CtByCtG0D0DyC0BtGyE0FyDtDtG0ByB0D0BtG0Ezz0CzyyE0EyEtByEyDtD0C2QtN0A0LzuyE%26cr%3D823506415%26a%3Dwncy_pwrisofs_15_28%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3322520&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP1AC788ED-637C-4C97-90E1-1E1B094565A6&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> {41D5D576-40E7-4BB5-B046-F15C2756050B} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtD0AtA0D0DtBtA0AyCyEtN0D0Tzu0StCtBzzyEtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCzztB0FtAtD0EtGtC0F0EtAtG0FzytCtAtGyEyC0FyCtG0AyEyCzzyB0A0D0FyD0AtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0A0B0CtByCtG0D0DyC0BtGyE0FyDtDtG0ByB0D0BtG0Ezz0CzyyE0EyEtByEyDtD0C2QtN0A0LzuyE%26cr%3D823506415%26a%3Dwncy_pwrisofs_15_28%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2016-01-25] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-22] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-02-20] (IObit)
Toolbar: HKU\S-1-5-21-1480570552-3409235448-370950039-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {1A5B2479-832B-484A-9401-F484998F63E7} hxxp://www.gunbroker.com/WebResource.axd?d=IpApceCcZXLHZq28SGrJDyN-3QQccHm1JLRPCMcSG1IRq1NjGSjN7xviH9R-REMUeE7JK_frHYskBf8WTX1doFUaLLLNbvZBPgu8vmQMSEF3Fm1wTFaSCeaooxyBn5POMzslCENphowfZDljblatKw88a0I6uZu52iEHe9nwKrNfUmIK0&t=635300537004293533
DPF: HKLM-x32 {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_28&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AtDyEzztC0CtD0AtA0D0DtBtA0AyCyEtN0D0Tzu0StCtBzzyEtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCzztB0FtAtD0EtGtC0F0EtAtG0FzytCtAtGyEyC0FyCtG0AyEyCzzyB0A0D0FyD0AtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Bzz0A0B0CtByCtG0D0DyC0BtGyE0FyDtDtG0ByB0D0BtG0Ezz0CzyyE0EyEtByEyDtD0C2QtN0A0LzuyE%26cr%3D823506415%26a%3Dwncy_pwrisofs_15_28%26os%3DWindows 8.1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-09-03] (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1480570552-3409235448-370950039-1002: hp.com/HPDetect -> C:\Users\Pablow\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-1480570552-3409235448-370950039-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-09-03] (Pando Networks)
FF user.js: detected! => C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default\user.js [2014-11-02]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default\Extensions\ascsurfingprotection@iobit.com [2016-01-25] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-02]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=198484&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=198484&fr=yo-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=198484&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Pablow\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pablow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-29]
CHR Extension: (Avast Online Security) - C:\Users\Pablow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-29]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Pablow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2015-10-11]
CHR Extension: (Google Wallet) - C:\Users\Pablow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePluginFor6.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-02] (IObit)
R2 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2015-07-06] (IDT, Inc.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-08-07] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-22] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-06] (Advanced Micro Devices)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-01-10] (Samsung Electronics)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2007-01-09] (Samsung Electronics Co., Ltd.) [File not signed]
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-06] (REALiX™)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [272016 2012-07-17] (Realtek Semiconductor Corp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2003-02-04] () [File not signed]
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 18:41 - 2016-04-09 18:41 - 00024629 _____ C:\Users\Pablow\Desktop\FRST.txt
2016-04-09 18:36 - 2016-04-09 18:41 - 00000000 ____D C:\FRST
2016-04-09 18:36 - 2014-03-05 22:29 - 02374144 ____N (Farbar) C:\Users\Pablow\Desktop\FRST64.exe
2016-04-09 18:33 - 2016-04-09 18:35 - 00151116 _____ C:\TDSSKiller.2.8.14.0_09.04.2016_18.33.32_log.txt
2016-04-09 17:30 - 2016-04-09 17:30 - 00285040 _____ C:\WINDOWS\Minidump\040916-28703-01.dmp
2016-04-09 16:48 - 2016-04-09 16:48 - 00000331 _____ C:\Users\Pablow\Desktop\MBAM.txt
2016-04-09 16:47 - 2016-04-09 16:47 - 00000331 _____ C:\MBABMLOG.txt
2016-04-09 16:46 - 2016-04-09 16:46 - 00003910 _____ C:\Users\Pablow\Desktop\MBAMLOG1.xml
2016-04-09 16:45 - 2016-04-09 16:45 - 00003282 _____ C:\Users\Pablow\Desktop\Malwarebytes Log.txt
2016-04-09 15:51 - 2016-04-09 16:49 - 00301422 _____ C:\TDSSKiller.2.8.14.0_09.04.2016_15.51.14_log.txt
2016-04-08 12:39 - 2016-04-08 12:39 - 00002126 _____ C:\Users\Pablow\Desktop\PamFax.lnk
2016-04-08 12:38 - 2016-04-08 12:39 - 00000000 ____D C:\Users\Pablow\AppData\Local\pamfax
2016-04-07 21:31 - 2014-03-04 01:25 - 239451651 ____N C:\Users\Pablow\Desktop\Watch Waiting... Online Free Putlocker Putlocker - Watch Mov.mp4
2016-04-07 21:31 - 2014-03-04 01:25 - 132892369 ____N C:\Users\Pablow\Desktop\Watch Justice League vs. Teen Titans Online Free Putlocker P.mp4
2016-04-04 14:50 - 2016-04-04 14:50 - 00010456 _____ C:\Users\Pablow\Documents\cc_20160404_145009.reg
2016-03-30 15:00 - 2014-02-23 07:45 - 519348835 _____ C:\Users\Pablow\Desktop\Watch Batman Superman Dawn Justice 2016 HDTS Exclusive mkv m.mp4
2016-03-28 23:07 - 2014-02-22 02:59 - 96983015 ____N C:\Users\Pablow\Desktop\Watch The Walking Dead Season 6 Episode 15 East Online Free .mp4
2016-03-28 19:07 - 2016-03-28 19:07 - 00000000 _____ C:\asc_rdflag
2016-03-28 18:29 - 2016-03-28 18:33 - 00151352 _____ C:\TDSSKiller.2.8.14.0_28.03.2016_18.29.16_log.txt
2016-03-28 17:02 - 2016-03-28 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-03-28 17:01 - 2016-03-28 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-28 17:01 - 2016-03-28 17:01 - 00001130 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-28 17:01 - 2016-03-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-28 17:01 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-28 17:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-28 17:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-28 02:04 - 2016-03-28 02:06 - 00152140 _____ C:\TDSSKiller.2.8.14.0_28.03.2016_02.04.18_log.txt
2016-03-28 01:58 - 2016-04-09 17:29 - 575153839 _____ C:\WINDOWS\MEMORY.DMP
2016-03-28 01:45 - 2016-03-28 01:53 - 00658242 _____ C:\TDSSKiller.2.8.14.0_28.03.2016_01.45.10_log.txt
2016-03-28 01:21 - 2016-03-28 01:34 - 00152350 _____ C:\TDSSKiller.2.8.14.0_28.03.2016_01.21.11_log.txt
2016-03-28 00:52 - 2016-03-28 01:14 - 00153694 _____ C:\TDSSKiller.2.8.14.0_28.03.2016_00.52.02_log.txt
2016-03-28 00:39 - 2016-03-28 00:40 - 00153222 _____ C:\TDSSKiller.2.8.14.0_28.03.2016_00.39.03_log.txt
2016-03-28 00:38 - 2016-03-28 17:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-28 00:38 - 2014-02-21 03:57 - 00001066 ____N C:\Users\Pablow\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-27 17:15 - 2016-03-27 17:15 - 00000000 ____D C:\WINDOWS\pss
2016-03-27 15:48 - 2016-04-09 17:30 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-27 12:24 - 2016-03-28 17:53 - 00000374 _____ C:\Users\Pablow\Desktop\StartMenu8_log.txt
2016-03-27 02:59 - 2016-03-26 02:16 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-27 02:59 - 2016-03-26 02:16 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-26 20:36 - 2016-03-26 20:50 - 225394846 _____ C:\Users\Pablow\Desktop\Dragon Ball Z - Episode of Bardock English Dub HD.mp4
2016-03-26 16:33 - 2016-03-26 15:20 - 209944576 _____ C:\Users\Pablow\Desktop\Watch Batman v Superman Dawn of Justice Online Free Putlocke - Copy.mp4
2016-03-26 15:25 - 2016-03-26 15:25 - 00015309 _____ C:\Users\Pablow\Downloads\[kat.cr]batman.v.superman.dawn.of.justice.2016.cam.xvid.dingo.torrent
2016-03-26 15:20 - 2016-03-26 17:08 - 373457573 _____ C:\Users\Pablow\Desktop\Watch Batman v Superman Dawn of Justice Online Free Putlocke.mp4
2016-03-26 02:15 - 2016-03-26 02:15 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-26 02:15 - 2016-03-26 02:15 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-26 02:15 - 2016-03-26 02:15 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-26 02:15 - 2016-03-26 02:15 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-26 02:13 - 2016-03-26 02:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-26 02:13 - 2016-03-26 02:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-26 02:13 - 2016-03-26 02:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-26 02:12 - 2016-03-26 02:12 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-03-26 02:12 - 2016-03-26 02:12 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-03-26 02:11 - 2016-03-26 02:11 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-03-26 02:11 - 2016-03-26 02:11 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-03-26 02:11 - 2016-03-26 02:11 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-03-26 02:11 - 2016-03-26 02:11 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-03-26 02:10 - 2016-03-26 02:10 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-03-26 02:10 - 2016-03-26 02:10 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-03-26 02:10 - 2016-03-26 02:10 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-03-26 02:10 - 2016-03-26 02:10 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-03-26 02:10 - 2016-03-26 02:10 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-26 02:09 - 2016-03-26 02:09 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-25 19:04 - 2016-03-25 19:05 - 21772072 _____ C:\Users\Pablow\Desktop\Vampire Weekend – Saturday Night Live – A-Punk idobi Network.mp4
2016-03-25 12:17 - 2016-03-25 13:16 - 483765339 _____ C:\Users\Pablow\Desktop\PromptFile.com Share files fast-1.flv
2016-03-25 12:17 - 2016-03-25 13:07 - 451824245 _____ C:\Users\Pablow\Desktop\PromptFile.com Share files fast-2.flv
2016-03-24 18:13 - 2016-03-24 19:39 - 623408649 _____ C:\Users\Pablow\Desktop\PromptFile.com Share files fast.flv
2016-03-24 17:24 - 2016-03-24 17:41 - 168789244 _____ C:\Users\Pablow\Desktop\Watch 10 Cloverfield Lane Online Free Putlocker Putlocker - .mp4
2016-03-22 17:19 - 2016-04-09 15:47 - 00000000 ____D C:\Users\Pablow\Documents\New folder (2)
2016-03-22 16:51 - 2016-03-22 16:51 - 02290317 _____ C:\Users\Pablow\Desktop\(1) Facebook.mp4
2016-03-22 16:41 - 2016-03-22 16:41 - 00007605 _____ C:\Users\Pablow\AppData\Local\Resmon.ResmonCfg
2016-03-22 13:26 - 2016-03-22 13:28 - 18990807 _____ C:\Users\Pablow\Desktop\(1) Mashable - Two-year-old belts out Queen's 'Bohemian Rhap-4.mp4
2016-03-22 13:26 - 2016-03-22 13:26 - 03668135 _____ C:\Users\Pablow\Desktop\(1) Mashable - Two-year-old belts out Queen's 'Bohemian Rhap-3.mp4
2016-03-22 10:48 - 2016-03-22 10:49 - 167821397 _____ C:\Users\Pablow\Desktop\THE MYSTERY BENEATH - Baltic Sea UFO - Documentary.mp4
2016-03-20 18:38 - 2016-03-20 18:49 - 109799654 _____ C:\Users\Pablow\Desktop\Watch Steve-O Guilty as Charged Online Free Putlocker Putloc.mp4
2016-03-19 15:16 - 2016-03-19 15:36 - 212300985 _____ C:\Users\Pablow\Desktop\Watch Triple 9 Online Free Putlocker Putlocker - Watch Movie.mp4
2016-03-17 13:52 - 2016-03-17 13:52 - 00713216 _____ C:\WINDOWS\system32\nshwfp.dll
2016-03-17 13:52 - 2016-03-17 13:52 - 00561664 _____ C:\WINDOWS\SysWOW64\nshwfp.dll
2016-03-17 13:52 - 2016-03-17 13:52 - 00422400 _____ C:\WINDOWS\system32\FWPUCLNT.DLL
2016-03-17 13:52 - 2016-03-17 13:52 - 00272384 _____ C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-03-17 13:38 - 2016-03-17 13:38 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 18:33 - 2014-11-05 13:14 - 00000000 _____ C:\Users\Pablow\AppData\LocalLow\ChangeTaskbarRect
2016-04-09 17:46 - 2014-03-19 08:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-09 17:30 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-09 16:49 - 2015-12-14 13:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-04-09 15:47 - 2014-10-09 21:10 - 00000000 ____D C:\Users\Pablow\AppData\Roaming\vlc
2016-04-09 15:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-08 19:26 - 2014-01-18 21:14 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1480570552-3409235448-370950039-1002
2016-04-08 18:33 - 2014-09-02 22:41 - 00000000 ____D C:\ProgramData\ProductData
2016-04-08 18:32 - 2014-10-16 00:43 - 00000000 ____D C:\Users\Pablow
2016-04-08 12:39 - 2016-02-26 00:34 - 00000000 ____D C:\Users\Pablow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PamConsult GmbH
2016-04-08 12:39 - 2016-02-26 00:32 - 00000000 ____D C:\Users\Pablow\AppData\Local\SquirrelTemp
2016-04-08 01:29 - 2014-10-30 13:27 - 00003174 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPablow
2016-04-08 01:29 - 2014-10-30 13:27 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPablow.job
2016-04-07 21:34 - 2015-12-31 16:51 - 00000000 ____D C:\Users\Pablow\Desktop\New Movies
2016-04-04 14:52 - 2016-01-25 10:50 - 00000302 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2016-04-04 14:51 - 2016-02-26 00:34 - 00000000 ____D C:\Users\Pablow\AppData\Roaming\PamFax
2016-04-04 14:44 - 2016-02-15 15:56 - 00000000 ____D C:\Users\Pablow\Desktop\Funnies
2016-04-02 18:30 - 2015-07-23 00:12 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-02 18:25 - 2016-01-25 10:49 - 00002221 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2016-04-02 18:25 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-30 14:57 - 2016-02-08 21:46 - 00000000 ____D C:\Users\Pablow\AppData\Roaming\Skype
2016-03-28 19:07 - 2014-11-05 13:16 - 80183296 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-03-28 19:07 - 2014-11-05 13:16 - 00294912 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-03-28 19:07 - 2014-11-05 13:16 - 00057344 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-03-28 19:07 - 2014-11-05 13:16 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-03-28 18:08 - 2013-08-22 10:45 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-03-28 17:47 - 2014-02-21 08:08 - 00000000 ____D C:\ProgramData\Kromtech
2016-03-28 02:06 - 2016-01-25 10:49 - 00000266 _____ C:\WINDOWS\Tasks\ASC7_SkipUac_Pablow.job
2016-03-28 01:07 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-27 15:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-27 12:41 - 2016-02-21 21:49 - 61681664 _____ C:\WINDOWS\system32\config\components.iodefrag.bak
2016-03-27 02:57 - 2013-08-22 10:44 - 00363840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-26 02:17 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-25 09:11 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-23 15:46 - 2014-03-19 08:40 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-22 13:51 - 2016-02-24 13:27 - 00000000 ____D C:\Users\Pablow\Documents\ashley
2016-03-22 11:31 - 2014-09-29 12:07 - 00000000 ___RD C:\Users\Pablow\Documents\Vuze Downloads
2016-03-22 08:26 - 2016-02-12 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-21 13:52 - 2016-02-19 19:18 - 00000000 ____D C:\Users\Pablow\Desktop\DPSP
2016-03-20 18:25 - 2014-09-03 00:24 - 00000000 ____D C:\Users\Pablow\AppData\Local\PMB Files
2016-03-19 20:26 - 2014-09-03 00:24 - 00000000 ____D C:\ProgramData\PMB Files
2016-03-15 16:14 - 2016-02-25 18:57 - 00000000 ____D C:\Users\Pablow\Desktop\New Music
2016-03-12 20:25 - 2016-02-25 19:14 - 00000000 ____D C:\Users\Pablow\Desktop\GRLS

==================== Files in the root of some directories =======

2016-03-22 16:41 - 2016-03-22 16:41 - 0007605 _____ () C:\Users\Pablow\AppData\Local\Resmon.ResmonCfg
2014-09-11 20:17 - 2014-09-11 20:17 - 0000000 _____ () C:\Users\Pablow\AppData\Local\{9A8B1937-4D23-4C71-991E-C56AE3854150}
2014-01-18 21:07 - 2014-01-18 21:07 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\Pablow\AppData\Local\Temp\A91E5CC1-E1CA-4BB9-80DA-218775549268.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-09 17:44

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Pablow (2016-04-09 18:42:15)
Running from C:\Users\Pablow\Desktop
Windows 8.1 (X64) (2014-10-16 05:22:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1480570552-3409235448-370950039-500 - Administrator - Disabled)
Guest (S-1-5-21-1480570552-3409235448-370950039-501 - Limited - Enabled) => C:\Users\Guest
hambl_000 (S-1-5-21-1480570552-3409235448-370950039-1003 - Limited - Enabled)
Pablow (S-1-5-21-1480570552-3409235448-370950039-1002 - Administrator - Enabled) => C:\Users\Pablow

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Freelancer (HKLM-x32\...\Freelancer 1.0) (Version: - )
Freelancer Crossfire version 2.0 (HKLM-x32\...\Freelancer Crossfire_is1) (Version: 2.0 - SWAT Portal)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
PamFax (HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\pamfax) (Version: 4.1.3 - PamConsult GmbH.)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17370581-AFC9-4999-B9D3-C7F81964B2AA} - System32\Tasks\Driver Booster SkipUAC (Pablow) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {1DB0B1EF-5215-40B1-B8F4-ADCC2B73F482} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2225F16A-437A-4AE9-B60F-77C86C9236E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2941AA1A-A8D2-4745-A00E-3188D5FA824C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {348E9F54-E2A5-4C09-B3FC-FB5606F313EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {45536EF3-0BD7-4A52-A4BF-3B77C1C2EDED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)
Task: {4FF695EC-14C7-4F8C-A4C9-EC85964E66E0} - System32\Tasks\ASC7_SkipUac_Pablow => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {505F620D-8B3A-48B6-8246-7C155CD7ADD1} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {7230977F-DB8B-431B-A3C6-221238CC92CF} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-09-15] ()
Task: {7FADB6EF-5A9B-4A8B-AD25-2E5A4704B41D} - System32\Tasks\HPCeeScheduleForPablow => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8A564DF5-074D-454D-84EE-F2C61ABE0088} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {9759DEC3-1699-42B3-8FE2-BB43D64DF39E} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {A0CF9EFF-7A47-4130-AF14-21F854DA3B59} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {A7680914-CEDF-4D3B-B5FB-4ECCFB24F950} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {AB36A0A9-10D3-4A19-AB77-64DEB47267EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-12] (Synaptics Incorporated)
Task: {B61B36F5-D959-4ED1-9798-47C8BB5744F2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-22] (AVAST Software)
Task: {BB869D5C-7685-4216-A6E7-B9FAD98C8F76} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {C59FB30E-1391-4EA4-845E-C2351F7E6CAA} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2015-02-24] (IObit)
Task: {E631E850-6D6B-4524-9C51-26FEA093EC09} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-15] (CyberLink)
Task: {EEF25542-10B1-43A1-9166-8B5E532491B3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Pablow.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPablow.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-10-18 10:28 - 2012-10-18 10:28 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-01-19 17:18 - 2007-07-05 04:42 - 00520192 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-01-19 17:18 - 2007-01-21 19:05 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2016-01-25 10:49 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2015-07-22 22:54 - 2015-07-22 22:54 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-22 22:53 - 2015-07-22 22:53 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-26 14:25 - 2016-03-26 14:25 - 02843136 _____ () C:\Program Files\AVAST Software\Avast\defs\16032600\algo.dll
2014-11-02 16:47 - 2014-08-07 18:08 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-11-02 16:47 - 2014-08-07 18:08 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-11-02 16:47 - 2014-08-07 18:08 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-11-02 16:47 - 2014-08-07 18:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2011-03-09 18:21 - 2011-03-09 18:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 18:21 - 2011-03-09 18:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-07-22 22:55 - 2015-07-22 22:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01349671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13514533.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18475614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59491972.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63934410.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68640859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73560085.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98716094.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01349671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13514533.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18475614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59491972.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63934410.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68640859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73560085.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98716094.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1480570552-3409235448-370950039-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Pablow\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Logan_S2P"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5073A940-DF3C-426B-B233-E600919DE401}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{C75561EA-90B8-4BA7-BD47-BCE5F1BBEF8A}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{2534630B-8EFF-43C4-A912-7DD728C23F32}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{38DF0D3B-8FDE-4453-A50A-FC5F088A54C3}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BA911989-D710-497E-9E31-6A864C18C07E}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B8BC5B23-5743-4F7D-B552-72EC5C026EC6}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{27AAB60E-49EE-4713-83E4-C3BFB7EDB84B}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{AD0287A2-9B11-47FC-8FB6-793772730B00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BCD98F78-B252-4BDA-A774-FA7DA44B48E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E086185A-D240-4D03-BC5F-8F7BA8B9D62A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8861F5C5-B4B8-42F5-9A47-650D623F0786}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{9C6F94D6-B3C0-4FA0-BB7F-16D4666D044D}] => (Allow) LPort=1900
FirewallRules: [{B45E28A4-102D-48CE-80A9-F4C00B523A74}] => (Allow) LPort=2869
FirewallRules: [{9A2B870E-82E2-4946-BBCB-691DA332038A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{E0DD22C8-DA39-45DC-A70A-51AB7AAE1A88}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{7E31A1E6-CC38-4F82-B2B9-8FB498C1EF55}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{6DBF3215-C174-49AF-AA7E-A94E1B0D41D4}] => (Allow) LPort=53000
FirewallRules: [{06D65C7E-449C-4936-82DB-D8A5DCD33788}] => (Allow) LPort=52000
FirewallRules: [{053929D6-9878-4867-A8E9-5AEF963B1543}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{820A59B8-21B3-4C8A-B603-CAF690C869E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{08C861A6-CA71-41F0-8E2C-984E06B55EC4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{715CC7F8-BF46-4465-A5F6-1354024B3203}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A0C884B1-2A9A-40B6-A7B5-1F88F523749A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{E27C67E7-7AD3-4AD6-B850-8FFCA19917BD}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{5D1B7C0B-C17F-43FB-B2BD-5C109EB3AEC5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B72224F-231A-45DF-9F15-8778F4E1BCB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EEEE195-07B9-4661-8DB7-BF578B1251C5}] => (Allow) C:\Users\Pablow\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8278D4D-7F92-4129-B5D8-A082688994F6}] => (Allow) C:\Users\Pablow\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{AB8DD480-18CB-44F5-AD95-CA54CF8DF342}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AEC11019-C8CC-4C92-98B4-D8D6E1F1959D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2016 06:36:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (04/09/2016 06:36:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Pablow\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (04/09/2016 06:36:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (04/09/2016 06:36:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Pablow\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (04/09/2016 06:35:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.18.0.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 121c

Start Time: 01d192afe4659c0d

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 5e7f3182-fea3-11e5-802e-a0481c0a3dd2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/09/2016 06:34:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (04/09/2016 06:34:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Pablow\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (04/09/2016 06:34:09 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Update Windows license and product key tokens failed with 0x80049F2F.
C:\WINDOWS\system32\spp\tokens\ppdlic\networksecurity-ppdlic.xrm-ms

Error: (04/09/2016 06:33:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (04/09/2016 06:33:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Pablow\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (04/09/2016 06:34:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (04/09/2016 06:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%193

Error: (04/09/2016 06:34:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Location Awareness service terminated with the following error:
%%193

Error: (04/09/2016 06:34:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (04/09/2016 06:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%193

Error: (04/09/2016 06:34:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Location Awareness service terminated with the following error:
%%193

Error: (04/09/2016 06:34:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (04/09/2016 06:34:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%193

Error: (04/09/2016 06:34:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Location Awareness service terminated with the following error:
%%193

Error: (04/09/2016 06:33:49 PM) (Source: DCOM) (EventID: 10005) (User: Hamblaster)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}


CodeIntegrity:
===================================
Date: 2016-04-09 18:37:58.959
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 18:37:06.928
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 18:37:06.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 18:37:06.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 18:37:05.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 17:28:25.754
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 16:51:04.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 15:51:30.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 15:51:16.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-09 15:48:44.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-4455M APU with Radeon™ HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 3554.26 MB
Available physical RAM: 2325.88 MB
Total Virtual: 7138.26 MB
Available Virtual: 5241.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:437.77 GB) (Free:190.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.78 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive x: (FL_v1) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AE6C68E4)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Oh My!, 10 April 2016 - 09:05 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 10 April 2016 - 09:31 PM

Greetings zacloret711 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

You should only be receiving help from one source so if you would like assistance here request the Malwarebytes topic be closed and continue here.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Advanced SystemCare 7

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {0a414282-873d-11e5-bfa3-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {141c787f-268c-11e5-bf08-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {1dcd7d8f-318e-11e5-bf1a-a0481c0a3dd2} - "W:\Install.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {26b84df2-29c3-11e5-bf0b-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9ada2-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9ada5-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9af3f-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f9504-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f967e-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f9689-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {bc2986f9-24b7-11e5-bf04-a0481c0a3dd2} - "W:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {d75457d5-2407-11e5-bf02-a0481c0a3dd2} - "W:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {eee9d91d-2c03-11e5-bf15-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {f3077fdd-28d8-11e5-bf0a-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {f31366b1-25d9-11e5-bf06-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-04-08] (Microsoft Corporation)
FF user.js: detected! => C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default\user.js [2014-11-02]
C:\Users\Pablow\AppData\Local\Temp\A91E5CC1-E1CA-4BB9-80DA-218775549268.exe
Task: {505F620D-8B3A-48B6-8246-7C155CD7ADD1} - \ProPCCleaner_Start -> 
Task: {8A564DF5-074D-454D-84EE-F2C61ABE0088} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {9759DEC3-1699-42B3-8FE2-BB43D64DF39E} - \ProPCCleaner_Popup -> 
Task: {A0CF9EFF-7A47-4130-AF14-21F854DA3B59} - \DriverUpdate Startup -> 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01349671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13514533.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18475614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59491972.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63934410.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68640859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73560085.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98716094.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01349671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13514533.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18475614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59491972.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63934410.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68640859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73560085.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98716094.sys => ""="Driver"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 11:32 AM

Hi Gary! My name is Zac, and I've been following your instructions. No change since running the fixlist, still getting miltiple Bad Image errors, they're most if not all updates I.E. SPUpdate, Update, GameBoosterUpdate, etc. Still getting no internet access either and when trying to look at the system summary it says it cannot collect the information. :( But, here are the logs you asked for aswell as the Summary, but i do believe its empty.Attached File  SUMMARY1.zip   882bytes   2 downloads

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Pablow (2016-04-11 12:07:12) Run:1
Running from C:\Users\Pablow\Desktop
Loaded Profiles: Pablow (Available Profiles: Pablow & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {0a414282-873d-11e5-bfa3-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {141c787f-268c-11e5-bf08-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {1dcd7d8f-318e-11e5-bf1a-a0481c0a3dd2} - "W:\Install.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {26b84df2-29c3-11e5-bf0b-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9ada2-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9ada5-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {30d9af3f-37fb-11e5-bf1c-a0481c0a3dd2} - "X:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f9504-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f967e-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {366f9689-2b77-11e5-bf12-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {bc2986f9-24b7-11e5-bf04-a0481c0a3dd2} - "W:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {d75457d5-2407-11e5-bf02-a0481c0a3dd2} - "W:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {eee9d91d-2c03-11e5-bf15-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {f3077fdd-28d8-11e5-bf0a-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-21-1480570552-3409235448-370950039-1002\...\MountPoints2: {f31366b1-25d9-11e5-bf06-a0481c0a3dd2} - "V:\setup.exe"
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [2501368 2015-04-08] (Microsoft Corporation)
FF user.js: detected! => C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default\user.js [2014-11-02]
C:\Users\Pablow\AppData\Local\Temp\A91E5CC1-E1CA-4BB9-80DA-218775549268.exe
Task: {505F620D-8B3A-48B6-8246-7C155CD7ADD1} - \ProPCCleaner_Start ->
Task: {8A564DF5-074D-454D-84EE-F2C61ABE0088} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {9759DEC3-1699-42B3-8FE2-BB43D64DF39E} - \ProPCCleaner_Popup ->
Task: {A0CF9EFF-7A47-4130-AF14-21F854DA3B59} - \DriverUpdate Startup ->
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01349671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13514533.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18475614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59491972.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63934410.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68640859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73560085.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98716094.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01349671.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13514533.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18475614.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59491972.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63934410.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68640859.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73560085.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98716094.sys => ""="Driver"
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a414282-873d-11e5-bfa3-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{0a414282-873d-11e5-bfa3-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{141c787f-268c-11e5-bf08-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{141c787f-268c-11e5-bf08-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dcd7d8f-318e-11e5-bf1a-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{1dcd7d8f-318e-11e5-bf1a-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26b84df2-29c3-11e5-bf0b-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{26b84df2-29c3-11e5-bf0b-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30d9ada2-37fb-11e5-bf1c-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{30d9ada2-37fb-11e5-bf1c-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30d9ada5-37fb-11e5-bf1c-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{30d9ada5-37fb-11e5-bf1c-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30d9af3f-37fb-11e5-bf1c-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{30d9af3f-37fb-11e5-bf1c-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{366f9504-2b77-11e5-bf12-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{366f9504-2b77-11e5-bf12-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{366f967e-2b77-11e5-bf12-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{366f967e-2b77-11e5-bf12-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{366f9689-2b77-11e5-bf12-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{366f9689-2b77-11e5-bf12-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc2986f9-24b7-11e5-bf04-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{bc2986f9-24b7-11e5-bf04-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d75457d5-2407-11e5-bf02-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{d75457d5-2407-11e5-bf02-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee9d91d-2c03-11e5-bf15-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{eee9d91d-2c03-11e5-bf15-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3077fdd-28d8-11e5-bf0a-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{f3077fdd-28d8-11e5-bf0a-a0481c0a3dd2} => key not found.
"HKU\S-1-5-21-1480570552-3409235448-370950039-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31366b1-25d9-11e5-bf06-a0481c0a3dd2}" => key removed successfully
HKCR\CLSID\{f31366b1-25d9-11e5-bf06-a0481c0a3dd2} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
C:\Users\Pablow\AppData\Roaming\Mozilla\Firefox\Profiles\7p1smkmr.default\user.js => moved successfully
"C:\Users\Pablow\AppData\Local\Temp\A91E5CC1-E1CA-4BB9-80DA-218775549268.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{505F620D-8B3A-48B6-8246-7C155CD7ADD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{505F620D-8B3A-48B6-8246-7C155CD7ADD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A564DF5-074D-454D-84EE-F2C61ABE0088}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A564DF5-074D-454D-84EE-F2C61ABE0088}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchApp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9759DEC3-1699-42B3-8FE2-BB43D64DF39E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9759DEC3-1699-42B3-8FE2-BB43D64DF39E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0CF9EFF-7A47-4130-AF14-21F854DA3B59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0CF9EFF-7A47-4130-AF14-21F854DA3B59}" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\01349671.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\13514533.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\18475614.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\59491972.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\63934410.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\68640859.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\73560085.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\98716094.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\01349671.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\13514533.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\18475614.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\59491972.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\63934410.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\68640859.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\73560085.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\98716094.sys" => key removed successfully


The system needed a reboot.

==== End of Fixlog 12:07:48 ====

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 11 April 2016 - 11:59 AM

Greetings Zac,

Thank you for the information. Please do this.

===================================================

Creating a New User Profile

--------------
  • Click Start, Control Panel, then User Accounts
  • NOTE: For Windows 8/10 press the Windows Key + X to get to the Control Panel
  • Click Manage Another Account
  • Click Create a new account
  • Type BC as the User name then click Next
  • Select Computer administrator then click Create Account
  • Close the User Accounts window
  • Click Start, then click the arrow to the right of Shut down
  • Click Switch user and log in as BC
  • Check your Internet and computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 12:56 PM

It tries to take me to the PC Settings on the dashboard, but it flashes a background of purple with a gear in the middle(the icon for pc settings) that flashes for a brief second and takes me back to the desktop, I've waited awhile now but it doesnt start up...



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 11 April 2016 - 01:00 PM

See if you can do it this way.

===================================================

Creating a New User Profile With Administrative Privileges

--------------
  • Press the windows key Windows_Logo_key.gif + R on your keyboard at the same time
  • For Windows 8 press the Windows Key + X
  • Type cmd and press Enter
  • Type the following after the command prompt, pressing Enter after each line

net user BC /add
net localgroup administrators BC /add

  • Reboot your computer and log in to the BC User Profile
  • If you are not given the option to log into BC, simply sign out then sign into BC
  • Stop and let me know if that was successful

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 01:07 PM

System Error 5 has occured. Access is denied. Ooh man, i hope your not as discouraged as i am...



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 11 April 2016 - 01:24 PM

We are just getting warmed up.

How does your computer perform in Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 01:47 PM

Ok, a little bit of progress to report :). In safe mode i was able to make the new account, and in the account no bad image errors have popped up, but still no internet access. *Spoke too soon, SPUpdate bad image just popped up.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 11 April 2016 - 02:56 PM

OK, thank you. Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
fwpuclnt.*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 03:48 PM

Here ya go Cap'n

Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by BC (2016-04-11 16:29:11)
Running from C:\Users\BC\Desktop
Boot Mode: Normal

================== Search Files: "fwpuclnt.*" =============

C:\Windows\WinSxS\x86_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.3.9600.16384_en-us_e2d58e68602d1c8a\fwpuclnt.dll.mui
[2014-09-24 02:32][2014-09-24 02:32] 0117248 ____A (Microsoft Corporation) 345DC18D937FFCE5EA80ECB44CF3182B [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18229_none_c87d2bca32adada0\FWPUCLNT.DLL
[2016-03-17 13:52][2016-03-17 13:52] 0272384 ____A () 2ACD79E087D337E6F124F0CA9D9D5B55 [File not signed]

C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18086_none_c839479832e10ef3\FWPUCLNT.DLL
[2015-09-27 11:45][2015-09-27 11:45] 0272384 ____A (Microsoft Corporation) 66BA7437F48833EA0D8F10EE1E7A43AA [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17485_none_c83865ae32e1d097\FWPUCLNT.DLL
[2016-04-09 17:46][2016-04-09 17:46] 0272384 ____A (Microsoft Corporation) 05761DCCF02CEE514DC3B8E3A7F38DF5 [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17415_none_c884152232a90d00\FWPUCLNT.DLL
[2015-05-04 18:01][2015-05-04 18:01] 0000194 ____A () 6DF74D1611440F254628CE2EE7DEA4D2 [File not signed]

C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17111_none_c8800e4832acb02f\FWPUCLNT.DLL
[2015-03-28 19:38][2015-03-28 19:38] 0032577 ____A () EF525DD127F2B94305CD1E6E66C32525 [File not signed]

C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17042_none_c8609ce832c42032\FWPUCLNT.DLL
[2014-09-24 03:50][2014-09-24 03:50] 0264192 ____A (Microsoft Corporation) AFFB4EB53FC1D04495C8A5EC80B1EBCD [File is digitally signed]

C:\Windows\WinSxS\Temp\InFlight\414fa39b0f94d1010200000018115c12\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18012_none_c880f5e432abe600\FWPUCLNT.DLL
[2015-09-27 11:45][2015-09-27 11:45] 0272384 ____A (Microsoft Corporation) 66BA7437F48833EA0D8F10EE1E7A43AA [File is digitally signed]

C:\Windows\WinSxS\Temp\InFlight\414fa39b0f94d1010200000018115c12\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18012_none_be2c4b91fe4b2405\FWPUCLNT.DLL
[2015-09-27 11:45][2015-09-27 11:45] 0422400 ____A (Microsoft Corporation) 4D3905777E83DA8C466344797F02EBA5 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18229_none_be288177fe4ceba5\FWPUCLNT.DLL
[2016-04-09 20:20][2016-04-09 20:20] 0422400 ____N () 5063240789840F727311B6D49A3D6471 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18086_none_bde49d45fe804cf8\FWPUCLNT.DLL
[2015-09-27 11:45][2015-09-27 11:45] 0422400 ____A (Microsoft Corporation) 4D3905777E83DA8C466344797F02EBA5 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17485_none_bde3bb5bfe810e9c\FWPUCLNT.DLL
[2016-03-17 18:51][2016-03-17 18:51] 0422400 ____A (Microsoft Corporation) D06E9DE27BBB41F8AE2A0A2D6FC0F598 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17415_none_be2f6acffe484b05\FWPUCLNT.DLL
[2015-05-04 02:14][2015-05-04 02:14] 0000200 ____A () ECF4A2FD5A232DCDFC38BD46CFF641DC [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17111_none_be2b63f5fe4bee34\FWPUCLNT.DLL
[2015-02-17 19:16][2015-02-17 19:16] 0051395 ____A () 3B8CF7D29625701296DB14C36A380F69 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17042_none_be0bf295fe635e37\FWPUCLNT.DLL
[2014-09-24 03:50][2014-09-24 03:50] 0412672 ____A (Microsoft Corporation) 5ABA673EF6433BE68AAE77AE5C5FAFAA [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.3.9600.16384_en-us_3ef429ec188a8dc0\fwpuclnt.dll.mui
[2014-09-24 02:32][2014-09-24 02:32] 0117248 ____A (Microsoft Corporation) 345DC18D937FFCE5EA80ECB44CF3182B [File is digitally signed]

C:\Windows\SysWOW64\FWPUCLNT.DLL
[2016-03-17 13:52][2016-03-17 13:52] 0272384 ____A () 2ACD79E087D337E6F124F0CA9D9D5B55 [File not signed]

C:\Windows\SysWOW64\en-US\fwpuclnt.dll.mui
[2014-09-24 02:32][2014-09-24 02:32] 0117248 ____A (Microsoft Corporation) 345DC18D937FFCE5EA80ECB44CF3182B [File is digitally signed]

C:\Windows\System32\FWPUCLNT.DLL
[2016-03-17 13:52][2016-03-17 13:52] 0422400 ____A () 5063240789840F727311B6D49A3D6471 [File not signed]

C:\Windows\System32\en-US\fwpuclnt.dll.mui
[2014-09-24 02:32][2014-09-24 02:32] 0117248 ____A (Microsoft Corporation) 345DC18D937FFCE5EA80ECB44CF3182B [File is digitally signed]

====== End of Search ======



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 11 April 2016 - 04:13 PM

Thank you Zac.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
cmd: copy /y C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18086_none_c839479832e10ef3\FWPUCLNT.DLL C:\Windows\SysWOW64
cmd: copy /y C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17485_none_bde3bb5bfe810e9c\FWPUCLNT.DLL C:\Windows\System32
  • Launch FRST and press the Fix button just once
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer and check for Bad Image errors
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 04:50 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by BC (2016-04-11 17:43:11) Run:3
Running from C:\Users\BC\Desktop
Loaded Profiles: BC (Available Profiles: Pablow & BC & Guest)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
cmd: copy /y C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18086_none_c839479832e10ef3\FWPUCLNT.DLL C:\Windows\SysWOW64
cmd: copy /y C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17485_none_bde3bb5bfe810e9c\FWPUCLNT.DLL C:\Windows\System32
*****************


=========  copy /y C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.18086_none_c839479832e10ef3\FWPUCLNT.DLL C:\Windows\SysWOW64 =========

Access is denied.
        0 file(s) copied.

========= End of CMD: =========


=========  copy /y C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.3.9600.17485_none_bde3bb5bfe810e9c\FWPUCLNT.DLL C:\Windows\System32 =========

Access is denied.
        0 file(s) copied.

========= End of CMD: =========


==== End of Fixlog 17:43:11 ====

this was the 2nd log, i tried it in safe mode aswell to see if it would go through, i am back in normal mode now though, during reboot i did see something saying "errors were detected" and "msrpc state violation" before it restarted.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 11 April 2016 - 06:00 PM

Your computer is tied up in knots a bit. Please run the last fix again but this time right click on frst.exe and select Run as administrator.

Please attempt to do this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Running sfc /scannow in Elevated Command

--------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8/10: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found copy and paste the following after the command prompt then press Enter

copy %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

  • A sfcdetails.txt document will be placed on your Desktop
  • Copy and paste or attach the file to your reply if too large
===================================================

Posting Previous TDSSKiller log

--------------------
  • Using Windows Explorer navigate to the C: directory
  • Locate the TDSSKiller log indicated below

C:\TDSSKiller.2.8.14.0_09.04.2016_18.33.32_log.txt

  • Copy and paste the contents of that document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • sfc results
  • TDSSKiller log

Edited by Oh My!, 11 April 2016 - 07:45 PM.
Added run as administrator

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 zacloret711

zacloret711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 April 2016 - 08:10 PM

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : BC [Administrator]
Started from : C:\Users\BC\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/11/2016 20:11:49

¤¤¤ Processes : 2 ¤¤¤
[PUP] LiveUpdate.exe(2092) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe[x] -> Found
[PUP] (SVC) LiveUpdateSvc -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe[x] -> Found

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll) -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pamfax : C:\ProgramData\SquirrelMachineInstalls\pamfax.exe --checkInstall [-][x] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LiveUpdateSvc (C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LiveUpdateSvc (C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{520248E2-7B2B-4A6D-B854-92D043499192} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7EA0CE25-5A01-40F7-A50D-4DE149C7298D} | DhcpNameServer : 192.168.1.1 209.18.47.61 209.18.47.62 ([-][X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{520248E2-7B2B-4A6D-B854-92D043499192} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7EA0CE25-5A01-40F7-A50D-4DE149C7298D} | DhcpNameServer : 192.168.1.1 209.18.47.61 209.18.47.62 ([-][X][X])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] be9f76924f995de4a0a3d7edc93a2e5d
[BSP] 554d369c95a2bf46148e8e8dc9429e50 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 448280 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 919693312 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 920614912 | Size: 27421 MB
User = LL1 ... OK
User = LL2 ... OK


-----------------------------------------

18:33:32.0159 4392  TDSS rootkit removing tool 2.8.14.0 Oct 30 2012 13:37:33
18:33:32.0159 4392  UEFI system
18:33:32.0206 4392  ============================================================
18:33:32.0206 4392  Current date / time: 2016/04/09 18:33:32.0206
18:33:32.0206 4392  SystemInfo:
18:33:32.0206 4392  
18:33:32.0206 4392  OS Version: 6.2.9200 ServicePack: 0.0
18:33:32.0206 4392  Product type: Workstation
18:33:32.0206 4392  ComputerName: HAMBLASTER
18:33:32.0206 4392  UserName: Pablow
18:33:32.0206 4392  Windows directory: C:\WINDOWS
18:33:32.0206 4392  System windows directory: C:\WINDOWS
18:33:32.0206 4392  Running under WOW64
18:33:32.0206 4392  Processor architecture: Intel x64
18:33:32.0206 4392  Number of processors: 2
18:33:32.0206 4392  Page size: 0x1000
18:33:32.0206 4392  Boot type: Normal boot
18:33:32.0206 4392  ============================================================
18:33:33.0347 4392  BG loaded
18:33:34.0175 4392  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:33:34.0206 4392  ============================================================
18:33:34.0206 4392  \Device\Harddisk0\DR0:
18:33:34.0237 4392  GPT partitions:
18:33:34.0284 4392  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A5AE06FF-A49B-496D-ABCF-15C14B333E4D}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
18:33:34.0284 4392  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D3771C10-8C58-4841-A05A-C18565BF8918}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
18:33:34.0284 4392  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {37E1B908-51AA-45F7-BD61-E45CA5C6BB5F}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
18:33:34.0284 4392  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2C5011BE-E540-4841-836F-AD146A81F8DB}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x36B8C000
18:33:34.0284 4392  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F1E0CFDD-F2B0-4439-82A4-62867C3C2A21}, Name: , StartLBA 0x36D16800, BlocksNum 0xE1000
18:33:34.0284 4392  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2AC6C54A-6A0C-4F39-9251-71D6440EF0EE}, Name: Basic data partition, StartLBA 0x36DF7800, BlocksNum 0x358E800
18:33:34.0284 4392  MBR partitions:
18:33:34.0284 4392  ============================================================
18:33:34.0487 4392  C: <-> \Device\Harddisk0\DR0\Partition4
18:33:34.0659 4392  D: <-> \Device\Harddisk0\DR0\Partition6
18:33:34.0659 4392  ============================================================
18:33:34.0659 4392  Initialize success
18:33:34.0659 4392  ============================================================
18:33:43.0393 2152  ============================================================
18:33:43.0393 2152  Scan started
18:33:43.0393 2152  Mode: Manual;
18:33:43.0393 2152  ============================================================
18:33:48.0893 2152  ================ Scan system memory ========================
18:33:48.0893 2152  System memory - ok
18:33:48.0925 2152  ================ Scan services =============================
18:34:03.0222 2152  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:34:03.0237 2152  1394ohci - ok
18:34:03.0331 2152  [ AD508A1A46EC21B740AB31C28EFDFDB1 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:34:03.0331 2152  3ware - ok
18:34:03.0425 2152  [ BE14A19386CC6711D2225D2B242AAC53 ] Accelerometer   C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
18:34:03.0425 2152  Accelerometer - ok
18:34:03.0878 2152  [ E796AE43DDD1844281DB4D57294D17C0 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:34:04.0112 2152  ACPI - ok
18:34:04.0159 2152  [ AC8279D229398BCF05C3154ADCA86813 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:34:04.0159 2152  acpiex - ok
18:34:04.0190 2152  [ A8970D9BF23CD309E0403978A1B58F3F ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:34:04.0190 2152  acpipagr - ok
18:34:04.0253 2152  [ 111A89C99C5B4F1A7BCE5F643DD86F65 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:34:04.0253 2152  AcpiPmi - ok
18:34:04.0284 2152  [ 5758387D68A20AE7D3245011B07E36E7 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:34:04.0284 2152  acpitime - ok
18:34:04.0784 2152  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:34:04.0784 2152  AdobeARMservice - ok
18:34:11.0768 2152  [ A9D55370A0CBADD1E1E2B4796ACD26DF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:34:11.0768 2152  AdobeFlashPlayerUpdateSvc - ok
18:34:11.0815 2152  [ 7C1FDF1B48298CBA7CE4BDD4978951AD ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:34:11.0831 2152  ADP80XX - ok
18:34:11.0925 2152  [ CAC04FF26BD3D6521BE79B5B4EB2E53A ] AdvancedSystemCareService7 C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
18:34:11.0925 2152  AdvancedSystemCareService7 - ok
18:34:11.0972 2152  [ BCD58DACAA1EAAADC115EDD940478F6D ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:34:11.0987 2152  AeLookupSvc - ok
18:34:12.0018 2152  [ 374E27295F0A9DCAA8FC96370F9BEEA5 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:34:12.0034 2152  AFD - ok
18:34:12.0065 2152  [ 7DFAEBA9AD62D20102B576D5CAC45EC8 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:34:12.0065 2152  agp440 - ok
18:34:12.0112 2152  [ FE14D249D39368CA62D8DA6BC94AC694 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:34:12.0112 2152  ahcache - ok
18:34:12.0253 2152  [ 14A45BE6F5678339F0EC5752D9849410 ] ALG             C:\WINDOWS\System32\alg.exe
18:34:12.0253 2152  ALG - ok
18:34:12.0393 2152  [ 6CF81DD5083D7F94A7E76E50429A949C ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
18:34:12.0393 2152  AMD External Events Utility - ok
18:34:12.0581 2152  AMD FUEL Service - ok
18:34:12.0597 2152  [ 7589DE749DB6F71A68489DCE04158729 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:34:12.0612 2152  AmdK8 - ok
18:34:13.0347 2152  [ 71F8D8B977ACC5973FA042BF906E709F ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
18:34:13.0737 2152  amdkmdag - ok
18:34:14.0003 2152  [ 4AA027F91A8093B1CDF453B5394F6715 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
18:34:14.0018 2152  amdkmdap - ok
18:34:14.0050 2152  [ B46D2D89AFF8A9490FA8C98C7A5616E3 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:34:14.0065 2152  AmdPPM - ok
18:34:14.0081 2152  [ D2BF2F94A47D332814910FD47C6BBCD2 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:34:14.0081 2152  amdsata - ok
18:34:14.0112 2152  [ A8E04943C7BBA7219AA50400272C3C6E ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:34:14.0128 2152  amdsbs - ok
18:34:14.0222 2152  [ CEA5F4F27CFC08E3A44D576811B35F50 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:34:14.0222 2152  amdxata - ok
18:34:14.0347 2152  [ 283299C3941DB5B7B35A7D28F186E9E1 ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
18:34:14.0347 2152  amd_sata - ok
18:34:14.0378 2152  [ 7E4FB65206BBBEAEA5F61FB003B1D8C7 ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
18:34:14.0378 2152  amd_xata - ok
18:34:14.0409 2152  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:34:14.0409 2152  AODDriver4.2 - ok
18:34:14.0472 2152  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
18:34:14.0487 2152  AppHostSvc - ok
18:34:14.0518 2152  [ 415DD71628795197F7AFC176CBADC74E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:34:14.0518 2152  AppID - ok
18:34:14.0550 2152  [ 88358135810B9DFD830A9D3A8C3D149A ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:34:14.0565 2152  AppIDSvc - ok
18:34:14.0628 2152  [ 734622FBA766DBD65B1803549B24A04A ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:34:14.0628 2152  Appinfo - ok
18:34:14.0675 2152  [ 35E28923A23ADABAA5A1B43256D0AB58 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:34:14.0690 2152  AppReadiness - ok
18:34:14.0893 2152  [ 573542B5E97772021B73E854DA861DAA ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
18:34:14.0909 2152  AppXSvc - ok
18:34:14.0956 2152  [ 65045784366F7EC5FB4E71BCF923187B ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:34:14.0956 2152  arcsas - ok
18:34:15.0972 2152  [ AA2E8C6B8D7EA7BAF04C988801927F48 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:34:15.0972 2152  aspnet_state - ok
18:34:16.0050 2152  [ 25863B5A3AC02DD35063D77C1F1415FF ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
18:34:16.0065 2152  aswHwid - ok
18:34:16.0159 2152  [ 2894AC8C6159201940C8CD5B33CC5203 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
18:34:16.0175 2152  aswMonFlt - ok
18:34:16.0237 2152  [ C384DC3DDF65F3E011DFBDFDB500F89A ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
18:34:16.0237 2152  aswRdr - ok
18:34:16.0390 2152  [ 7F5ADFD9CA8EF06D020273B81BFFD731 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
18:34:16.0393 2152  aswRvrt - ok
18:34:16.0626 2152  [ D8AED327929029227447ADA450AA3AE8 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
18:34:16.0672 2152  aswSnx - ok
18:34:16.0782 2152  [ D96A7EE9F5E25A7941F2A2A2BED46339 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
18:34:16.0797 2152  aswSP - ok
18:34:16.0969 2152  [ 82F2525A22A380AA977428490AA849E3 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
18:34:16.0985 2152  aswStm - ok
18:34:17.0126 2152  [ 2F3F0B08EBF741FE22745BECC794CE34 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
18:34:17.0141 2152  aswVmm - ok
18:34:17.0219 2152  [ 74B14192CF79A72F7536B27CB8814FBD ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:34:17.0219 2152  atapi - ok
18:34:17.0894 2152  [ 93A6671EC2DC01378F2CF481A0026DEB ] athr            C:\WINDOWS\system32\DRIVERS\athwbx.sys
18:34:18.0113 2152  athr - ok
18:34:18.0801 2152  [ EF2EC92C4E449CD065B9E892E05D47BE ] AtiDCM          C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys
18:34:18.0816 2152  AtiDCM - ok
18:34:19.0073 2152  [ 51A7233DEBE0648F8069F73867475F64 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWB6.sys
18:34:19.0089 2152  AtiHDAudioService - ok
18:34:19.0497 2152  [ 431FE56F5A2F5937994CB2DA330B47DB ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:34:19.0497 2152  AudioEndpointBuilder - ok
18:34:19.0638 2152  [ 0F03CC00645D7F841879A048787D6AC7 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:34:19.0653 2152  Audiosrv - ok
18:34:20.0685 2152  [ A97E144E84A665B22AE6E6A93E4DD465 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:34:20.0700 2152  avast! Antivirus - ok
18:34:20.0950 2152  [ 3C6ED74AF41DD1A5585CE5EF3D00915F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:34:20.0966 2152  AxInstSV - ok
18:34:21.0232 2152  [ A4A73F631FE2AA2826FBE4A399B04DEF ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:34:21.0232 2152  b06bdrv - ok
18:34:21.0482 2152  [ 8CC7F7E4AFCBA605921B137ED7992C68 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:34:21.0482 2152  BasicDisplay - ok
18:34:21.0591 2152  [ 38A82F4EE8C416A6744B6D30381ED768 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:34:21.0591 2152  BasicRender - ok
18:34:21.0778 2152  [ 2C969095C2827EF4536C7D6FA434F993 ] BazisVirtualCDBus C:\WINDOWS\System32\drivers\BazisVirtualCDBus.sys
18:34:21.0919 2152  BazisVirtualCDBus - ok
18:34:22.0107 2152  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
18:34:22.0107 2152  bcmfn2 - ok
18:34:22.0341 2152  [ 4B6F61BD394DCEDA9B06D702836531C2 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:34:22.0388 2152  BDESVC - ok
18:34:22.0607 2152  [ EC19013E4CF87609534165DF897274D6 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:34:22.0622 2152  Beep - ok
18:34:22.0872 2152  [ 48554994279BFE17A3D2B00076D0CB1A ] BITS            C:\WINDOWS\System32\qmgr.dll
18:34:22.0888 2152  BITS - ok
18:34:23.0005 2152  [ 6B4FFFDDC618FCF64473CAA86E305697 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:34:23.0052 2152  bowser - ok
18:34:23.0317 2152  [ FA601515FF2B59F25FDD8EDB1D2A1104 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:34:23.0317 2152  BrokerInfrastructure - ok
18:34:23.0567 2152  [ BC111AADACD0BF59D56547461D13AB6E ] Browser         C:\WINDOWS\System32\browser.dll
18:34:23.0567 2152  Browser - ok
18:34:23.0880 2152  [ A8F23D453A424FF4DE04989C4727ECC7 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:34:23.0895 2152  BthAvrcpTg - ok
18:34:24.0083 2152  [ 272A62B660A48AEF366F8A1836CED19F ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:34:24.0083 2152  BthHFEnum - ok
18:34:24.0364 2152  [ 71FE2A48E4C93DDB9798C024880B6C07 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:34:24.0364 2152  bthhfhid - ok
18:34:24.0974 2152  [ 9307A4B743D277C499CDA8E19E5687AC ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
18:34:25.0380 2152  BthHFSrv - ok
18:34:25.0567 2152  [ EF4B9E7C9AD88C00C18A12B0D22D1894 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:34:25.0567 2152  BTHMODEM - ok
18:34:25.0755 2152  [ 043A0F37631BF453F16D478B71320F46 ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:34:25.0770 2152  bthserv - ok
18:34:26.0380 2152  [ 52AE2CDD37AB735FBDA52263EFD524AA ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
18:34:26.0395 2152  c2cautoupdatesvc - ok
18:34:26.0661 2152  [ C35B91B6777E7C6DB67B8583D2AA66A7 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
18:34:26.0677 2152  c2cpnrsvc - ok
18:34:26.0786 2152  [ 2FA6510E33F7DEFEC03658B74101A9B9 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:34:26.0802 2152  cdfs - ok
18:34:26.0958 2152  [ C6796EA22B513E3457514D92DCDB1A3D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:34:26.0989 2152  cdrom - ok
18:34:27.0130 2152  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:34:27.0145 2152  CertPropSvc - ok
18:34:27.0270 2152  [ BE9936EDD3267FAAFF94A7835867F00B ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:34:27.0270 2152  circlass - ok
18:34:27.0395 2152  [ 8EB7E70C2D348FE2476A2E3F2D585E3D ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:34:27.0411 2152  CLFS - ok
18:34:27.0536 2152  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\WINDOWS\system32\DRIVERS\clwvd.sys
18:34:27.0536 2152  clwvd - ok
18:34:27.0677 2152  [ EF6EF85DADC3184A10D8F2F7159973CB ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:34:27.0677 2152  CmBatt - ok
18:34:27.0817 2152  [ 0DE32A0BB1FE2A773666572F79584520 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:34:27.0833 2152  CNG - ok
18:34:27.0911 2152  [ 03AAED827C36F35D70900558B8274905 ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:34:27.0911 2152  CompositeBus - ok
18:34:27.0911 2152  COMSysApp - ok
18:34:27.0989 2152  [ A1FF7DFBFBE164CF92603C651D304DD2 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:34:27.0989 2152  condrv - ok
18:34:28.0145 2152  [ 6324F0D18FB52833BA64BC828E29054C ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:34:28.0145 2152  CryptSvc - ok
18:34:28.0270 2152  [ 389C998C64319CD97625B0550E52ECFA ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:34:28.0286 2152  dam - ok
18:34:28.0411 2152  [ A6F17C299A03BAFEFB9257C462A19E00 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:34:28.0427 2152  DcomLaunch - ok
18:34:28.0536 2152  [ 95E1ABFB27F8A62ED764805775F0D2F3 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:34:29.0411 2152  defragsvc - ok
18:34:29.0583 2152  [ FF086DEF5995558CCB1B5AAC2110195D ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:34:29.0583 2152  DeviceAssociationService - ok
18:34:29.0849 2152  [ 2C02AFF8383D893F8DBEB07A84F6E77C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:34:29.0958 2152  DeviceInstall - ok
18:34:30.0239 2152  [ A03F362C5557E238CBFA914689C77248 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:34:30.0395 2152  Dfsc - ok
18:34:30.0630 2152  [ CFBB4907C7542180B5E0282301240006 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
18:34:30.0630 2152  DgiVecp - ok
18:34:30.0958 2152  [ 3EEAADA3125431980E5804ED7143458A ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:34:30.0973 2152  Dhcp - ok
18:34:31.0364 2152  [ 21EDAD8188372C912B7BB9B1C6CB0D38 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
18:34:31.0380 2152  DiagTrack - ok
18:34:31.0739 2152  [ 4D40C9B33F738797CF50E77CB7C53E85 ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:34:31.0974 2152  disk - ok
18:34:32.0208 2152  [ EB70A894708D1BC176AFD690FF06085F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:34:32.0208 2152  dmvsc - ok
18:34:32.0427 2152  [ E9AE4FAE83FB38A2962F9032B24CEB3C ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:34:32.0442 2152  Dnscache - ok
18:34:32.0739 2152  [ 811EACBCC7C51A03AE11F13CC27B2AB6 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:34:32.0989 2152  dot3svc - ok
18:34:33.0255 2152  [ B99CB575986789A93A683DCF292A43A1 ] DPS             C:\WINDOWS\system32\dps.dll
18:34:33.0255 2152  DPS - ok
18:34:33.0552 2152  [ 00C594D5A1DBD22AD8B2902B9F6EFF94 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:34:33.0723 2152  drmkaud - ok
18:34:34.0005 2152  [ 263625A4F616538EB867B6306A6590DB ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:34:34.0005 2152  DsmSvc - ok
18:34:34.0411 2152  [ E1BB0B6F00F470B451AB45EA13EBA0B3 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:34:34.0458 2152  DXGKrnl - ok
18:34:34.0708 2152  [ E253530BD5EDE28F1FF6AF93C4D8034D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:34:34.0739 2152  Eaphost - ok
18:34:35.0427 2152  [ 114BCFDF367FF37C3F1B0A96AF542E4D ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:34:35.0583 2152  ebdrv - ok
18:34:35.0786 2152  [ 382100E75B6F4668AEAEF228C6CEFFAD ] EFS             C:\WINDOWS\System32\lsass.exe
18:34:35.0786 2152  EFS - ok
18:34:36.0036 2152  [ 43531A5993380CC5113242C29D265FD9 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:34:36.0130 2152  EhStorClass - ok
18:34:36.0364 2152  [ 6F8E738A9505A388B1157FDDE7B3101B ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:34:36.0411 2152  EhStorTcgDrv - ok
18:34:36.0567 2152  [ DFFFAE1442BA4076E18EED5E406FA0D3 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:34:36.0567 2152  ErrDev - ok
18:34:36.0958 2152  [ F00C593994D57C75273F820653440536 ] EventSystem     C:\WINDOWS\system32\es.dll
18:34:36.0958 2152  EventSystem - ok
18:34:37.0224 2152  [ 7729D294A555C7AEB281ED8E4D0E01E4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:34:37.0239 2152  exfat - ok
18:34:37.0411 2152  [ 7C4E0D5900B2A1D11EDD626D6DDB937B ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:34:37.0520 2152  fastfat - ok
18:34:37.0755 2152  [ 304B6AEC4639A7CCCCF544C6BA6177B2 ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:34:37.0802 2152  Fax - ok
18:34:37.0911 2152  [ 5D8402613E778B3BD45E687A8372710B ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:34:37.0911 2152  fdc - ok
18:34:38.0099 2152  [ 020D2F29009F893ADEFF4405B4B44565 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:34:38.0099 2152  fdPHost - ok
18:34:38.0333 2152  [ E80D2EDD2F88B6E20076A0A4F5A5A245 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:34:38.0552 2152  FDResPub - ok
18:34:38.0739 2152  [ 47AB7D16EDE434B934AA4D661456C2D5 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:34:38.0911 2152  fhsvc - ok
18:34:39.0083 2152  [ BCFD8B149B3ADF92D0DB1E909CAF0265 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:34:39.0098 2152  FileInfo - ok
18:34:39.0239 2152  [ A1A66C4FDAFD6B0289523232AFB7D8AF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:34:39.0239 2152  Filetrace - ok
18:34:39.0380 2152  [ BE743083CF7063C486A4398E3AEFE59A ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:34:39.0380 2152  flpydisk - ok
18:34:39.0583 2152  [ C1FB505A73FA2E9019D32444AB33B75A ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:34:39.0599 2152  FltMgr - ok
18:34:40.0020 2152  [ 2F225BC85B84C04EA01BAB8D8DACFA83 ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:34:40.0036 2152  FontCache - ok
18:34:40.0599 2152  [ 1C52387BF5A127F5F3BFB31288F30D93 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:34:40.0630 2152  FontCache3.0.0.0 - ok
18:34:40.0880 2152  [ A7C31B168F371E8E6796219F23E354DB ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:34:40.0895 2152  FsDepends - ok
18:34:40.0989 2152  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:34:40.0989 2152  Fs_Rec - ok
18:34:41.0333 2152  [ F152D55E497E12256290C43B31C7D0CE ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:34:41.0458 2152  fvevol - ok
18:34:41.0630 2152  [ 9591D0B9351ED489EAFD9D1CE52A8015 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:34:41.0630 2152  FxPPM - ok
18:34:41.0848 2152  [ FC3EF65EE20D39F8749C2218DBA681CA ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:34:41.0848 2152  gagp30kx - ok
18:34:42.0052 2152  [ 0BF5CAD281E25F1418E5B8875DC5ADD1 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:34:42.0067 2152  gencounter - ok
18:34:42.0208 2152  [ 8DF1254093B5C354CE725EB6B9B0DE19 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:34:42.0223 2152  GPIOClx0101 - ok
18:34:42.0536 2152  [ 0D03F87D4FF4ADBAF8336DD80548155A ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:34:42.0552 2152  gpsvc - ok
18:34:43.0286 2152  [ 56F69F7C25FB67C970997D7066DBC593 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
18:34:43.0364 2152  HdAudAddService - ok
18:34:43.0724 2152  [ D4B7ED39C7900384D9E5C1283F1E7926 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:34:43.0724 2152  HDAudBus - ok
18:34:43.0802 2152  [ 10A70BC1871CD955D85CD88372724906 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:34:43.0817 2152  HidBatt - ok
18:34:44.0145 2152  [ 42F88B57CAE42FC10059C887B3FCFCEA ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:34:44.0145 2152  HidBth - ok
18:34:44.0331 2152  [ C241A8BAFBBFC90176EA0F5240EACC17 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:34:44.0333 2152  hidi2c - ok
18:34:44.0639 2152  [ 9BDDEE26255421017E161CCB9D5EDA95 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:34:44.0639 2152  HidIr - ok
18:34:44.0842 2152  [ EA85B5093DF7B5C3E80362B053740AE2 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:34:44.0842 2152  hidserv - ok
18:34:44.0967 2152  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:34:44.0967 2152  HidUsb - ok
18:34:45.0106 2152  [ 93C4315F47F8D635C6DB0DF49FCE10EE ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:34:45.0234 2152  hkmsvc - ok
18:34:45.0374 2152  [ AC49522ED106BD4B545D6614D71C2445 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:34:45.0451 2152  HomeGroupListener - ok
18:34:45.0602 2152  [ 99932E30CE0283B73BB6E5019E150394 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:34:45.0612 2152  HomeGroupProvider - ok
18:34:46.0287 2152  [ 4F88FA114D15504E1B17978A8DA4165E ] HPConnectedRemote C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
18:34:46.0316 2152  HPConnectedRemote - ok
18:34:46.0409 2152  [ 0C28C65207A2BD4C737A5BCDAB26A430 ] hpdskflt        C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
18:34:46.0410 2152  hpdskflt - ok
18:34:46.0731 2152  [ D2946D9F020AE76E9CEF9B4A6DF838C0 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:34:46.0741 2152  hpqwmiex - ok
18:34:47.0001 2152  [ A6AACEA4C785789BDA5912AD1FEDA80D ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:34:47.0002 2152  HpSAMD - ok
18:34:47.0078 2152  [ 81E3EF01D1883394BDA9B8687B3BFE23 ] hpsrv           C:\WINDOWS\system32\Hpservice.exe
18:34:47.0081 2152  hpsrv - ok
18:34:47.0441 2152  [ 1878A79551F2EDAE7EBD110AAE6D33AD ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
18:34:47.0460 2152  HPSupportSolutionsFrameworkService - ok
18:34:47.0775 2152  [ 3C5B2067338E4EFDADE94E4A72728F23 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:34:47.0776 2152  HPWMISVC - ok
18:34:47.0974 2152  [ E87A6D3B8FECD5B93BC0CFBB48C27970 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:34:48.0002 2152  HTTP - ok
18:34:49.0643 2152  [ E5805896A55D4166C20F216249F40FA3 ] HWiNFO32        C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
18:34:52.0290 2152  HWiNFO32 - ok
18:34:52.0520 2152  [ 90656C0B3864804B090434EFC582404F ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:34:52.0522 2152  hwpolicy - ok
18:34:52.0699 2152  [ 6D6F9E3BF0484967E52F7E846BFF1CA1 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:34:52.0700 2152  hyperkbd - ok
18:34:52.0827 2152  [ 907C870F8C31F8DDD6F090857B46AB25 ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:34:52.0829 2152  HyperVideo - ok
18:34:53.0276 2152  [ 49EE0AE9E5B64FFBBD06D55C4984B598 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:34:53.0350 2152  i8042prt - ok
18:34:53.0527 2152  [ 5D90E32E36CE5D4C535D17CE08AEAF05 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:34:53.0531 2152  iaLPSSi_GPIO - ok
18:34:53.0726 2152  [ DD05E7E80F52ADE9AEB292819920F32C ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:34:53.0729 2152  iaLPSSi_I2C - ok
18:34:53.0810 2152  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
18:34:53.0870 2152  iaStorAV - ok
18:34:53.0931 2152  [ A2200C3033FA4EF249FC096A7A7D02A2 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:34:53.0949 2152  iaStorV - ok
18:34:54.0286 2152  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:34:54.0318 2152  IconMan_R - ok
18:34:54.0325 2152  IEEtwCollectorService - ok
18:34:54.0353 2152  [ 4E448FCFFD00E8D657CD9E48D3E47157 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:34:54.0355 2152  intelide - ok
18:34:54.0434 2152  [ 7AA01AB1C110916825E6E1389F1B9AF2 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:34:54.0451 2152  intelpep - ok
18:34:54.0525 2152  [ 47E74A8E53C7C24DCE38311E1451C1D9 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:34:54.0529 2152  intelppm - ok
18:34:54.0561 2152  [ 9DB76D7F9E4E53EFE5DD8C53DE837514 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:34:54.0563 2152  IpFilterDriver - ok
18:34:54.0653 2152  [ A5800036E4EA06697A34742A24ACFBE1 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:34:54.0670 2152  iphlpsvc - ok
18:34:54.0728 2152  [ C800DCD904016B2BF6AB541083770A3A ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:34:54.0730 2152  IPMIDRV - ok
18:34:54.0774 2152  [ B7342B3C58E91107F6E946A93D9D4EFD ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:34:54.0777 2152  IPNAT - ok
18:34:54.0818 2152  [ AE44C526AB5F8A487D941CEB57B10C97 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:34:54.0819 2152  IRENUM - ok
18:34:54.0866 2152  [ 8AFEEA3955AA43616A60F133B1D25F21 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:34:54.0867 2152  isapnp - ok
18:34:54.0958 2152  [ D90AB68D0FAC9F357F663670FDBB511E ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:34:54.0968 2152  iScsiPrt - ok
18:34:55.0022 2152  [ 5917AFE4A3F695A54B99C1849C8207FE ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:34:55.0024 2152  kbdclass - ok
18:34:55.0057 2152  [ 8CD840A062F6BDF41DDE3ACB96164B72 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:34:55.0058 2152  kbdhid - ok
18:34:55.0116 2152  [ 813871C7D402A05F2E3A7075F9584A05 ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:34:55.0119 2152  kdnic - ok
18:34:55.0137 2152  [ 382100E75B6F4668AEAEF228C6CEFFAD ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:34:55.0146 2152  KeyIso - ok
18:34:55.0194 2152  [ 4E829B18D5BAEC29893792A3C671A847 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:34:55.0201 2152  KSecDD - ok
18:34:55.0269 2152  [ 35C19AF2116F67914712D7C4CBE47B8C ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:34:55.0273 2152  KSecPkg - ok
18:34:55.0312 2152  [ 11AFB527AA370B1DAFD5C36F35F6D45F ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:34:55.0313 2152  ksthunk - ok
18:34:55.0338 2152  [ C1591A66028C71147A3E2EAB0B1CCB7E ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:34:55.0356 2152  KtmRm - ok
18:34:55.0456 2152  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:34:55.0471 2152  LanmanServer - ok
18:34:55.0512 2152  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:34:55.0520 2152  LanmanWorkstation - ok
18:34:55.0763 2152  [ D186AAAE72691136BDE00BBB41F48D12 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:34:55.0830 2152  LBTServ - ok
18:34:55.0942 2152  [ 015BABFCD2E911C505204257DAB5ADC5 ] LEqdUsb         C:\WINDOWS\system32\DRIVERS\LEqdUsb.Sys
18:34:55.0947 2152  LEqdUsb - ok
18:34:56.0035 2152  [ 8B9F3796EC1762CF255BDB324E5529C8 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
18:34:56.0057 2152  lfsvc - ok
18:34:56.0163 2152  [ 20A23B8863AAA8A23EEB9E2919F529FD ] LHidEqd         C:\WINDOWS\system32\DRIVERS\LHidEqd.Sys
18:34:56.0165 2152  LHidEqd - ok
18:34:56.0252 2152  [ 77D5786C6A7765503884E38706C9FD5E ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:34:56.0257 2152  LHidFilt - ok
18:34:56.0442 2152  [ 337FA50FFDED5E2BC94B36BF625AB681 ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
18:34:56.0464 2152  LiveUpdateSvc - ok
18:34:56.0499 2152  [ C09010B3680860131631F53E8FE7BAD8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:34:56.0508 2152  lltdio - ok
18:34:56.0573 2152  [ DAE98CC96C5EE308BF4EA7B18F226CB8 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:34:56.0587 2152  lltdsvc - ok
18:34:56.0647 2152  [ 1E2662D847B7D9995C65D90D254A7E0F ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:34:56.0662 2152  lmhosts - ok
18:34:56.0689 2152  [ F84023FB2E3DEA06103501974A2EDB44 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:34:56.0690 2152  LMouFilt - ok
18:34:56.0752 2152  [ C755AE4635457AA2A11F79C0DF857ABC ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:34:56.0755 2152  LSI_SAS - ok
18:34:56.0790 2152  [ ADAC09CBE7A2040B7F68B5E5C9A75141 ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:34:56.0816 2152  LSI_SAS2 - ok
18:34:56.0884 2152  [ 04D1274BB9BBCCF12BD12374002AA191 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:34:56.0886 2152  LSI_SAS3 - ok
18:34:56.0947 2152  [ 327469EEF3833D0C584B7E88A76AEC0C ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:34:56.0953 2152  LSI_SSS - ok
18:34:57.0024 2152  [ 9A7A7E45DAED2E8C2816716D8D28236A ] LSM             C:\WINDOWS\System32\lsm.dll
18:34:57.0033 2152  LSM - ok
18:34:57.0065 2152  [ DDEE191AB32DFC22C6465002ECDF5EE4 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:34:57.0070 2152  luafv - ok
18:34:57.0116 2152  [ EB5C03A070F30D64A6DF80E53B22F53F ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:34:57.0118 2152  megasas - ok
18:34:57.0152 2152  [ F6F13533196DE7A582D422B0241E4363 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
18:34:57.0172 2152  megasr - ok
18:34:57.0234 2152  [ 4C5179DB61B9E14BEC15CDC4B152B2E9 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:34:57.0239 2152  MMCSS - ok
18:34:57.0276 2152  [ 8B38C44F69259987C95135C9627E2378 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:34:57.0292 2152  Modem - ok
18:34:57.0320 2152  [ 601589000CC90F0DF8DA2CC254A3CCC9 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:34:57.0323 2152  monitor - ok
18:34:57.0365 2152  [ 08374E4E5B8914DE6067CBA99F61E930 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:34:57.0365 2152  mouclass - ok
18:34:57.0396 2152  [ 5FCBAB60598AE119E02B4C27DE6B99EA ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:34:57.0396 2152  mouhid - ok
18:34:57.0443 2152  [ 9A788037D768809DFD677F4BA08A224A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:34:57.0459 2152  mountmgr - ok
18:34:57.0553 2152  [ 5961C5D8EDD2E2A3B99F1782AE1AC21F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:34:57.0568 2152  MozillaMaintenance - ok
18:34:57.0646 2152  [ 6FC047578785B0435F4E2660946D1ADC ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:34:57.0646 2152  mpsdrv - ok
18:34:57.0693 2152  [ C18AA14126ADC66478E8E962B2DFAA98 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:34:57.0709 2152  MpsSvc - ok
18:34:57.0787 2152  [ D2AC8F07995CE6CD18848C129435B481 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:34:57.0787 2152  MRxDAV - ok
18:34:57.0818 2152  [ 61000E7155E92342D0D5338CE05D102A ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:34:57.0834 2152  mrxsmb - ok
18:34:57.0928 2152  [ BCBD64220AD85C26823453FF1DC3EFBD ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:34:57.0928 2152  mrxsmb10 - ok
18:34:57.0959 2152  [ B0A106352DEF6D52332EA39E00462EA7 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:34:57.0974 2152  mrxsmb20 - ok
18:34:57.0990 2152  [ F3C060444777A59FC63D920719E43CCD ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:34:57.0990 2152  MsBridge - ok
18:34:58.0021 2152  [ 915747E010A9414B069173284A9B93F4 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:34:58.0037 2152  MSDTC - ok
18:34:58.0084 2152  [ D13329FBF8345B28AB30F44CC247DC08 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:34:58.0099 2152  Msfs - ok
18:34:58.0146 2152  [ C6B474E46F9E543B875981ED3FFE6ADD ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:34:58.0146 2152  msgpiowin32 - ok
18:34:58.0178 2152  [ 65C92EB9D08DB5C69F28C7FFD4E84E31 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:34:58.0178 2152  mshidkmdf - ok
18:34:58.0271 2152  [ 52299F086AC2DAFD100DD5DC4A8614BA ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:34:58.0271 2152  mshidumdf - ok
18:34:58.0318 2152  [ 36D92AF3343C3A3E57FEF11C449AEA4C ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:34:58.0318 2152  msisadrv - ok
18:34:58.0381 2152  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:34:58.0396 2152  MSiSCSI - ok
18:34:58.0396 2152  msiserver - ok
18:34:58.0428 2152  [ A9BBBD2BAE6142253B9195E949AC2E8D ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:34:58.0428 2152  MSKSSRV - ok
18:34:58.0474 2152  [ 51B3AC0560848CD6D65AC2033E293113 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:34:58.0490 2152  MsLldp - ok
18:34:58.0506 2152  [ 7B2128EB875DCBC006E6A913211006D6 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:34:58.0521 2152  MSPCLOCK - ok
18:34:58.0553 2152  [ 1E88171579B218115C7A772F8DE04BD8 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:34:58.0553 2152  MSPQM - ok
18:34:58.0615 2152  [ BBE2A455053E63BECBF42C2F9B21FAE0 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:34:58.0631 2152  MsRPC - ok
18:34:58.0662 2152  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:34:58.0662 2152  mssmbios - ok
18:34:58.0678 2152  [ 115019AE01E0EB9C048530D2928AB4A2 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:34:58.0678 2152  MSTEE - ok
18:34:58.0709 2152  [ 96D604A35070360F0DD4A7A8AF410B5E ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:34:58.0709 2152  MTConfig - ok
18:34:58.0756 2152  [ 619CA29326B82372621DB2C0964D8365 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:34:58.0756 2152  Mup - ok
18:34:58.0803 2152  [ B8C35C94DCB2DFEAF03BB42131F2F77F ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:34:58.0803 2152  mvumis - ok
18:34:58.0834 2152  [ 8DF30698BDD9492A9D45A4B94FB4A82A ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:34:58.0849 2152  napagent - ok
18:34:58.0928 2152  [ 008F7CED69FD5B30CBDE1E03C6F36A27 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:34:58.0943 2152  NativeWifiP - ok
18:34:58.0974 2152  [ BFCE1225D10619029E68946929CEB64C ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:34:58.0990 2152  NcaSvc - ok
18:34:59.0068 2152  [ 267C97373110B7AFD3B46DF60B6CBB85 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
18:34:59.0084 2152  NcbService - ok
18:34:59.0115 2152  [ 0813B71EAF097208DC76CE0605B48AF0 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:34:59.0131 2152  NcdAutoSetup - ok
18:34:59.0224 2152  [ 97DC5967F65503213FD1F1B3E4A6F983 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:34:59.0240 2152  NDIS - ok
18:34:59.0271 2152  [ 8CECC8DA55F3274181FD1EA28AD76664 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:34:59.0287 2152  NdisCap - ok
18:34:59.0303 2152  [ 269882812E9A68FFF1AFE1283D428322 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:34:59.0318 2152  NdisImPlatform - ok
18:34:59.0349 2152  [ DC1D9F692C2AD84C214584C28501C1F7 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:34:59.0349 2152  NdisTapi - ok
18:34:59.0396 2152  [ B832B35055BA2B7B4181861FF94D8E59 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:34:59.0396 2152  Ndisuio - ok
18:34:59.0428 2152  [ 1F58E48EF75F34C35D8E93A0DC535CFE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:34:59.0428 2152  NdisVirtualBus - ok
18:34:59.0459 2152  [ DEC29080202D4F9F17F55E18BCFCC41A ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:34:59.0474 2152  NdisWan - ok
18:34:59.0490 2152  [ DEC29080202D4F9F17F55E18BCFCC41A ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:34:59.0490 2152  NdisWanLegacy - ok
18:34:59.0521 2152  [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:34:59.0537 2152  NDProxy - ok
18:34:59.0599 2152  [ 3083926D1CC5B56EA0786527B557DD1B ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:34:59.0599 2152  Ndu - ok
18:34:59.0631 2152  [ 42FF4975D032CAE558AE4BB8448F6E5A ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:34:59.0646 2152  NetBIOS - ok
18:34:59.0678 2152  [ 0217532E19A748F0E5D569307363D5FD ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:34:59.0678 2152  NetBT - ok
18:34:59.0709 2152  [ 382100E75B6F4668AEAEF228C6CEFFAD ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:34:59.0709 2152  Netlogon - ok
18:34:59.0771 2152  [ 8F074B62E66B6117D9598C62A12069C5 ] Netman          C:\WINDOWS\System32\netman.dll
18:34:59.0771 2152  Netman - ok
18:34:59.0818 2152  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:34:59.0834 2152  netprofm - ok
18:35:00.0037 2152  [ 1092B3190E69E0C5ECBCE90F171DE047 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:35:00.0053 2152  NetTcpPortSharing - ok
18:35:00.0131 2152  [ D4DCE03870314D3354F3501F9DDD4123 ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
18:35:00.0131 2152  netvsc - ok
18:35:00.0162 2152  [ E94EB2A95D7D016E119C4D6868788831 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:35:00.0193 2152  NlaSvc - ok
18:35:00.0271 2152  [ 8F44A2F57C9F1A19AC9C6288C10FB351 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:35:00.0271 2152  Npfs - ok
18:35:00.0318 2152  [ CBDB4F0871C88DF930FC0E8588CA67FC ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:35:00.0318 2152  npsvctrig - ok
18:35:00.0381 2152  [ 0F12A72A753CFD7FB0631EE8D08FE983 ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:35:00.0396 2152  nsi - ok
18:35:00.0443 2152  [ 0E046FF5823B95326D10CF1B4AF23541 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:35:00.0443 2152  nsiproxy - ok
18:35:00.0568 2152  [ 9980B262DBE439AE6BDC91AA985F19EE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:35:00.0615 2152  Ntfs - ok
18:35:00.0709 2152  [ EF1B290FC9F0E47CC0B537292BEE5904 ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:35:00.0709 2152  Null - ok
18:35:00.0740 2152  [ BC6B5942AFF25EBAF62DE43C3807EDF8 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:35:00.0740 2152  nvraid - ok
18:35:00.0771 2152  [ 1F43ABFFAC3D6CA356851D517392966E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:35:00.0771 2152  nvstor - ok
18:35:00.0818 2152  [ 6934A936A7369DFE37B7DBA93F5E5E49 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:35:00.0834 2152  nv_agp - ok
18:35:00.0881 2152  [ 26657F3B4F39A0E64AF859278B599C4E ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:35:00.0896 2152  p2pimsvc - ok
18:35:00.0959 2152  [ FD8F61F0D1F64BBB3D835F39A3F979C9 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:35:00.0959 2152  p2psvc - ok
18:35:01.0037 2152  [ 764B1121867B2D9B31C491668AC72B2B ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:35:01.0037 2152  Parport - ok
18:35:01.0084 2152  [ BAFF6122CFC9F95CA175AD8C348179A4 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:35:01.0099 2152  partmgr - ok
18:35:01.0162 2152  [ ABE95ABE27A8BD9701782BBCD82C9925 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:35:01.0193 2152  PcaSvc - ok
18:35:01.0271 2152  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4 ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:35:01.0287 2152  pci - ok
18:35:01.0318 2152  [ 346E38FCC6859A727DD28AFAD1F0AFF4 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:35:01.0318 2152  pciide - ok
18:35:01.0381 2152  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:35:01.0381 2152  pcmcia - ok
18:35:01.0396 2152  [ BF28771D1436C88BE1D297D3098B0F7D ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:35:01.0412 2152  pcw - ok
18:35:01.0474 2152  [ ED54A75050211DC77F9B98C41E026858 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:35:01.0474 2152  pdc - ok
18:35:01.0537 2152  [ 0ECEE590F2E2EF969FB74A6FC583A1E6 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:35:01.0537 2152  PEAUTH - ok
18:35:01.0990 2152  [ 8E3C640FFF5A963F570233AE99C0FFF3 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:35:02.0006 2152  PerfHost - ok
18:35:02.0162 2152  [ 70B39E7241F750A248798CE82C44596D ] pla             C:\WINDOWS\system32\pla.dll
18:35:02.0193 2152  pla - ok
18:35:02.0240 2152  [ 2C02AFF8383D893F8DBEB07A84F6E77C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:35:02.0256 2152  PlugPlay - ok
18:35:02.0287 2152  [ 4570F8A37D221660F3A09D6F4DD4BA94 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:35:02.0303 2152  PNRPAutoReg - ok
18:35:02.0334 2152  [ 26657F3B4F39A0E64AF859278B599C4E ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:35:02.0349 2152  PNRPsvc - ok
18:35:02.0396 2152  [ BDD52AB4AEBB8B1904568DBD0CCB70CB ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:35:02.0412 2152  PolicyAgent - ok
18:35:02.0459 2152  [ C8DD82C3035E60D671B8CC5DF128D3A9 ] Power           C:\WINDOWS\system32\umpo.dll
18:35:02.0474 2152  Power - ok
18:35:02.0709 2152  [ 3C96A45CA3403A276B0F045C448EC27B ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:35:02.0818 2152  PrintNotify - ok
18:35:02.0896 2152  [ ECD373F9571C745894367CC2635EA44F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:35:02.0912 2152  Processor - ok
18:35:02.0943 2152  [ 6E409D818C6B342544EAE741B1422B85 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:35:02.0943 2152  ProfSvc - ok
18:35:02.0990 2152  [ FC0141B4A5AD6D637D883C1A89FC45C5 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:35:03.0006 2152  Psched - ok
18:35:03.0053 2152  [ 32812415CE18075BF98BC9A43E26E234 ] ptumlcmsvc      C:\Windows\system32\ptumlcmsvc64.exe
18:35:03.0053 2152  ptumlcmsvc - ok
18:35:03.0099 2152  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:35:03.0115 2152  QWAVE - ok
18:35:03.0162 2152  [ 83868EB2924E6BC21A54337C65D614D1 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:35:03.0162 2152  QWAVEdrv - ok
18:35:03.0256 2152  [ 16327C2B25A82ABD16F92DD72B26489D ] RadeonPro Support Service C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
18:35:03.0256 2152  RadeonPro Support Service - ok
18:35:03.0303 2152  [ B337B1F1E82A83E20A1743E008E25C0F ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:35:03.0303 2152  RasAcd - ok
18:35:03.0381 2152  [ 044638489B4A5FE5334F46C5314A0826 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:35:03.0490 2152  RasAuto - ok
18:35:03.0553 2152  [ F83B38FCD4F69157B3D158433FA149CC ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:35:03.0568 2152  RasMan - ok
18:35:03.0615 2152  [ 5247F308C4103CDC4FE12AE1D235800A ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:35:03.0615 2152  RasPppoe - ok
18:35:03.0678 2152  [ 41F631007A158FEBB67F0E2AD1601BBA ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
18:35:03.0678 2152  RasSstp - ok
18:35:03.0724 2152  [ A1A5E79C0D1352AFDC08328A623DA051 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:35:03.0724 2152  rdbss - ok
18:35:03.0771 2152  [ 6B21EBF892CD8CACB71669B35AB5DE32 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:35:03.0771 2152  rdpbus - ok
18:35:03.0803 2152  [ 680C1DAE268B6FB67FA21B389A8B79EF ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:35:03.0803 2152  RDPDR - ok
18:35:03.0865 2152  [ BC8A79C625568DDB7DCA49D0C2741A64 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:35:03.0865 2152  RdpVideoMiniport - ok
18:35:03.0896 2152  [ A26AEC49F318FEE141DDDB2C5F99B3E6 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:35:03.0896 2152  rdyboost - ok
18:35:03.0959 2152  [ 615DFD97DEA56CE1C3A52185A3038FF8 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
18:35:03.0974 2152  ReFS - ok
18:35:04.0053 2152  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:35:04.0068 2152  RemoteAccess - ok
18:35:04.0099 2152  [ AC8785B53F8436058C90450DA1840AE7 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:35:04.0115 2152  RemoteRegistry - ok
18:35:04.0178 2152  [ 65B9FDE300A6DECC03BA44C4616DCAD6 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:35:04.0178 2152  RpcEptMapper - ok
18:35:04.0240 2152  [ A737B433ABAF3F2DCB2BD7B4CC582B26 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:35:04.0240 2152  RpcLocator - ok
18:35:04.0318 2152  [ A6F17C299A03BAFEFB9257C462A19E00 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:35:04.0349 2152  RpcSs - ok
18:35:04.0396 2152  [ 6737F13C9CDC0C76BBBCD382E5B3B507 ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
18:35:04.0412 2152  RSP2STOR - ok
18:35:04.0443 2152  [ 2D05A5508F4685412F2B89E8C2189ABC ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:35:04.0459 2152  rspndr - ok
18:35:04.0521 2152  [ 19764658C1468C2C0CEF133D28414A6B ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:35:04.0521 2152  RTL8168 - ok
18:35:04.0553 2152  [ 1A063730F221B2746FF00457AE17E4F0 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:35:04.0568 2152  s3cap - ok
18:35:04.0584 2152  [ 382100E75B6F4668AEAEF228C6CEFFAD ] SamSs           C:\WINDOWS\system32\lsass.exe
18:35:04.0584 2152  SamSs - ok
18:35:04.0646 2152  [ C624A1B32211C3166EDB3F4AB02A30B7 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:35:04.0662 2152  sbp2port - ok
18:35:04.0709 2152  [ 74A3B67F03877D06B09B1B40C5ED582E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:35:04.0709 2152  SCardSvr - ok
18:35:04.0787 2152  [ 8B9C4D55B4A536FB01C360DDB9533574 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
18:35:04.0803 2152  ScDeviceEnum - ok
18:35:04.0881 2152  [ 13BEA6C882D4D877A5A85CA149C86BC1 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:35:04.0881 2152  scfilter - ok
18:35:04.0959 2152  [ 3151A020E03DDE31AAC49F35C5EFB4DB ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:35:04.0990 2152  Schedule - ok
18:35:05.0052 2152  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:35:05.0052 2152  SCPolicySvc - ok
18:35:05.0131 2152  [ C54B6B2170BF628FD42F799A66956D75 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:35:05.0146 2152  sdbus - ok
18:35:05.0209 2152  [ 0B1E929D11A8E358106955603FAC65E8 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:35:05.0209 2152  sdstor - ok
18:35:05.0287 2152  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:35:05.0287 2152  secdrv - ok
18:35:05.0349 2152  [ BA24CEA7152239F42ECD04AFB7C89D24 ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:35:05.0365 2152  seclogon - ok
18:35:05.0396 2152  [ 81FE9A81EDF8016816C9E91FBFBF7D35 ] SENS            C:\WINDOWS\System32\sens.dll
18:35:05.0396 2152  SENS - ok
18:35:05.0443 2152  [ 6E4012AE67F09F867EF620C8D5524C0B ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:35:05.0459 2152  SensrSvc - ok
18:35:05.0537 2152  [ DB2FF24CE0BDD15FE75870AFE312BA89 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:35:05.0553 2152  SerCx - ok
18:35:05.0584 2152  [ 0044B31F93946D5D41982314381FE431 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
18:35:05.0584 2152  SerCx2 - ok
18:35:05.0615 2152  [ 3CD600C089C1251BEEB4CD4CD5164F9E ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:35:05.0615 2152  Serenum - ok
18:35:05.0646 2152  [ D864381BC9C725FAB01D94C060660166 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:35:05.0646 2152  Serial - ok
18:35:05.0693 2152  [ 148195AE95D9BC7375A08846439FDAC1 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:35:05.0693 2152  sermouse - ok
18:35:05.0771 2152  [ 3A2F1A7472C3B7CC9B89C8516C726488 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:35:05.0803 2152  SessionEnv - ok
18:35:05.0849 2152  [ 472B7A5AC181C050888DB454663DD764 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:35:05.0849 2152  sfloppy - ok
18:35:05.0928 2152  [ 8081FF3DAE8159FE8956B09BC29CE983 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:35:05.0943 2152  SharedAccess - ok
18:35:06.0099 2152  [ 7FD9A61A3523A61FC135D61D6E160314 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:35:06.0115 2152  ShellHWDetection - ok
18:35:06.0146 2152  [ 2F518D13DD6F3053837FE606F1A2EA1F ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:35:06.0146 2152  SiSRaid2 - ok
18:35:06.0193 2152  [ 1AC9A200A9C49C4508F04AAFFCA34A3F ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:35:06.0209 2152  SiSRaid4 - ok
18:35:06.0303 2152  [ 52F7E8603E888E3DB0A8B3D1804098E9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:35:06.0318 2152  SkypeUpdate - ok
18:35:06.0349 2152  [ AF5CC3F9B88F140D78FC967ABF0F4EC7 ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
18:35:06.0349 2152  SmbDrv - ok
18:35:06.0381 2152  [ 19555D03CB179BED8B8AAA239A36BDA4 ] SmbDrvI         C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys
18:35:06.0396 2152  SmbDrvI - ok
18:35:06.0459 2152  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3 ] smphost         C:\WINDOWS\System32\smphost.dll
18:35:06.0474 2152  smphost - ok
18:35:06.0537 2152  [ D0EB0DF8C603BBA084351A92732B1CBE ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:35:06.0553 2152  SNMPTRAP - ok
18:35:06.0646 2152  [ B45AE0970B2D66CCE756DE6989E23EEC ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:35:06.0662 2152  spaceport - ok
18:35:06.0724 2152  [ F337BE11071818FC3F5DC2940B6BDE34 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:35:06.0724 2152  SpbCx - ok
18:35:06.0771 2152  [ 2E3976C857D7230EC8D2B2276E688255 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:35:06.0787 2152  Spooler - ok
18:35:07.0084 2152  [ 46549AF7CB672BC8138264CC4100E9F8 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:35:07.0209 2152  sppsvc - ok
18:35:07.0287 2152  [ 8003E034E3EA0E29DA54215A770FC27C ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:35:07.0303 2152  srv - ok
18:35:07.0381 2152  [ 00D8AC8E3053290BDE6EA2FB6810D2FC ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:35:07.0396 2152  srv2 - ok
18:35:07.0443 2152  [ D047CD668E6277FD80F0C613946F034C ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:35:07.0443 2152  srvnet - ok
18:35:07.0506 2152  [ CF6C3037839CF78421A94F9060C2886F ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:35:07.0521 2152  SSDPSRV - ok
18:35:07.0553 2152  [ 198A737DBA666F4808D62E9A8277A6B7 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:35:07.0553 2152  SstpSvc - ok
18:35:07.0803 2152  [ 00148D28F32FD6A966347FA470A0630D ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
18:35:07.0803 2152  STacSV - ok
18:35:08.0006 2152  [ 3CD16D86B5D613D5BDA9CEDA4DDA4216 ] StartMenuService C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
18:35:08.0006 2152  StartMenuService - ok
18:35:08.0037 2152  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:35:08.0037 2152  stexstor - ok
18:35:08.0084 2152  [ 2A560BCECE25A62075AB13F7BFF4D9EF ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
18:35:08.0084 2152  STHDA - ok
18:35:08.0193 2152  [ 63E9CE568CF1192771A5F0460DE7D2B9 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:35:08.0224 2152  stisvc - ok
18:35:08.0240 2152  [ 0ED2E318ABB68C1A35A8B8038BDB4C90 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:35:08.0256 2152  storahci - ok
18:35:08.0287 2152  [ 8B9486B64E5FC17FB9CC04CA10B77A34 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
18:35:08.0287 2152  storflt - ok
18:35:08.0349 2152  [ 6B06E2D11E604BE2B1A406C4CB3B90DE ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
18:35:08.0349 2152  stornvme - ok
18:35:08.0396 2152  [ A45F5AC9D8069D0EC66E3CA73103073B ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:35:08.0412 2152  StorSvc - ok
18:35:08.0443 2152  [ 548759755BC73DAD663250239D7E0B9F ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:35:08.0459 2152  storvsc - ok
18:35:08.0490 2152  [ E395BE02F80A79A6CF973BA38DBB8135 ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:35:08.0506 2152  svsvc - ok
18:35:08.0584 2152  [ 65454187E0F8B6C0DCECB0287D06EC43 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:35:08.0599 2152  swenum - ok
18:35:08.0662 2152  [ 1C71D72D4997A284128FBEE770726330 ] swprv           C:\WINDOWS\System32\swprv.dll
18:35:08.0693 2152  swprv - ok
18:35:08.0740 2152  [ 1C9BC67929C728DED1091CA19C3F7D41 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:35:08.0756 2152  SynTP - ok
18:35:08.0865 2152  [ 7E85DB0463AD2403AE84AD162B162279 ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:35:08.0881 2152  SysMain - ok
18:35:08.0927 2152  [ D73DBBB96CEE90C2856164AAD8543425 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:35:08.0943 2152  SystemEventsBroker - ok
18:35:09.0021 2152  [ D6A71B95ACF71ACA63B67232059F1BCD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:35:09.0068 2152  TabletInputService - ok
18:35:09.0115 2152  [ 5A5BAB1CA9621E73E25EE4744B67CDA6 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:35:09.0146 2152  TapiSrv - ok
18:35:09.0271 2152  [ 746DDF7D59AB8D721C88D48434597E8D ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:35:09.0334 2152  Tcpip - ok
18:35:09.0396 2152  [ 746DDF7D59AB8D721C88D48434597E8D ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:35:09.0428 2152  TCPIP6 - ok
18:35:09.0474 2152  [ 41CF802064F72E55F50CA0A221FD36D4 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:35:09.0474 2152  tcpipreg - ok
18:35:09.0537 2152  [ FFF28F9F6823EB1756C60F1649560BBF ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:35:09.0553 2152  tdx - ok
18:35:09.0568 2152  [ 232D185D2337F141311D0CF1983E1431 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:35:09.0568 2152  terminpt - ok
18:35:09.0662 2152  [ C50997E282576DA492EBA66B059D4196 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:35:09.0693 2152  TermService - ok
18:35:09.0724 2152  [ 2180DBCE75B914E5E5BBFFFAAE97AA21 ] Themes          C:\WINDOWS\system32\themeservice.dll
18:35:09.0724 2152  Themes - ok
18:35:09.0771 2152  [ 4C5179DB61B9E14BEC15CDC4B152B2E9 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:35:09.0787 2152  THREADORDER - ok
18:35:09.0865 2152  [ B5ED9CC61798C7D44BD535D40B89EFB5 ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:35:09.0865 2152  TimeBroker - ok
18:35:09.0959 2152  [ 80A2FC1A089A71F2DBE5D8394FFB009F ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:35:09.0974 2152  TPM - ok
18:35:10.0021 2152  [ 884113C2BB703FE806C8608B75F34831 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:35:10.0037 2152  TrkWks - ok
18:35:10.0131 2152  [ 44A94FB4C76528D2382FFE04B05827C3 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:35:10.0131 2152  TrustedInstaller - ok
18:35:10.0178 2152  [ BF8F54CA37E9C9D6582C31C5761F8C93 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:35:10.0193 2152  TsUsbFlt - ok
18:35:10.0256 2152  [ 20185BEB7512EDE4EFECDFA148AC9F99 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:35:10.0256 2152  TsUsbGD - ok
18:35:10.0303 2152  [ E85916632CD3B9E9B546968DB950BF42 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:35:10.0303 2152  tunnel - ok
18:35:10.0349 2152  [ F6EEAD052943B5A3104C1405BB856C54 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:35:10.0349 2152  uagp35 - ok
18:35:10.0412 2152  [ FE6067B1FD4E63650C667B33D080565B ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:35:10.0428 2152  UASPStor - ok
18:35:10.0521 2152  [ 807F8CF3E973305FC435C61CBBEE2A49 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:35:10.0521 2152  UCX01000 - ok
18:35:10.0568 2152  [ C61EAF8E1E4B2F62BA4FDF457440B2C6 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:35:10.0584 2152  udfs - ok
18:35:10.0615 2152  [ 9578691F297E1B1F519970FE6D47CB21 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
18:35:10.0615 2152  UEFI - ok
18:35:10.0662 2152  [ A867F0F978EE64C87FADC3B100869EE4 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:35:10.0662 2152  UI0Detect - ok
18:35:10.0709 2152  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:35:10.0709 2152  uliagpkx - ok
18:35:10.0771 2152  [ DA34C39A18E60E7C3FA0630566408034 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:35:10.0771 2152  umbus - ok
18:35:10.0865 2152  [ AE8294875E5446E359B1E8035D40C05E ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:35:10.0865 2152  UmPass - ok
18:35:10.0928 2152  [ A023F267A262D5DA6CE1436D9C5E8FD9 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:35:10.0959 2152  UmRdpService - ok
18:35:11.0006 2152  [ C98493DD8E6A50154FAC75C15E1C36BB ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:35:11.0021 2152  upnphost - ok
18:35:11.0131 2152  [ FF78D053A05E5A394F4E3C1816CC65A8 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:35:11.0131 2152  usbccgp - ok
18:35:11.0209 2152  [ 0139248F6B95CF0D837B5B46A2722D40 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:35:11.0224 2152  usbcir - ok
18:35:11.0256 2152  [ C996CBEF922B5653A01E3F50DDCE2F86 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:35:11.0256 2152  usbehci - ok
18:35:11.0303 2152  [ 504901430B6E03B99EBB6BF26E0868C6 ] usbfilter       C:\WINDOWS\system32\DRIVERS\usbfilter.sys
18:35:11.0303 2152  usbfilter - ok
18:35:11.0381 2152  [ CD81683F4553677B9BF5163A922153EB ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:35:11.0396 2152  usbhub - ok
18:35:11.0443 2152  [ 5C90D5379B53590FBB24BBAD4FA682EE ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:35:11.0459 2152  USBHUB3 - ok
18:35:11.0537 2152  [ A0F0484C97D6441ED6A75D7426ECCC9E ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:35:11.0537 2152  usbohci - ok
18:35:11.0568 2152  [ 4D655E3B684BE9B0F7FFD8A2935C348C ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:35:11.0568 2152  usbprint - ok
18:35:11.0662 2152  [ 66732C13628BDB1AB0D6FD46027327C2 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:35:11.0678 2152  USBSTOR - ok
18:35:11.0724 2152  [ FC974B03C8B87455F44F734C8F31A3C8 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:35:11.0724 2152  usbuhci - ok
18:35:11.0834 2152  [ 5C8F604F6DC74177CDD8372D7B1ADFF0 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:35:11.0849 2152  usbvideo - ok
18:35:11.0896 2152  [ 44603DA5A87FB491EF59C889EBBB4DDB ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:35:11.0912 2152  USBXHCI - ok
18:35:11.0928 2152  [ 382100E75B6F4668AEAEF228C6CEFFAD ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:35:11.0928 2152  VaultSvc - ok
18:35:11.0990 2152  [ FEB26E3B8345A7E8D62F945C4AE86562 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:35:12.0006 2152  vdrvroot - ok
18:35:12.0100 2152  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A ] vds             C:\WINDOWS\System32\vds.exe
18:35:12.0131 2152  vds - ok
18:35:12.0178 2152  [ A026EDEAA5EECAE0B08E2748B616D4BD ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:35:12.0178 2152  VerifierExt - ok
18:35:12.0224 2152  [ 34CAF69BF4166AB40BFF0ED068FF6F91 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:35:12.0240 2152  vhdmp - ok
18:35:12.0287 2152  [ 06D38968028E9AB19DE9B618C7B6D199 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:35:12.0287 2152  viaide - ok
18:35:12.0365 2152  [ 511AD3FF957A0127E6BD336FF6F89C38 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:35:12.0365 2152  vmbus - ok
18:35:12.0381 2152  [ DA40BEA0A863CE768C940CA9723BF81F ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:35:12.0381 2152  VMBusHID - ok
18:35:12.0459 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:35:12.0490 2152  vmicguestinterface - ok
18:35:12.0521 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:35:12.0521 2152  vmicheartbeat - ok
18:35:12.0553 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:35:12.0568 2152  vmickvpexchange - ok
18:35:12.0631 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:35:12.0646 2152  vmicrdv - ok
18:35:12.0693 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:35:12.0709 2152  vmicshutdown - ok
18:35:12.0724 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:35:12.0740 2152  vmictimesync - ok
18:35:12.0756 2152  [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:35:12.0771 2152  vmicvss - ok
18:35:12.0834 2152  [ 55D7D963DE85162F1C49721E502F9744 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:35:12.0849 2152  volmgr - ok
18:35:12.0865 2152  [ CCB9E901F7254BF96D28EB1B0E5329B7 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:35:12.0881 2152  volmgrx - ok
18:35:12.0943 2152  [ D537962695CAFEC1301F3EB7C8C3A1D2 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:35:12.0959 2152  volsnap - ok
18:35:13.0053 2152  [ EF31713EE4C7CCFE4049F7E7F15645A2 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:35:13.0068 2152  vpci - ok
18:35:13.0115 2152  [ 4539F45F9F4C9757A86A56C949421E07 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:35:13.0131 2152  vsmraid - ok
18:35:13.0224 2152  [ 3B7F9612439EA47151EC5EAB232C1C3F ] VSS             C:\WINDOWS\system32\vssvc.exe
18:35:13.0256 2152  VSS - ok
18:35:13.0302 2152  [ 0849B7260F26FE05EA56DED0672E2F4B ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:35:13.0318 2152  VSTXRAID - ok
18:35:13.0428 2152  [ BE970C369E43B509C1EDA2B8FA7CECB0 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:35:13.0443 2152  vwifibus - ok
18:35:13.0474 2152  [ 35BF5C5F5E3C9902C98978C7640574DA ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:35:13.0474 2152  vwififlt - ok
18:35:13.0506 2152  [ 65ED7B9CFEA893DF7748D5FF692690DE ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:35:13.0506 2152  vwifimp - ok
18:35:13.0584 2152  [ DC821E811EFBB65CDD77FBB8B6ECA385 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:35:13.0600 2152  W32Time - ok
18:35:13.0787 2152  [ A22546B0093EBBDE03C52E56C3391373 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
18:35:13.0802 2152  w3logsvc - ok
18:35:13.0850 2152  [ 0910AB9ED404C1434E2D0376C2AD5D8B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:35:13.0850 2152  WacomPen - ok
18:35:13.0959 2152  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:35:13.0974 2152  WAS - ok
18:35:14.0053 2152  [ 139D842E5FB75A1E2F0212FBD7B0E457 ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:35:14.0146 2152  wbengine - ok
18:35:14.0224 2152  [ 0F1DFA2FED73FA78B8C3CDE332A870F6 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:35:14.0240 2152  WbioSrvc - ok
18:35:14.0287 2152  [ 0EAEC313B24837613621B4A2536ED382 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:35:14.0303 2152  Wcmsvc - ok
18:35:14.0365 2152  [ F6B4C2280FF7C7156AC8A4687B9DA35E ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:35:14.0381 2152  wcncsvc - ok
18:35:14.0443 2152  [ B7BF1D783F5B2484E8CE1C0C78257F16 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:35:14.0459 2152  WcsPlugInService - ok
18:35:14.0506 2152  [ 81285DDC994F03379DB46419300B2DCB ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:35:14.0506 2152  WdBoot - ok
18:35:14.0537 2152  [ CB6C63FF8342B467E2EF76E98D5B934D ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:35:14.0553 2152  Wdf01000 - ok
18:35:14.0568 2152  [ 26B8FED3F3B85F5F0C4BD03FD00B9941 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:35:14.0631 2152  WdFilter - ok
18:35:14.0725 2152  [ F581F9C9D6953FABFA24E67105F0B614 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:35:14.0740 2152  WdiServiceHost - ok
18:35:14.0771 2152  [ F581F9C9D6953FABFA24E67105F0B614 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:35:14.0771 2152  WdiSystemHost - ok
18:35:14.0834 2152  [ CE67080F00E0AF32755096CEA6430ABA ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:35:14.0849 2152  WdNisDrv - ok
18:35:14.0881 2152  WdNisSvc - ok
18:35:14.0943 2152  [ 40F83492DB9ABBA59773A45FB487C8B2 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:35:14.0974 2152  WebClient - ok
18:35:15.0021 2152  [ 384E1D04FE20845B2559D292F17A9FA1 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:35:15.0021 2152  Wecsvc - ok
18:35:15.0068 2152  [ 455014F4E48B67EBE0F032E2B0E06BF2 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:35:15.0084 2152  WEPHOSTSVC - ok
18:35:15.0178 2152  [ F13DBA57CEA9B7074B95EDCA6AD2635E ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:35:15.0193 2152  wercplsupport - ok
18:35:15.0271 2152  [ FD7E58B6AA3EABF2D12B9762A20E11E4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:35:15.0287 2152  WerSvc - ok
18:35:15.0318 2152  [ 715ABA3DD164D06457A2A3C92F6EA9D5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:35:15.0334 2152  WFPLWFS - ok
18:35:15.0412 2152  [ 8C840E1FD7584E74BD0CC1EA581EC187 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:35:15.0428 2152  WiaRpc - ok
18:35:15.0506 2152  [ 5F66B7BB330AA80067FC66149A692620 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:35:15.0506 2152  WIMMount - ok
18:35:15.0506 2152  WinDefend - ok
18:35:15.0584 2152  [ 10DAD6A7FC617A221313BD584E3C3A00 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:35:15.0584 2152  WinHttpAutoProxySvc - ok
18:35:15.0724 2152  [ FC8BD690321216C32BB58B035B6D5674 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:35:15.0740 2152  Winmgmt - ok
18:35:15.0865 2152  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
18:35:15.0881 2152  WinRing0_1_2_0 - ok
18:35:16.0099 2152  [ 75436315AA383CF527695C6D49D0CA59 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:35:16.0209 2152  WinRM - ok
18:35:16.0287 2152  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13 ] WinUsb          C:\WINDOWS\System32\drivers\WinUSB.SYS
18:35:16.0303 2152  WinUsb - ok
18:35:16.0365 2152  [ 4F2A80D65AE6F845776E2F06AE6782ED ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
18:35:16.0381 2152  WirelessButtonDriver - ok
18:35:16.0584 2152  [ DC079BA8390089E4EBCA63D27EEA3ECB ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:35:16.0615 2152  WlanSvc - ok
18:35:16.0803 2152  [ 06BF5897949A8F24893F792E876B71F5 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:35:16.0834 2152  wlidsvc - ok
18:35:16.0943 2152  [ 2834D9D3B4F554A39C72F00EA3F0E128 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:35:16.0959 2152  WmiAcpi - ok
18:35:17.0037 2152  [ B96F7A1236C3F21212DE2C40A3DDB005 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:35:17.0053 2152  wmiApSrv - ok
18:35:17.0131 2152  WMPNetworkSvc - ok
18:35:17.0193 2152  [ 7FC5667DF73D4B04AA457CC3A4180E09 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:35:17.0209 2152  Wof - ok
18:35:17.0428 2152  [ EDFA5CEDBE174FAAA4A09A6B297AEA42 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:35:17.0553 2152  workfolderssvc - ok
18:35:17.0662 2152  [ A2468CC3509394A33C4C32F99563D845 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:35:17.0662 2152  wpcfltr - ok
18:35:17.0771 2152  [ 19F4DF69876DA7E9C4965351560FE6B7 ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:35:17.0787 2152  WPCSvc - ok
18:35:17.0928 2152  [ 2ADE11F3D84709C5F6781E4C59F11683 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:35:17.0928 2152  WPDBusEnum - ok
18:35:18.0084 2152  [ 9F2904B55F6CECCD1A8D986B5CE2609A ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:35:18.0084 2152  WpdUpFltr - ok
18:35:18.0146 2152  [ AE072B0339D0A18E455DC21666CAD572 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:35:18.0146 2152  ws2ifsl - ok
18:35:18.0318 2152  [ 501D5EFAB9711039479AE48401386D2B ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:35:18.0334 2152  wscsvc - ok
18:35:18.0349 2152  WSearch - ok
18:35:18.0834 2152  [ 6B2D71124C1EA86B74412F414C42431D ] WSService       C:\WINDOWS\System32\WSService.dll
18:35:18.0928 2152  WSService - ok
18:35:19.0224 2152  [ 020F47C655ED1F63BBA834AA53575D5C ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:35:19.0334 2152  wuauserv - ok
18:35:19.0506 2152  [ 481286719402E4BAEFEA0604AB1B5113 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:35:19.0506 2152  WudfPf - ok
18:35:19.0631 2152  [ D7B4859227B02BCC1055B279A63C937F ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:35:19.0646 2152  WUDFRd - ok
18:35:19.0771 2152  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:35:19.0771 2152  wudfsvc - ok
18:35:19.0818 2152  [ D7B4859227B02BCC1055B279A63C937F ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
18:35:19.0834 2152  WUDFWpdFs - ok
18:35:19.0881 2152  [ D7B4859227B02BCC1055B279A63C937F ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
18:35:19.0881 2152  WUDFWpdMtp - ok
18:35:19.0928 2152  [ A0900F8F628B5AF6841414EB3CF11E50 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:35:20.0037 2152  WwanSvc - ok
18:35:20.0084 2152  ================ Scan global ===============================
18:35:20.0271 2152  [ 05B08C20B8428ECE088CB5635696A48D ] C:\WINDOWS\system32\basesrv.dll
18:35:20.0318 2152  [ EAB311B0A7A8EA0346F14F08D4BC8F46 ] C:\WINDOWS\system32\winsrv.dll
18:35:20.0396 2152  [ 3600ED7EA8AED849E20700551C0BD63B ] C:\WINDOWS\system32\sxssrv.dll
18:35:20.0443 2152  [ E0C7813A97CA7947FF5C18A8F3B61A45 ] C:\WINDOWS\system32\services.exe
18:35:20.0459 2152  [Global] - ok
18:35:20.0459 2152  ================ Scan MBR ==================================
18:35:20.0506 2152  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:35:20.0662 2152  \Device\Harddisk0\DR0 - ok
18:35:20.0662 2152  ================ Scan VBR ==================================
18:35:20.0725 2152  [ 8F42959367AED58D194462AA507C615F ] \Device\Harddisk0\DR0\Partition1
18:35:20.0834 2152  \Device\Harddisk0\DR0\Partition1 - ok
18:35:21.0006 2152  [ F9346BB4385351192D84CA7072E62157 ] \Device\Harddisk0\DR0\Partition2
18:35:21.0006 2152  \Device\Harddisk0\DR0\Partition2 - ok
18:35:21.0037 2152  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
18:35:21.0068 2152  \Device\Harddisk0\DR0\Partition3 - ok
18:35:21.0131 2152  [ FB304DACB6F4DDF5AEA00877FED37ACD ] \Device\Harddisk0\DR0\Partition4
18:35:21.0146 2152  \Device\Harddisk0\DR0\Partition4 - ok
18:35:21.0225 2152  [ F372DE9EF51DDE4BAB273ABA83894539 ] \Device\Harddisk0\DR0\Partition5
18:35:21.0287 2152  \Device\Harddisk0\DR0\Partition5 - ok
18:35:21.0349 2152  [ E1CF300B3165879C17F8D3DE22F343E9 ] \Device\Harddisk0\DR0\Partition6
18:35:21.0443 2152  \Device\Harddisk0\DR0\Partition6 - ok
18:35:21.0443 2152  ============================================================
18:35:21.0443 2152  Scan finished
18:35:21.0443 2152  ============================================================
18:35:21.0474 1548  Detected object count: 0
18:35:21.0474 1548  Actual detected object count: 0
18:35:48.0850 4284  Deinitialize success







---------------------------------------------------------------


the sfc scan says Windows Resource Protection found corrupt files but was unable to fix, the log shows this "        1 file(s) copied."


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users